Endian Unified Threat Management

Introduction/Demo to Endian UTMlmarzke

Lee Marzke (4AERO.com)

Infrastructure Consultant:

Software Development organizations

Specialize in SCM, Process, PM, Tools

Just Enough Agile

Virtualization (VMware, NetAPP SAN )

2 to 200 hosts

Endian Unified Threat Management ( UTM )

UTM Components

Security

Filtering

Network Services

Form Factor

Software Appliance

Hardware Appliance

Unified Threat Management is: (1)

Consolidated Security

Multi-zone Firewall / Proxy (HTTP, FTP, SMTP, DNS)

Web and Email AV

Intrusion Detection (SNORT in-line)

OpenVPN

Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html

1 of 14 07/08/2010 01:53 PM

Filtering

URL, Content , Attachment Filtering

Email Anti-Spam, Bayesian Learning Filter

Unified Threat Management is: (2)

Network Services

DHCP, DNS, Time, QoS

Misc Services

Dynamic DNS

NTOP traffic monitor

* Hotspot / radius server

pfSense, IPCOP, Smoothwall -vs- UTM

Security <-----------> Administration Cost

One server per job <---> Combined Functions

Minimal Functions <---> More Functions

You could also argue that more security functions for the same budget gives you more security.

Endian (Bolzano, Italy)

Open Source (community) software appliance

Virtual Firewall Appliance (VM)

Commercial software appliance w/ support

Network Portal for managing devices on support

Hardware Appliances 10 - 2500 users

Firewall Architecture

4 zones (Red/Orange/Green/Blue) +VPN (purple) zone

Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html

2 of 14 07/08/2010 01:53 PM

UTM at 4AERO

Web GUI (1)

Dashboard

Network Interface(s) and Status

Hardware Status (RRD)

current traffic graphs (RRD)

Web GUI (1a)

Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html

3 of 14 07/08/2010 01:53 PM

Web GUI (2) - Status Connections

Web GUI (2a) Status HW RRD Graphs

Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html

4 of 14 07/08/2010 01:53 PM

Web GUI (2b) Status Traffic RRD Graphs

Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html

5 of 14 07/08/2010 01:53 PM

Web GUI (3) Network Hosts

Web GUI 4 Services DHCP fixed leases

Web GUI (4a) Services IDS (Snort in-line)

Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html

6 of 14 07/08/2010 01:53 PM

Web GUI 5 Firewall OUT

Web GUI 5a Firewall port forwards

Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html

7 of 14 07/08/2010 01:53 PM

Web GUI 5b Firewall Interzone

Web GUI 6 Proxy HTTP

Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html

8 of 14 07/08/2010 01:53 PM

Web GUI 6a Proxy HTTP Content Filter

Web GUI 7 VPN

Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html

9 of 14 07/08/2010 01:53 PM

Demo System

Lenovo X61 Laptop

VMware Workstation

Endian UTM VM -->

Private Network

Windows XP (green) <--

Example Use Cases (1)

Filter Web (HTTP) Traffic

HTTP Proxy

Modes

Manual Proxy setup in Browser

Automatic Proxy detection (WPAD, or PAC)

Transparent

Optional Authentication

Internal, AD, Radius

Filtering

AntiVirus, URL's, Content, Attachments

Example Use Cases (2)

Email Filtering

POP3 Proxy

( Spam and AV )

Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html

10 of 14 07/08/2010 01:53 PM

SMTP Proxy

Both Inbound and Outbound filtering

( Spam, AV, Attachments )

Bayesian Spam Learning ( Site Wide )

SPAM Training Service

SPAM folder on IMAP

HAM folder on IMAP

Example Use Cases (3)

Prevent client DNS attacks

DNS Proxy

Rewrite port 53 requests to use Endian specified DNS

Redirect known spyware requests

Change NS based on domain

Example Use Cases (4)

Internal Hosts ( ~ split DNS )

Specify internal IP for external domain names

Allows external URL's to work internally.

Example Use Cases (5)

Redundant Uplinks

Network/Interfaces/Uplink Editor

Network/Routing/Policy Routing

Example Use Cases (6)

Assign Fixed DHCP leases

Services/DHCP

Advantages of Static, without the hassle

Great for Laptops !

Example Use Cases (7)

Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html

11 of 14 07/08/2010 01:53 PM

Intrusion Detection (Snort)

Services/IDS

Default is to Warn, Click to Block

IDS traffic enabled case-by-case using Firewall Rules

Example Use Cases (8)

Enable Quality of Service (QoS)

Services/QoS/Devices

Set Uplink/Downlink speeds

Classes

Default (High, Medium, Low, Bulk )

Rules

Based on MAC, IP, zone, or TOS

Example Use Cases (9)

Setup OpenVPN

Services/VPN/OpenVPN

Add user

Download cacert.pem to client

Install Endian OpenVPN client ( Commerical version only ) -or-

Install OpenVPN and scripts as required.

Command Line

Serial Console optional ( at install time )

Config Files

Normal configuration files

/var/efw/ , /etc/endian/services

Scripts

Endian scripts in /usr/local/bin ( python )

Enterprise Features

Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html

12 of 14 07/08/2010 01:53 PM

* = Not Available in Community

Multi-WAN fail-over

RAID 1 ( if 2 disks available during install )

* High Availability (Hot Spare )

* Endian Network ( remote Portal for upgrades, control )

Endian Network

Open Source -vs- Commercial Support

Open Source (Community)

Many open-source packages

Many menu options

Testing / support by community

I've found ~10% of functions broken in new releases

Commercial

Released after Community 'shake-out'

Email support from Endian

Production quality

Commercial Pricing

Software Subscription - $250+ per year

Hardware $750 to $10k +

Commercial Demos or Pricing Quotes

Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html

13 of 14 07/08/2010 01:53 PM

Contact lmarzke@4aero.com

Questions

Endian Unified Threat Management file:///home/lmarzke/Desktop/endian.html

14 of 14 07/08/2010 01:53 PM