Skip to content. | Skip to navigation

IT Virtualization Blog

Personal tools

This is SunRain Plone Theme
You are here: Home / Users / lmarzke / talks / PLUG_UTM

Endian Unified Threat Management

by lmarzke last modified Jul 07, 2010 04:39 PM
Introduction/Demo to Endian UTM

Lee Marzke  (4AERO.com)

Infrastructure Consultant:

  • Software Development organizations
    • Specialize in SCM, Process, PM, Tools
    • Just Enough Agile

  • Virtualization (VMware,  NetAPP SAN )
    • 2 to 200 hosts

 

Endian Unified Threat Management ( UTM )

  • UTM Components
    • Security 
    • Filtering
    • Network Services

  • Form Factor
    • Software Appliance
    • Hardware Appliance

Unified Threat Management is:      (1)

  • Consolidated Security
    • Multi-zone Firewall / Proxy (HTTP, FTP, SMTP, DNS)
    • Web and Email AV
    • Intrusion Detection (SNORT in-line)
    • OpenVPN
  • Filtering
    • URL, Content , Attachment Filtering
    • Email Anti-Spam,  Bayesian Learning Filter

Unified Threat Management is:      (2)

  • Network Services
    • DHCP, DNS, Time, QoS
  • Misc Services
    • Dynamic DNS
    • NTOP traffic monitor
    • * Hotspot / radius server

pfSense, IPCOP, Smoothwall  -vs-  UTM


Security  <----------->  Administration Cost

One server per job  <--->    Combined Functions

Minimal Functions  <--->   More Functions

 

  • You could also argue that more security functions for the same budget gives you more security.

Endian (Bolzano,  Italy)

  • Open Source (community) software appliance
  • Virtual Firewall Appliance (VM)
  • HW Appliances
  • Commercial software appliance w/ support
  • Network Portal for managing devices on support
  • Hardware Appliances 10 - 2500 users

Firewall Architecture

4 zones (Red/Orange/Green/Blue) + VPN (purple) zone

Endian Multizone Firewall

UTM at 4AERO

Netvista frontNetvista front

Web GUI (1)

Dashboard

  • Network Interface(s) and Status
  • Hardware Status (RRD)
  • current traffic graphs (RRD)

Web GUI (1a)

Endian Dashboard

 

Web GUI (2)  - Status Connections

Status - Connections

 

Web GUI (2a)  Status HW RRD Graphs

Status HW RRD graph

 

Web GUI (2b)   Status Traffic RRD Graphs

Status Traffic RRD graph

 

Web GUI (3)  Network Hosts

Network Hosts

Web GUI 4 Services DHCP fixed leases

Network Firewall forwards

Web GUI (4a) Services IDS (Snort in-line)

Services IDS

Web GUI 5 Firewall OUT

Network Firewall OUT

Web GUI 5a Firewall port forwards

Network Firewall forwards

Web GUI 5b Firewall Interzone

Network Firewall forwards

Web GUI 6 Proxy HTTP

ProxyHTTP

 

Web GUI 6a Proxy HTTP Content Filter

Proxy HTTP Content Filter

 

Web GUI 7  VPN

VPN OpenVPN

Demo System

Lenovo X61 Laptop

  • VMware Workstation
    • Endian UTM VM   -->
                                 Private Network
    • Windows XP (green)    <--

Example Use Cases (1)

Filter Web (HTTP) Traffic

  • HTTP Proxy
    • Modes
      • Manual Proxy setup in Browser
      • Automatic Proxy detection (WPAD, or PAC)
      • Transparent
    • Optional Authentication
      • Internal, AD, Radius
    • Filtering
      • AntiVirus,  URL's,  Content, Attachments

Example Use Cases (2)

Email Filtering

  • POP3 Proxy
    • ( Spam and AV )
  • SMTP Proxy
    • Both Inbound and Outbound filtering
    • ( Spam, AV, Attachments )
  • Bayesian Spam Learning ( Site Wide )
    • SPAM Training Service
      • SPAM folder on IMAP
      • HAM folder on IMAP

Example Use Cases (3)

Prevent client DNS attacks

  • DNS Proxy
    • Rewrite port 53 requests to use Endian specified DNS
    • Redirect known spyware requests
    • Change NS based on domain

Example Use Cases (4)

Internal Hosts ( ~ split DNS )

  • Specify internal IP for external domain names
    • Allows external URL's to work internally.

Example Use Cases (5)

Redundant Uplinks

  • Network/Interfaces/Uplink Editor
  • Network/Routing/Policy Routing

Example Use Cases (6)

Assign Fixed DHCP leases

  • Services/DHCP
  • Advantages of Static,  without the hassle
  • Great for Laptops !

Example Use Cases (7)

Intrusion Detection (Snort)

  • Services/IDS
  • Default is to Warn, Click to Block
  • IDS traffic enabled case-by-case using Firewall Rules

Example Use Cases (8)

Enable Quality of Service (QoS)

  • Services/QoS/Devices
    • Set Uplink/Downlink speeds
  • Classes
    • Default (High, Medium, Low, Bulk ) 
  • Rules
    • Based on MAC, IP, zone,  or TOS

Example Use Cases (9)

Setup OpenVPN

  • Services/VPN/OpenVPN
    • Add user
    • Download cacert.pem to client
    • Install Endian OpenVPN client ( Commerical version only ) -or-
    • Install OpenVPN and scripts as required.

Command Line

  • Serial Console optional ( at install time )

Config Files

  • Normal configuration files
  • /var/efw/  ,  /etc/endian/services

Scripts

  • Endian scripts in /usr/local/bin ( python )

Enterprise Features

* = Not Available in Community

  • Multi-WAN fail-over
  • RAID 1 ( if 2 disks available during install )
  • * High Availability (Hot Spare )
  • * Endian Network ( remote Portal for upgrades, control )

Endian Network

 

 

Open Source -vs- Commercial Support

  • Open Source (Community)
    • Many open-source packages
    • Many menu options
    • Testing / support by community
    • I've found  ~10% of functions broken in new releases
  • Commercial
    • Released after Community 'shake-out'
    • Email support from Endian
    • Production quality

Commercial Pricing

  • Software Subscription - $250+ per year
  • Hardware $750 to $10k +

 

Commercial Demos or Pricing Quotes

  • Contact  lmarzke@4aero.com

Questions

 

 

 

 

 

 

Document Actions