Click Here to Join Our Blog!

Untangle - Professional-Grade Security Solutions.Untangle Protocol Control

Block Port Hopping Applications

 

Untangle Protocol Control Overview:

Protocol Control lets administrators take back control of their networks from disruptive port-hopping applications like peer-to-peer applications or online games. Signature based layer 7 filtering makes it easy for administrators to:

  • Conserve bandwidth by blocking applications like peer-to-peer that open multiple TCP ports
  • Improve productivity by blocking IM & online games that evade firewall rules
  • Write custom signatures for any protocol

Protocol control covers a broad set of applications, such as Instant Messaging, Peer to Peer activity, online games and streaming media, that can clog your network, reduce productivity, and infect computers with spyware, malware, and viruses.

These applications are extremely aggressive and will sneak out on ports used for other vital network traffic such as web and email, making it nearly impossible to control them with firewall rules.

Protocol Control takes a different approach to log and/or block these applications using their signatures. This allows you to lock down the unwanted activity.

Key Features:

  • Open source & Free under the GNU General Public License
  • Protocol control lets you select the protocol signatures to log or block
  • Custom rules can be added for any unsupported protocols
  • Time based policies let you decide when and if these applications are permitted
  • Reporting lets you see which protocols are active on your network and who is using them

Technical Specifications:

Protocol Control blocks unwanted protocols from entering or leaving your protected network. Unwanted protocols might include Instant Messaging and Peer-to-Peer (P2P). For example, you might want to block users from playing some video games and from streaming media.

Protocol Control uses signatures to identify "rogue" or unwanted protocols on all ports. Many protocols, such as Instant Messaging and Peer-to-Peer, are difficult to block with a traditional firewall because of their "port hopping" behavior. If clients are blocked after trying to connect through their default port, they will connect over port 80 or port 25. Port 80 and port 25 cannot be blocked without blocking Web and e-mail traffic. Protocol Control can identify this hopping behavior, and log and block the connections.

If Protocol Control is not pre-configured for a protocol that you want to block, you can use the Untangle Server's user interface to create custom rules to block additional protocols.

What It Does

Transparently scans application data stream, logging and blocking designated protocols

How It Does It

  • Uses L7-Filter Netfilters to classify protocols based on OSI layer 7 data, regardless of port or port-hopping
  • Uses Untangle custom scanning engine, default settings, tuning and updates

Controls

  • Default settings include a wide array of protocol signatures that can be configured for logging and/or blocking
  • Custom signatures can be added

Screenshots:



(Enlarge Image)

Protocol Control FAQs:

How do I add a protocol to Protocol Control?

Protocol Control provides numerous default protocols that you can block, but if you want to block a protocol that Protocol Control doesn't list, you must add that protocol. To add a protocol you must provide Protocol Control the protocol's signature. To determine the signature, you must analyze the packets, and this process can be tricky. Contact Untangle Technical Support to request the signature.

I've already installed the Firewall. Isn't Protocol Control redundant?

The Firewall application works to block traffic for IP addresses and/or ports. For well-behaved applications (such as legitimate web and email servers) the port can be used to identify the protocol. However, less legitimate applications may use different ports, or malicious users may deliberately use unwanted services on obscure ports.

Protocol Control scans all traffic, looking for a match even if traffic was not transported across the expected port for that protocol.

I want to block a file sharing protocol for some of my users but not all. How can I do this with Protocol Control?

The Protocol Control cannot by itself filter just for some machines, and not others. However, you can create new Policies and Virtual Racks to partition some of your users through Protocol Control with [some file sharing protocol] blocked and not others.

Hardware Requirements:

  • The Untangle Server requires a dedicated PC installed at the gateway to your network.
  • Your hardware does not need an operating system - the Untangle Server installs its own operating system.
  • The Untangle Server software completely erases any content or data that may exist on your PC hard drive.

Sizing Guidance

Recommended Configurations (New Hardware)

When purchasing new hardware, spending a couple of extra dollars to meet the following recommended configurations provides the best value.

Resource Up to 50 Users Up to 100 Users Up to 300 Users
Intel/AMD-compatible Processor Pentium 4 equivalent or greater Dual Core Dual Core
Memory 1 GB 1 GB 2 GB
Hard Drive 80 GB 80 GB 80 GB
NIC's 2 (3 for DMZ) 2 (3 for DMZ) 2 (3 for DMZ)

Verified Configurations (Trials, Refurbished or Repurposed Hardware)

These are the lowest verified hardware configurations that provide reliable — albeit sometimes slower — performance in production. However, it may be possible for organizations with lower than average network traffic or organizations that do not wish to use all of the modules to run Untangle on smaller systems.

 

 

Home | Quote Request | View Cart | Shipping | Return Policy | Terms & Conditions | Privacy Policy | Contact Us

EdgeDefender.com is a division of Virtual Graffiti Inc., an authorized Untangle Reseller.
Copyright © 2010 Untangle. All rights reserved.