UTM (Unified Treat Management)
UTM is special hardware firewall in simple words. Firewall can only filter the traffic based of ip address. But in the latest network thats not how things work, we need to secure the web. I have tried to demonstrate few features of UTM using Squid and SquidGuard.
Features which is demonstrated :
1) Proxy (reverse proxy)
2) URL Blocking
3) Bandwidth limitation
5) Anti virus used clam-AV
6) Firewall (used iptables when required)
Squid : Is the well know open source proxy. I have made use of it as a reverse proxy(you can find the conf in the above link) . Transparent proxy was configure and UTM features like bandwidth limitation, proxy, network isolation was achieved by using squid.
I did try URL blocking using squid, but i was not successful. I am still trying to figure it out what was the reason.
SquidGuard: This specifically i used for URL blocking , a read made list of famous sites to be blocked by any UTM is available on INTERNET( i forgot the link , if i get the link i will post it here). We compile the database based on the category available. In my conf file i have shown how to block Porn category.
IDS & IPS : To achieve this i had used snort , but i was not successful. Configuring it takes lot of time, which i am really running short now.
Network : I had used one plain Ubuntu box to make it into a UTM . Attached two LAN card one for external network and one for internal. Routing was enabled using iptables. Transparent Proxy was for the internal network to access Internet. And all the policy was implemented on it.
Caching : One of the main feature of squid. I was running a web server on my UTM Gateway. Even when web server of off squid use to render the page, it was a successful reverser proxy and caching was also enabled.
This is the conf file of Squid which i used to create my UTM Squid.conf
This is the conf file of Squid Guard which i used for url blocking, squid_Guard_conf
NOTE: I am still writing this post. Shortly i will try to complete it as per my free time.