Untangle Intrusion Prevention

Untangle Intrusion Prevention Overview:

Untangle Intrusion Prevention blocks hacking attempts before they reach internal servers and desktops. Untangle’s pre-configured signature-based IPS makes it easier for administrators to:

• Provide 24/7 network protection from hackers
• Minimize annoying false positives
• Ensure that signatures are always current with automatic updates

Most hackers are looking for computer networks that they can hijack and exploit. They cast wide nets using automated programs that sniff out exposed networks. This makes small businesses, with more limited IT budgets, particularly vulnerable.

Our Intrusion Prevention software intercepts attacks in their tracks. Working transparently on your network, this innovative application uses thousands of signatures to detect, block and log intrusion attempts, using industry-standard rules.

Plus, we simplify the process by setting reasonable defaults for you on thousands of signatures—or you can change defaults and add new rules based on your company’s specific needs.

Key Features:

• Open source & Free under the GNU General Public License (GPL)
• Thousands of signatures for a variety of attacks
• Carefully selected defaults continually tuned by Untangle Operations Center
• New attack signatures atomically downloaded to your server

Technical Specifications:

Intrusion Prevention is an ID (Intrusion Detection) system that intercepts all traffic and detects malicious activity on either the network or individual computers or both. To detect malicious activity, Intrusion Prevention uses signature detection, a method that draws upon a database of known attack patterns.

Intrusion Prevention's interception of malicious activity does not have any impact on system performance and is transparent to users, with the exception of the malicious user. If Intrusion Prevention detects malicious activity, Intrusion Prevention terminates the session for that activity.

Intrusion Prevention is pre-configured with default settings custom-tuned by Untangle. Therefore, Intrusion Prevention does not require much customization, though you can change these defaults or add your own rules.

Under The Hood
Intrusion Prevention uses an open source tool, Snort , to identify these known patterns. The Snort community maintains information about known exploits, and produces lists of signatures from this information. The Untangle Server software keeps these signatures up-to-date.

What It Does

Provides network intrusion detection and prevention

How It Does It

Uses Snort signatures with a custom Untangle scanning engine, pre-tuned default settings and updates

Controls

• Specific signatures can be set to be blocked and/or logged
• New signatures can be created using custom rules and variables

Screenshots:

(Enlarge Image)

Intrusion Prevention FAQs:

Why aren't most of Intrusion Prevention's rules blocked by default?

Because most of the rules can block non-malicious traffic in addition to malicious exploits. To make things easy for you, Untangle evaluated each rule and numerous networks, and determined the appropriate default settings for each rule using the following criteria:

• If the rule is always known to block malicious exploits, Intrusion Prevention blocks and logs this rule by default.
• If the rule is sometimes known to block malicious exploits, Intrusion Prevention logs this rule by default.
• If the rule is never known to block malicious exploits, Intrusion Prevention neither blocks nor logs this rule by default.

To change the defaults, go to Blocking or Logging an Intrusion Prevention Rule.

Hardware Requirements:

• The Untangle Server requires a dedicated PC installed at the gateway to your network.
• Your hardware does not need an operating system - the Untangle Server installs its own operating system.
• The Untangle Server software completely erases any content or data that may exist on your PC hard drive.

Sizing Guidance

Recommended Configurations (New Hardware)

When purchasing new hardware, spending a couple of extra dollars to meet the following recommended configurations provides the best value.

Verified Configurations (Trials, Refurbished or Repurposed Hardware)

These are the lowest verified hardware configurations that provide reliable — albeit sometimes slower — performance in production. However, it may be possible for organizations with lower than average network traffic or organizations that do not wish to use all of the modules to run Untangle on smaller systems.