Untangle Not a Tangle At All
One of the best uses for Linux is special-purpose, tightly managed distributions for a single purpose, and Untangle has created one of the most impressive applications of this principle. The Untangle Gateway bundles together a list of applications that even seasoned sysadmins couldn't install and effectively manage in a timely manner. We've been playing with the Untangle Network Gateway for a few months, and we must say: "well done."
As the official name indicates, The Open Source Network Gateway, is open source. As with most commercial open source offerings, you must buy the Professional Package to get some features, but surprisingly few. All of the core functionality is included in the OSS version; enterprise management goodies augment the product for the Professional Package offering.
The excellent list of bundled software (features) includes:
- Web Filter and Phishing Blocker
- Spam/Virus Blocking
The interesting thing about the Untangle Gateway is that it doesn't require anything but itself. Let's say you'd like to implement spam filtering. This generally involves installing and maintaining many applications on every mail server. The Untangle Gateway sits at your border and transparently scans incoming e-mail for spam, intervening as it's configured to. Most of Untangle's applications work this way, and since Untangle is routing all your traffic, it can pull off some neat tricks.
E-mail, for example, is scanned by SpamAssassin, which includes the use of real-time blacklists. Spam may be marked as such by modifying the subject line, and it can also be returned, dropped, or even quarantined based on specific thresholds. SpamAssassin itself is very powerful, but running it effectively requires specific technical knowledge. Untangle, ahem, untangles the mess people often find themselves in when configuring such software.
Web filtering, phish blocking, and virus scanning are all similar. ClamAV is used to detect viruses (via user downloads or e-mail) and phishing e-mails, while the Web filters rely on URL blocklists of known-evil sites. Again, Untangle is uniquely poised to protect more than just e-mail: it can be configured to scan all HTTP traffic for malicious downloads.
On the networking front, Untangle provides an excellent GUI configuration tool for IPtables. You don't really know you're messing with firewall rules, as the configuration tool (in Basic mode) presents you with intuitive and easy-to-use settings. If you deem P2P bad for your company, you can simply tell Untangle to disallow it. Protocol Control, as it's called, uses L7-Filter Netfilters to classify network traffic; very effectively, we might add. Untangle also uses Snort for IPS with a nice configuration frontend.
Untangle is not just a well-done bundled Linux distro, however: there's plenty of proprietary technology in there. Most importantly, the DoS Attack Blocker. Untangle has created a system for classifying network traffic, and subsequently blocking evildoers. It can sanitize network traffic and filter well-known attacks, as well as keep track of who sent them. After a certain threshold is reached, an attacker is denied further access to the network. It doesn't really stop a DoS as advertised, since a UDP flood could saturate one's Internet link regardless of how fast Untangle discards packets, but that's just being nitpicky. One thing we'd really like to see is a more fully-integrated solution based around this reputation-based system. The network attack blocker would ideally take input from other components, especially the spam filters, and automatically deny access to anyone that repeatedly sends spam. The URL and spam blacklists just don't update as quickly as the gateway itself could react.