PCQuest : Shootout : Open Source UTMs

Open Source UTMs

This time instead of testing commercial UTM solutions we benchmarked three popular Open Source and free ones. Here's how we tested them

Anindya Roy

Tuesday, October 06, 2009

Print Comment Email Digg Del.icio.us Reddit Twitter

Open Source and free UTM solutions have most features which commercial UTM appliance have and at the same time are also far cheaper. Not only that, as these Open Source UTMs are installed on commodity machines we have the luxury to upgrade and scale the hardware whenever required. We selected three free and Open Source UTMs: Endian, Cobian, and Untangle. We tested four major components of these:

Anti-virus
Testing for anti-virus capability is the easiest amongst all tests. We simply need to create a Web, FTP and SMB server, and load of different types of viruses on it. We used a Linux machine to host these viruses so that the hosting machine itself doesn't get affected by them. The viruses that we used vared from the old 16-bit viruses to the latest Trojans and malware. We used a set of viruses with around 1000 virus files grouped under macros, zipped, old regular and new regular viruses. This set was kept constant for all UTM devices. Once the host machine was ready with all viruses hosted on it, we connected it to the public port of the UTM devices one after the other and tried downloading all viruses from the private network. Once done, we counted the number of viruses that bypassed the UTM and downloaded on the private network.

Anti-spam
We setup a machine with a POP3 Mail server running on it and dumped around 1000 different spam mails on it. Then we connected the machine to the Internet and gave it a public IP address which was mapped with the MX record of a domain. We took the UTM devices one by one and connected their WAN port to the Internet. We connected a few machines to its private network and started downloading the spam. We then counted how much spam the devices had missed, to either tag or block.

Firewall
As Nessus has become pretty common and all the UTMs do detect the tests done by Nessus, we used a standard DoS attack and a port jammer. For running the DoS attack, we used ettercap's Nice DoS plugin and we used Pjam for port jamming. We connected the WAN port of the UTM device to the Internet with a public IP, ran the DOS attack and Pjam, sitting on a machine connected to the Internet from a different gateway.

IDS/IPS
To test the IDS/IPS functionality, we focused on the capability of the device to detect internal attacks, or attacks that are generated from a trusted/private network. To test this we ran an ARP spoofing tool on the IP address of the private port of the device and checked if the device can detect the attacks. ARP spoofing is a mechanism by which one can compromise the ARP cache of switches, and divert all traffic intended for some other IP, to one's own IP. We ran the tests in two modes. First, we spoofed the gateway IP and then explicitly forwarded the data coming to the hacking machine, to the destination gateway. And in the second mode we stopped forwarding all the data to the actual IP.

Page(s) 1




	Enterprise Security Solutions
	Features to Look For Before Buying an LCD Monitor
	10 LCD Monitors Tested
	Build it yourself � Atom powered Nettop under 9k!

Untitled Document

ZTE:Leading CDMA Technology

Extraordinary Networks:Freedom of Choice

	Other CyberMedia web sites [Dataquest] [Voice&Data] [CIOL] [Living Digital] [IDC India] [DQ Channels] [the DQweek] [CyberMedia India] [Global Services Media] [CyberMedia Events] [Cybermedia Digital] [CyberAstro] [BioSpectrum] [BioSpectrum Asia] [Computer Shopper] [College Buying Guide] [Voice&DataConnect]