What's new

UTM device for home network security

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Ralphort

Occasional Visitor
Edited...
 
Last edited:
I admit not knowing what UTM stands for, but wonder if the ASUS routers with AIProtection are adequate if you don’t open any ports.
 
UTM = Unified Threat Management. These appliances use "deep" packet inspection that looks inside packet contents to determine what is in the packet to determine whether it is a threat.

I don't know how effective they are these days protecting web browsing, given the move to HTTPs. But they can provide better protection against email-based threats at least.
 
But they can provide better protection against email-based threats at least.

Email is also increasingly secured through TLS these days, although it's not as far along as https encryption. Lots of old setups still using plaintext POP3 and SMTP. You'd have to use a POP/IMAP/SMTP gateway to handle threat handling.
 
UMT’s or Unified Threat Managers are a step above the home router. They do offer more security features and better visibility in the way of traffic granularity With that said you will need to invest way more time setting the UMT up as well as managing and update rule sets.

If your looking for something that’s a set it and forget it then a UMT is not for you. I get daily traffic reports and spend about an hour every month updating URL lists due to some urls not playing well with https inspection. I only use about 15 percent of the power of my UMT (Sophos XG) at the moment.

Each UMT approaches firewall rules differently, XG is top down.

With https inspection (MIM) and URL blacklisting 90 percent or more get blocked at the security appliance. Security Essentials and Edge pick up the rest. Keep in mind that https inspection decryps traffic and some sites know this and will reject this as it is considered an attack.

UMT’s can be overwhelming out of the gate as you need to understand how the software wants to be set up., adjusting thresholds and making sure the CEO/CFO are very happy (The Wife).

As mentioned before, Untangle is popular, Sophos UMT and Sophos XG, and pfsense. Look at your needs then look at the limitations of each. Sophos UMT It is very mature but lacks a few things and has a 50 IP limit. That will run out real quick. Sophos XG is limited to 4 cores and 6GB of ram and not as mature. I went with XG my self due to documentation I can understand and the community and it being the predecessor / nextgen. The only two issues I have with XG at this time is the limited set of DDNS options and IPV6, Both a non issue for me at this time. And the XG allows for url expressions and nice feature.

Apart form research the only other advice I can give is if the suite allows you to BYOD make sure you go intel with what ever suite you pick. One thing you will find out is for the average home user a UMT is not needed and if improperly set up provides a nice false sense of security.
 
Untangle will be the easiest to setup and run.

I am not sure pfsense really qualifies as a true UTM.

I ran Untangle for a lot of years in the past because I ran a mail server at my home for 8 or 9 years in the past several years ago. As mentioned above it is not something you can forget about. UTMs require attention and maintenance.

So many things are being encrypted now that UTMs may not be as useful as in the past. You do take a hit in response time do to the heavy packet inspection.
 
cone_head: If HTTPS traffic can be decrypted so easily and on-the-fly, why the push to have all web traffic be HTTPS?

Nevermind. Found this explanation.
 
thiggins: For HTTPS inspection the appliance is the requester of the url not the computer. The end system sends the request to the appliance, the appliance then acts as the requester. The request is sent back to the appliance and in turn it inspects and passes it on. The device will need a certificate from the appliance for this to work. A good example of this would be the eicar test file in various forms. with https inspection on the test files in all forms get blocked / rejected at the firewall. http, https, zip and such.

I also forgot to mention I have XG set up to inspect small downloads before it allows them to pass.

But again, some sites and applications or games do not play well with this so I either have to whitelist them or just have the device on a rule that dose not use https inspections. My Roku would be an example of not playing well so I have it set up on a separate firewall rule.

Thats where url blacklisting comes into play. I can import lists of urls I wish to block at the firewall from the reports I get or from someonewhocares.org and use their url list.
 
Last edited:
Wouldn't a UTM do that?

Possibly, not sure if it's typically done transparently or requires particular client configuration. I haven't spent much time looking into these products myself. I suppose it might work if you preinstall an appropriate CA on your client devices, then have the UTM act as a transparent proxy.
 
thiggins: For HTTPS inspection the appliance is the requester of the url not the computer. The end system sends the request to the appliance, the appliance then acts as the requester. The request is sent back to the appliance and in turn it inspects and passes it on. The device will need a certificate from the appliance for this to work. A good example of this would be the eicar test file in various forms. with https inspection on the test files in all forms get blocked / rejected at the firewall. http, https, zip and such.

I also forgot to mention I have XG set up to inspect small downloads before it allows them to pass.

But again, some sites and applications or games do not play well with this so I either have to whitelist them or just have the device on a rule that dose not use https inspections. My Roku would be an example of not playing well so I have it set up on a separate firewall rule.

Thats where url blacklisting comes into play. I can import lists of urls I wish to block at the firewall from the reports I get or from someonewhocares.org and use their url list.

This is where a lot of work comes in for UTMs. They are NOT maintenance free. They require constant attention.

I should add plus the software updates multiple times a year.
 
Last edited:
Dumb (perhaps) question. How do things like ASUS AIProtection, Bitdefender Box, Cujo and other "dumbed-down" boxes compare? I'm especially interested in ASUS AIProtection (Trend Micro) - which apparently does deep-packet inspection.

Untangle or pfsense/snort seem useful, but I'm getting older and it is hard to find time to "tinker" like I used to. Still, I don't want to be "naked on the 'net". Note: I don't expose any ports; just looking for safe broadband access, at home.
 
Dumb (perhaps) question. How do things like ASUS AIProtection, Bitdefender Box, Cujo and other "dumbed-down" boxes compare? I'm especially interested in ASUS AIProtection (Trend Micro) - which apparently does deep-packet inspection.

Untangle or pfsense/snort seem useful, but I'm getting older and it is hard to find time to "tinker" like I used to. Still, I don't want to be "naked on the 'net". Note: I don't expose any ports; just looking for safe broadband access, at home.

I am in the same boat with getting older. I retired 12 years ago so I don't run all the network equipment I did in the past. I am now looking for maintenance free networking equipment now days. If you are a gamer or have a granddaughter which is a gamer they will not like running a UTM. It slows your response time down on internet traffic. The deep packet inspection is not a free service. It takes processing power which takes time. Even if you throw a big processor at it there is still a penalty in response time you pay.

I don't know anything about the antivirus company's dumbed down boxes but I am sure they behave the same way. There is so much encryption now days that you need to really figure out if they are really helping or ignoring encryption. Is the penalty worth it with so much encryption?
 
Untangle and Sophos are two very good UTMs including for home users....both have free versions and paid versions. And Untangle has a very affordable home package which gives you just about all their features for a very low price.

With so many web based services going to httpS....you really need the SSL inspectors setup on UTMs. This involves having them create a self signed cert..and you import that into the trusted certs on the nodes behind the UTM. Windows computers....of course this is easy. IoT and tables and smart phones...some more difficulty. "guests"...obviously something not managed so they just get stuck with invalid SLL warnings all the time.

Like mentioned above...UTMs can take a bit of tweaking, and if you have gamers and the like in your house...it can get in their way, cause complaints. UTMs are really meant for businesses, not homes. They do require a bit of occasional hands on and monitoring to really be effective. Security devices should not be thought of as "hands off" or "set and forget".
 
+1 on Untangle. With UTMs you take a hit on response time so gamers are not going to be happy. You have to decide is speed or security the most important.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top