by May 14, 2007 0 comments

Just about every organization today is trying to cope with the growing variety of security threats. Whether you’re the CIO of a multi-national bank wanting to secure the thousands of ATM branches or several hundred bank branches across the country. Or maybe you are spearheading the IT operations of a retail chain and want to ensure that all your retail outlets are secure while communicating online with the head office. Whichever type of organization it is, you need to ensure that its IT infrastructure is free from all security threats. Today, the answer to most of the security threats seems to be a UTM appliance.

Just to refresh your memory, UTM stands for Unified Threat Management, and a UTM appliance is a device that’ s a one stop solution to combat any type of network security threat. For instance a UTM device can combat viruses, spam, malware, hacking and phishing attacks. Plus it can also do content filtering,
firewalling, IDS, etc. Moreover, all this can be managed from a single management
interface. While the concept of UTM may sound exciting, you need to ensure that you choose the right one and determine its total cost of ownership. A typical commercial UTM appliance would cost anywhere between 2 to 5 Lakhs. Soo if a bank wants to deploy it across its thousands of ATMs, then that’s a huge investment. When making such a significant investment, you would also have to consider its manageability. Can you for instance, manage it from your existing network management system? If you’re using an OpenView or a Tivoli for instance, then would you be able to manage your fleet of UTM devices directly from those software? Here, we’ll talk about a device that takes care of both issues.  

Select the type of Red interface amongst the ones shown. For example, you could mark an ADSL or ISDN network as a Red one

We’ll be talking about an Open Source software called Endian. It let’s you build your own UTM appliance, and we’ll tell you all about it in this article. Building such a device is in fact no rocket science. To start with, all you need is one server class machine, preferably a rack mountable one, which you can plug into your rack like an appliance. We’d suggest that the server should at least have an Intel Xeon Processor, 2.8 or 3.0 GHz. In fact, when we were experimenting with it, we first set it up on an ordinary P4 based desktop machine. The moment we put it on a live network with around 500 users, it froze after a few hours. The hardware was just not able to handle the load. So, don’t use an ordinary PC when building your own UTM device. You’ll need at least 1 GB RAM and any where between 20 to 60 GB of HDD for the UTM server. The hard drive is required for the proxy cache and for storing quarantined viruses. The OS itself of Endian has a very small footprint, taking less than 1 GB for the installation. Other than that you will also need multiple LAN cards in the server. You’ll need at least two if you plan to build a network with a Public and a Private network. You’ll need three if you also want a DMZ network. You can also add more network cards depending upon the number of Internet connections and LAN subnets you want to connect to the device.

Select whether you have a DMZ or a Wi-Fi network. Select Orange if you need a DMZ and Blue if you have a Wi-Fi network. If you don’t have any, select None

We zeroed in on Endian after evaluating several Open Source Linux distros. Endian has been specifically to become a UTM. It consists of packageslike SpamAssassin, CLamAV, Ntop, Snort, IPTables, dansguardian and Squid. These give you anti spam, anti virus, firewall with DMZ, content filtering, bandwidth shaping, IDS and monitoring capabilities. We’ll now go ahead and install Endian.

Installing Endian
To install Endian, all you have to do is boot the machine with the Endian ISO and follow the installation process. The first two screens are for welcome and language selection. So press Enter and proceed. The third screen warns you by saying that if you proceed further, the distro will form on your full partition and all previous data will be gone. So keep in mind that the hard disk you use does not have any valuable data in it. Make your choice and proceed. The installer will ask you whether you want Display support on the console.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.