Slashdot Mirror

Untangle Home It is $50 per year for home use, and includes all of the premium features, at a fraction of the cost. Untangle is easily comparable to the other retail security appliance vendors, but it is Much easier to configure. Many of the admins that favor a "lock out everything" mindset do not appreciate Untangle because it does not take that approach. But that makes it easier for the home-gamer to setup and fine tune. There will be a definite learning curve because there are so many more features available. For hardware, I recommend; A barebone headless pc that can be kitted out for $230 or less.

Haven't tried them but:
https://www.oo-software.com/en...

In addition, some domains that can be blackholed on a router/firewall:
https://www.dslreports.com/for...
https://forums.untangle.com/we...

it has your passwords and gives them to anyone on the social networks of people who you allow to access your computer Now if this is true then you can demonstrate to me how such a person can get say my internet banking password. But I already know you can't do that because you're lying and your post is a troll.

Look up wifi sense. If you allow someone using Windows 10 or a Windows phone access to your wireless network, it will share that with others. So your buddy Joe's shady cousin can log on to your local network.

This is pretty well documented by Microsoft and others, I'm a little surprised that a W10 expert doesn't know that. Do you really need the citations? Okay, http://bgr.com/2015/08/03/wind...

They did finally kill it after massive outrage: http://www.extremetech.com/com...

As for my other assertations, if you have W10, you've certainly read the security and privacy settings? It's all in there, except for the telemetry part So here ya go: http://arstechnica.com/informa... https://forums.untangle.com/we...

http://www.dslreports.com/foru...

As well, they bypass your hosts file a good bit. Anyone really concerned about privacy should have a non-microsoft firewall in the loop. Note that some sites they don't allow you to block should be allowed os that your computer acts properly.

Blocking content at the router/firewall is the best place to block it inside your network. Otherwise you're dealing with keeping several machines up to date. As IT infrastructure becomes more diverse (Mac, Windows Flavors, Guests etc) keeping individual machines updated will be harder than a centralize point. Another option is to force users to utilize a specifc DNS server (ie http://www.opendns.com/business-security/). Then all you do is block DNS traffic destined for any other DNS servers.

I'd avoid the $50 walmart router and look at some stand alone firewall/routers with good filtering options: IPCop (http://ipcop.org/) + URLFILTER (http://www.urlfilter.net/) or Cop+ (http://home.earthlink.net/~copplus/) or UnTangle (https://www.untangle.com/store/lite-package.html)

Will it slow down your connection? It can if you do not use fast enough equipment, but in general the price of CPU cycles isn't an issue when using PC based solutions.

Step 1: Isolate. Use a spare PC, add a NIC and use Untangle Lite (free) http://untangle.com/ which has very good. Turn off DHCP in your router, use it as an access point only. Let Untangle hand out addresses. Get the perp's MAC address and reserve his IP addresses. Use Untangle's report feature to build up a dossier of all his activities over a few weeks. See what he's doing.

Step 2: While compiling the reports, use HeatMapper (free) http://www.ekahau.com/products/heatmapper/overview.html on a notebook or netbook to locate him. It won't be any problem to find his AP in the signal map.

Step 3: After you have the data, mail him a copy of the reports and the heatmap to let him know you know what he's doing, and invite him over for a cup of coffee or other beverage of your choice. Be sure to tell him you don't want to turn him in or blackmail him, but you would like to talk geek to geek. Tell him you're going to disable WPS and change the WPA key, but you'd like him to try to hack in again, and tell you if you've left any open vulnerabilities. You can end the leeching and might just gain a buddy worth having.

Caveat: Of course you want to send a copy of the report to someone else to hand over to Law Enforcement in case he turns out to be a terrorist or freakazoid with implements of destruction to use against you.

Download the free edition; it'll be all you'll ever need.

http://www.untangle.com/store/get-untangle/

Cheers!

Another option is to use a Captive Portal built into a routing device.
If you can throw together a machine with two NIC or some wireless cards, the software side can be handled with ZeroShell, or if you prefer a paid support contract, the previously open source Untangle

Captive Portal requires registration with a username/password to use the wifi, and can perform metering for if you wish to charge or just limit time. You can also setup different sets of web filters or firewall rules that change on a set schedule.

The Web Filtering modules will likely make your committee chair happy, as you can easily block most categories like pornography, gambling, hacking, etc.
It isn't impossible to get around of course, but should be enough for due diligence.

Good luck!

whats wrong with x86? just build a cheap x86 box and add whatever components you want. you could even throw untangle on something. i'm sure you've got an old pc sitting around somewhere, or someone has one you can have.

I use a combination of ZeroShell for routing, and Untangle for monitoring and filtering.

Untangle comes with modules, about half of which are free and open source, and the other half commercial.
This past year things have been going a bit downhill for the free version, namely two critical modules were made paid-only, and a webfilter-lite made to replace it.
They also now stick ads on your adblocker pages if you don't have at least one paid module :/ (This is easy enough to block, ironically using Untangle itself, to filter its two ad URLs... But the point still remains)

Most of the Untangle paid modules are more for a corporate setting, while the home usage options were free. The main downside I see to the paid modules are they are all monthly/yearly costs. Not a single "Pay for it and forget about it" option.

That said, I dropped all the paid modules and am running the free version both at home and work.

At home it's nice for the http/email stream virus scanning, which it sends RST packets if it detects anything to keep the infection from even reaching the PCs.
At work we use it for filtering, unfortunately for a similar reason.

It also has some nice reports too, and a separate interface so you can grant managers access to the reports but not the controls/settings.
You can run it as a router or as a transparent bridge in case you can't make changes to your network setup. Just pop it between the edge router and your switch.

I hate having to filter like this personally, but it's being demanded from the top, and not exactly the battle I want to give up my job over, so there it is.

Untangle firewall has good web proxy, and protocol control. You can filter by type etc... Easy to use. Transparent bridge setup if you already have a firewall. Can block all common proxy sites, and you can install the firewall module and turn off peoples ability to go out on a VPN unless they come from specific IPs. It can also do Ad Blocking, Spyware Blocking, Virus Blocking, IPS, IDS, get OpenSource system. I use it at home and work, and it is Free as in beer if you bring your own hardware. http://www.untangle.com/

http://www.untangle.com/ Is a great, free tool to help block, track, and limit web browsing activities. Based off of Debian I think.

I've used several URL tracking systems. None of them were entirely open source, but there are some available. The real costs come in with the URL database. These databases are complied and maintained by real people. There are some community driven databases that are free to use, Untangle has one, but they will not be as complete or consistent.

Not really... Basic Desktop support, and a more sophisticated gateway. Something like m0n0wall http://m0n0.ch/wall/ has very good access control with a voucher system, you user based control built in. It also has a very good traffic shaper so one kid downloading won't cause a fight with the other kid gaming. However, no web filtering.

Untangle http://www.untangle.com/ has some very good filtering on content and viruses, as well as some ads. The captive portal is not as strong, but getting there. No real traffic shaping last time I checked.

Both are open source projects. Monowall will run on any old P3 with 128 meg of ram. Untangle will need a bit more power behind it.

Good options. He could also try ClearOS. After it is set up it should be rather low maintenance. The download link is on the page. I have one at home and it is a win.

Not really... Basic Desktop support, and a more sophisticated gateway. Something like m0n0wall http://m0n0.ch/wall/ has very good access control with a voucher system, you user based control built in. It also has a very good traffic shaper so one kid downloading won't cause a fight with the other kid gaming. However, no web filtering.

Untangle http://www.untangle.com/ has some very good filtering on content and viruses, as well as some ads. The captive portal is not as strong, but getting there. No real traffic shaping last time I checked.

Both are open source projects. Monowall will run on any old P3 with 128 meg of ram. Untangle will need a bit more power behind it.

I did not see anyone suggest http://www.untangle.com/ . i have only played with it for a short time, but it might be worth checking out!

I can't believe that no one has yet mentioned Untangle - www.untangle.com or Endian www.endian.com

Or Untangle if you want a slightly cheaper alternative to a Fortigate/etc. http://www.untangle.com/ There is a free, open source version and several paid versions.

Have you ever tried Untangle? It works great for spam/virus filtering (and many other things), but you would still need a desktop AV client.

check out http://untangle.com/
It is a security gateway that is used as a router or sitting behind your router bridged to your LAN.
Their free version contains some of the best open source anti-malware packages like SpamAssassin, snort, etc. You still need to mind thumb drives, DVDs and any other sources that don't pass through Untangle.

You sure about that?

They also didn't include Untangle, http://www.untangle.com/ which is available free, and is a direct competitor to the things tested.

Free with an asterisk on it. It seems if your needs go beyond the very basic, you have to pay for the professional version.

According to their website, creating different policies for specific groups of users or time-based is not available in the free version. Nor is wan failover.

I'm not against paying for the product, it seems quite capable and the $250 a year subscription is not unreasonable. But the free version doesn't seem to do much to compare to other offerings.

> It would have been nice to see how the ASA5500 series appliances stood up to the test.

If you send them one I'm sure they'll test it. It appears that Cisco wouldn't.

They also didn't include Untangle, http://www.untangle.com/ which is available free, and is a direct competitor to the things tested. So it might be other reasons...

Untangle (www.untangle.com) -- Free Spam Blocker enables administrators to block spam at the gateway before it ever reaches the users.

* Leverage the best spam filtering techniques including Bayesian Filters, Razor, realtime block lists (RBLs), OCR for image spam and tarpitting

More Info: http://www.untangle.com/Spam-Blocker

Keep the computer in the living room.

Untangle for Linux might be a solution since it was already mentioned in the summary. It's free too :) Find it here: Untangle for Linux

There's a Linux-based browser that will never display any popup ads containing offensive sexual graphic images (without selecting one and navigating to it), it's called: Elinks.

The best browser ever invented.

And there's also Lynx (second best), in any case: The filtering in these browsers is so very effective, you'll never have to worry about seeing a single offensive image randomly pop up. An alternative is to use Firefox with NoScript and turn off images.

For good measure (in addition to Lynx), stick an untangle box running the free web filter, in front of the filtered PC, turn on all the spyware and 'sex' category blocking, and a Privoxy proxy for filtering unawnted cookies, and you should be 90% good to go.

Keeping the computer in the living room doesn't prevent them from stumbling on bad stuff.

The purpose of a good filter is 2 fold:
1. prevent kids from stumbling onto bad stuff.
2. prevent kids them from using the internet to be curious (the parent is paying for the connection and has a right to block or allow whatever they want).

A customizable filter is best: k9 (win/mac). Customizable = if blocked it allows the user to invite the parent to override the block, (and add the site to a whitelist). This way, the kids can still access blocked items.

So who determines what gets blocked? With a customizable filter, it is the parent, and because they are paying for the internet connection, they have a right to control what comes in on the internet connection. When the kids move out and go to college, they are old enough they can make their own decisions.

However, I haven't found a customizable filter and free for linux yet. If you have an extra computer with 2 network cards you can try untangle os a firewall os with content filtering. I will try the opendns suggestions listed below, because it sounds like you can choose what categories are blocked and which aren't.

Untangle's pro version should allow this. Maybe they have a discount for non-profits?

www.untangle.com

Untangle is essentially a GPL'd open source Linux distribution that acts as a perimeter firewall/spam filter.

Download the CD image and boot it an older system. This will give you a system at least as good as Baracuda (actually its a lot better) for FREE!

Gmail and Postini are not good solutions. Been there done that.

I use a product called Untangle, available at http://www.untangle.com. It uses Spamd, is pre-configured and is easy to setup. You can use an old piece of hardware with it and it does a fantastic job for our organization.

Give it a try. It blocks out about 2400 e-mails daily that get through our SMTP relay using MailSecurity.

I'm using spamassassin + exim on mail relay gateways of a 2000+ email installation. It works great.

You need to add the dccproc ( http://www.rhyolite.com/anti-spam/dcc/dcc-tree/dccproc.html ) and razor ( http://en.wikipedia.org/wiki/Vipul's_Razor ) plugins in order to use those "reputation" services, turn on bayes filtering, wait for 200 messages to be "marked" and there you go. If you have enough load, you might need to switch from the DB database backend to mysql. One thing you might be interested in is http://www.untangle.com/ ... looks interesting.

if you could run untangle on it that would be cool. anybody know if that would be possible?

Or, you could just let your firewall/router do it, and never have to worry about the crap! http://www.untangle.com/

How, with 25 different viruses can one catch 6%?

Because the test set was 18, and not 25 as reported. 100/18=5.555. Have a look at the test results.

-- Steve

From http://virus.untangle.com/ : for the Wild+Eidar chart, n=18; for the overall catch rate chart, n=35. Writeup is at http://blog.untangle.com/?p=96 .

From http://virus.untangle.com/ : for the Wild+Eidar chart, n=18; for the overall catch rate chart, n=35. Writeup is at http://blog.untangle.com/?p=96 .

It's only 18... not 25

see http://virus.untangle.com/
w

I wonder how Avast would have done (having a Free version)

Look at the page: http://virus.untangle.com/.

• For the "Wild + Eicar Catch Rate" it says, "The sample size of this test is 18 (not 25 as some cited)."
• For the "Overall Catch Rate" it says, "The sample size of this test is 35."

If you read the website with the original results, it says that there were actually only 18 viruses in the first test, and Watchguard only caught one, which is 5.6%. You can download a nice spreadsheet with detailed information about which viruses every solution caught, too.

The linked website states the sample size was 18 not 25.
1/18 = 5.6%

There is another small writeup here: http://blog.untangle.com/?p=96

Because the summary isn't right.

They used 18 test cases, Watchguard got only one : 1/18 = 5.55%, rounded = 6%

All from the spreadsheet available at http://virus.untangle.com/

Well examining the Excel sheet here http://virus.untangle.com/, they used 18 test cases, so they got 5.6% for Watchguard

The summary was wrong, it's either 18 test case or 35 test case, depending of the section you're looking at...

What about AVG? I really love it. I've installed on both my workstations and a server (Windows). It uses minimal resources, it's fast, and it's managed to catch more stuff then Trend Micro, Symantec and McAfee.

Also, Bitdefender and Nod32 are also good for the Windows enviroment. I'm curious to how all these ranked in the Linux world.

Test them yourself. The virus samples they used are found here.

The story could have shown a list of the tested viruses verses the AV software being tested. A simple table would have conveyed a great deal more information than the druel the fellow wrote. Yes I RTFA and as I said - it is not very informative.

You RTFA and then sadly don't do any research. Why would they bother to list the tested viruses when provide the actual viruses (see "Test Set")?

Something seems a little strange here. With 25 test cases, and a binary outcome (either the virus was detected or it was not), the %caught should proceed in even step of 4%. There's some number massaging going on somewhere.
 
Hmm... the Fight Club Website lists 35 test cases, not 25. It's not clear if there is any overlap between the various test cases. In fact, there's not any discussion of the testing methodology (let alone what precisely was tested) at all. Just "here's our numbers - believe them or infect your own machine and find out for yourself".
 
Now, while I admire the 'do it yourself' hacker ethos as much as the next guy - this is taking it a bit too far.

From TFA:

Kaspersky, Symantec, and Clam AV: 100% caught

FProt and Sophos: 94%

McAfee: 89%

GlobalHauri, Fortinet, and SonicWall: 61%

WatchGuard's Linux AV: 6%

And a graph of the results plus links to some of the test viruses: http://virus.untangle.com/

My company has a free product called Untangle that helps you deal with things like this. Give it a try.
http://www.untangle.com/download