So I’m going to take a little break from the awesomeness that is SecurityOnion to bring you another free tool for your home networks. Now this one is a little different than the SecurityOnion as it is meant to be placed “in-line” with your network’s traffic. This means it can be intrusive if not configured correctly.
Test your configuration with your roommates, parents, spouse and kids out of town or when they go down for sleep. Trust me.
What is Untangle?
You can visit http://www.untangle.com/untangle-ng-firewall to learn more about the system I’ll describe below. But in general, it is software (free and for purchase) that you install on a dedicated computer. That computer then becomes your router, firewall, intrusion detection system, ad blocker and more! Yeah, it *IS* cool!
If you’ll remember, the last time we looked at the network architecture, I proposed the following for a home network with SecurityOnion monitoring:
This network gives us the ability to listen to all the network traffic from our SecurityOnion device. It also gives us the ability to quickly drop in the (yellow-colored block) Untangle server per the diagram below.
In this configuration, we are still monitoring all our traffic with the SecurityOnion device AND we are now CONTROLLING the data using Untangle. We not only have “eyes” on the traffic, but can now take action.
Equipment for Untangle
What amazed me most about Untangle was the minimal hardware requirements. No seriously, minimal. I installed it on a Dell Dimension 4500 from 2002. Yes…2002. The system has a maximum of 1GB RAM (and that is what is installed). And according to http://wiki.untangle.com/index.php/Hardware_Requirements, this configuration will work for a network with up to 50 systems. O_O
You can put this on whatever computer you wish. It is its own distribution so that computer will be erased when you install Untangle.
Aside from a computer to install it on, you’ll need 2 network interface cards (NICs) in the system. This is because the Untangle system is a router/firewall and has an “internal” (your home network side) network and external (the Internet side) network. For my old computer, I needed a PCI card and chose a TP-Link one. Any card will/should do. Can even be the USB to Ethernet adapter I mentioned in an earlier post.
Because of the excellent documentation available at http://wiki.untangle.com/index.php/Installation
, I’m not going to go into how to install and configure the system. Essentially, just download the free ISO, burn it to disk, then boot your Untangle box from it. Follow the point and click installation and BAM! You are Untangle(d)!
What I did was to install a system with Untangle and hook it up to my network in parallel with my existing systems. I did this by just plugging it into the switch that was attached to my FIOS router. This gave it access to the Internet to pull configuration files and updates and also allowed me to plug a computer into the other network card in the Untangle system. Doing this was my prep work. Before I switched my entire home over to use this box, I wanted to make sure it worked and worked well.
So I hooked up a computer to the Untangle server’s second NIC and the first NIC I attached to the switch for Internet access. Then I played with the settings and tried things out without my spouse and kids’ network traffic being impaired. Highly recommend this approach! No fun sleeping on the couch because you blocked all Internet access just when some important episode of Game of Thrones came on.
Apps in Your Rack
When you finish your install of Untangle, you will have a “rack” to which you can install applications. Each app fills a different purpose: IDS, ad-blocker, reports, email spam filter, captive portal…etc. Some of these are for purchase and the “Lite” versions are free. I have found that the free versions allow me the flexibility to do everything I want to for my home network (and probably for a small business as well). Below is what my home’s “rack” looks like. Yours may/will be different depending upon what apps you install.
Lets break down the pieces of what is shown above. Almost everything is “clickable”. Along the top are the status graphs showing you your system’s resources. As you can see below, 1Gb of RAM and I’m only using 1/2 of it. Woohoo! Even with 2 people working from home using 2 full VPNs, someone using streaming video (Netflix) and someone doing online gaming, the CPU load has never gone above “low” so either it is broken or this thing is GOOD!
In the next post I’ll show the configuration of Untangle. After that we’ll dive into the apps!