Jump to content
Not connected, Your IP: 3.22.130.228
Sign in to follow this  
itguy2017

I wouldn't use Untangle Firewall.

Recommended Posts

Careful! They were bought out by a US-Govt linked private equity firm and the new guys they are bringing in are largely former/current intelligence agents or people with very close links to the intelligence and law enforcement. Coincidentally, the moment they brought in these spook-types they added 'amazing new cloud based technologies' to their product.. (err... Telemetry potential LOL)

 

Be safe, and realize with a UTM it has the potential to filter/monitor/log all of your activities and if you have suspicions about the company behind your UTM you should be careful. Given the recent backdoors in products like Juniper, Cisco and Fortinet, you can't be too safe. Also OpenSource doesn't guarantee you privacy/security, they can easily gather extensive telemetry under the guise of logging and protection(cloud) of their products/services.

 

Share this post


Link to post

When I am on Windows, I use this firewall. It is freeware and contains no ads or any sort of privacy invasion. It does not even have the option of a "premium" version to make this a crippled version. What you get is the only version they have.

http://privacyware.com/personal_firewall.html


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

Thank you, itguy2017. I don't use Untangle Firewall, never heard of 'em until I read your post. But it's always a good thing to get the news out as a caution to others who use them or are thinking about it. Vigilance against the surveillance state must be 24/7/365. Those vampires never sleep.


During times of universal deceit, telling the truth becomes a revolutionary act. —George Orwell

The further society drifts from truth the more it hates those who speak it. —George Orwell

A lie is as good as the truth when everyone believes.

No one ever lost a dime underestimating the intelligence of the amerikan public. {Generally attributed to H.L. Mencken}

THANK YOU: Russia Today; Edward Snowden; Julian Assange; John Kiriakou; Thomas Drake; William Binney; Ray McGovern; Kirk Wiebe; Matt Taibbi; Sputnik News

Share this post


Link to post

recent backdoors in products like Juniper, Cisco and Fortinet

 

Please clarify.

Open Source does not guarantee quality, security or lack of backdoors, but it guarantees that a much bigger audience will be in charge

of scrutinizing the entire development and product management process. No one forces you to use any cloud features.

Personally I won't recommend Untangle because it is much inferior than pfSense, yet not entirely open source and community driven.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

 

Thank you, itguy2017. I don't use Untangle Firewall, never heard of 'em until I read your post. But it's always a good thing to get the news out as a caution to others who use them or are thinking about it. Vigilance against the surveillance state must be 24/7/365. Those vampires never sleep.

Agreed. Also, this thread may prove interesting. 

 

https://forums.untangle.com/off-topic/37365-so-untangle-bought-us-govt-linked-equity-group-where-do-we-go-here.html

 

It looks like the guy that started it got banned for starting it.

 

As to zhang;

Clarify what? Just because a product like Untangle is OpenSource, it doesn't mean there isn't extensive logging and telemetry gathering. While the chance of a backdoor is much less with OpenSource and people evaluating the code on a regular basis, it still doesn't mean it's safe to use. Especially if spook firms control the primary company. That logging/telemetry can prove more valuable than any backdoor.

 

Long story short;

 

PfSense is decent, assuming you don't have an extremely fast connection, accept 'ClamAV' as sufficient (LOL), and don't mind an interface that looks like a DOS program. In my case, I can't even find a PFsense appliance that can run properly on my 1000Mbps symmetrical connection. Even a purpose built PFSense UTM appliance with Quad Core 2Ghz, integrated PCIE-Intel's and 120GB 550MB/s SSD couldn't push past 450Mbps with PFSense. I've found all of the Opensource products not to be sufficient to handle 1000/1000, including OPNsense, PFSense, Untangle, ClearOS and SophosUTM. That leaves me with running a 2,000,000pps Edgerouter with generally no UTM features present. Not ideal. Unless I want to spend $5,000.00 on an appliance that can guarantee 1000/1000 with UTM features enabled that's my only option.

 

Nevertheless, back to my point.. We're finding almost all of the US-Based stuff compromised. I'm to the point I do not trust ANYTHING for security that is made by a US Corporation. Even Fortinet wasn't immune with their hard coded backdoor Super Admin Account - FGTAbc11*xy+Qqz27 gets you that super admin access.. MOST of the big UTM companies are either backdoored or working together with the spooks. Companies like Palo Alto and Checkpoint are UNIT8200, which is worse than the NSA, FireEye is CIA, on and on.. Now that Symantec purchased BlueCoat, which is a Unit8200 firm and utilized Bluecoat for spying/suppression of dissidents in some countries I would say nobody can trust Symantec any longer.

 

These are certainly difficult times, when companies that provide security themselves are the source of the compromises.

Share this post


Link to post

Which backdoors were in Juniper, Cisco and Fortinet firewalls?

Don't mix between exploits of the equation group and deliberate backdoors, the only common thing between

the two is that both allow your device to be hacked remotely, but this is where this similarity ends.

 

Companies like Palo Alto and Checkpoint are UNIT8200

 

This is similar to the claim that the internet belongs to the US military since it was started and funded by DARPA and DoD.

Many of the cutting edge communication devices you are using every day started as military products, that doesn't mean

that the companies that develop them are military affiliated, and definitely doesn't mean that people with military experience

are a threat and such products should be avoided.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

pfSense is the best that ever used

Careful! They were bought out by a US-Govt linked private equity firm and the new guys they are bringing in are largely former/current intelligence agents or people with very close links to the intelligence and law enforcement. Coincidentally, the moment they brought in these spook-types they added 'amazing new cloud based technologies' to their product.. (err... Telemetry potential LOL)

 

Be safe, and realize with a UTM it has the potential to filter/monitor/log all of your activities and if you have suspicions about the company behind your UTM you should be careful. Given the recent backdoors in products like Juniper, Cisco and Fortinet, you can't be too safe. Also OpenSource doesn't guarantee you privacy/security, they can easily gather extensive telemetry under the guise of logging and protection(cloud) of their products/services.

Share this post


Link to post

Which backdoors were in Juniper, Cisco and Fortinet firewalls?

Don't mix between exploits of the equation group and deliberate backdoors, the only common thing between

the two is that both allow your device to be hacked remotely, but this is where this similarity ends.

 

Companies like Palo Alto and Checkpoint are UNIT8200

 

This is similar to the claim that the internet belongs to the US military since it was started and funded by DARPA and DoD.

Many of the cutting edge communication devices you are using every day started as military products, that doesn't mean

that the companies that develop them are military affiliated, and definitely doesn't mean that people with military experience

are a threat and such products should be avoided.

 

They should be avoided if you know anything about the intelligence community (and have worked in it). These companies generally have intelligence officers as leaders and revolving doors with intelligence firms. Anyone that knows anything about intelligence operations knows the close knit community, the brotherhood. How people bring along others with them as they move from company to company. How their rolodex's are filled with 'I have a guy' cards to hand out to anyone and everyone and those cards are usually former associates.

 

Make no mistake, these products SHOULD be avoided if you value your security and privacy. Even if you ignore the history lesson - which is many of these companies have already been implicated in backdooring and/or ignoring exploits or delaying patches in their products and/or services as well as in some cases offering up enhanced telemetry. There is a very specific reason intelligence firms are keen to fund new companies and get a feeler in the door. It's much easier to build bridges into firms through funding and networking at the outset than it is later to force compliancy through threats, National Security Letters or Intelligence Directives.

 

I'd take it so far to recommend people that live in the USA to never use any US-Corporate product for security and privacy. Once again, history as our lesson - it's a terrible idea.. (Yahoo, McAfee, Juniper, etc) Quite a number of major corporations we work with as one of the largest MSP's won't touch US-Corporate security products. Spreading privacy over multiple jurisdictions is SMART.

Share this post


Link to post

From a distance, as a non US citizen, the incoming administration, from the Abuser In Chief through the ideological correct-think generals, to the opportunistic supporters for hire, and the corporations after their own interests, look much more likely to extend monitoring, disinformation, disruption and evidence planting activities internally. Enemies and scapegoats are needed, and opposition will be incited. Agendas will be actioned.

Share this post


Link to post

From a distance, as a non US citizen, the incoming administration, from the Abuser In Chief through the ideological correct-think generals, to the opportunistic supporters for hire, and the corporations after their own interests, look much more likely to extend monitoring, disinformation, disruption and evidence planting activities internally. Enemies and scapegoats are needed, and opposition will be incited. Agendas will be actioned.

 

Serenacat, this has been an ongoing thing in this country. I'm unsure if it will get any worse or better with the next administration, it might just continue on the same path. The erosion of privacy and freedom started long ago on a slow, steady decline and then accelerated by the False-Flag 9/11 that evidence suggests was utilized to push their agendas at a quicker pace. The US is not exclusive in the erosion of privacy and security, it's happening everywhere. From Russia with it's new surveillance laws to the UK with massive privacy killing laws coming to fruit over the last few weeks. The Swiss have had them, Germany had some pass.. It seems to be a worldwide phenomenon perpetrated by the Deep State's within each government.

 

On the flipside we're seeing companies, software and services become more privacy focused to try and offset some of this intrusion into our privacy. They've found a market for this kind of thing as consumer worry continues to rise. It's really impossible to guess how much the Snowden dump cost US Corporations. Some say multiple billions of lost business as trust in US security/SaaS firms has eroded to new lows.. When the average small company says to us 'We don't trust US firms for our security' then you know it's a pretty widespread concern. I expect this concern will grow and in response more people and firms will move to secure services. I know when I am forced to use a US Corporate product for software/services I take extra precautions to secure it and without a DOUBT will use my own encryption layer under it.

 

Administrations will come and go, but the continuous erosion of privacy and security seems to be on a steady path REGARDLESS of who is in office.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...