I wouldn't use Untangle Firewall.

[itguy2017 25]

Careful! They were bought out by a US-Govt linked private equity firm and the new guys they are bringing in are largely former/current intelligence agents or people with very close links to the intelligence and law enforcement. Coincidentally, the moment they brought in these spook-types they added 'amazing new cloud based technologies' to their product.. (err... Telemetry potential LOL)

 

Be safe, and realize with a UTM it has the potential to filter/monitor/log all of your activities and if you have suspicions about the company behind your UTM you should be careful. Given the recent backdoors in products like Juniper, Cisco and Fortinet, you can't be too safe. Also OpenSource doesn't guarantee you privacy/security, they can easily gather extensive telemetry under the guise of logging and protection(cloud) of their products/services.

 

[OmniNegro 155]

When I am on Windows, I use this firewall. It is freeware and contains no ads or any sort of privacy invasion. It does not even have the option of a "premium" version to make this a crippled version. What you get is the only version they have.

http://privacyware.com/personal_firewall.html

[Ricnvolved1956 51]

Thank you, itguy2017. I don't use Untangle Firewall, never heard of 'em until I read your post. But it's always a good thing to get the news out as a caution to others who use them or are thinking about it. Vigilance against the surveillance state must be 24/7/365. Those vampires never sleep.

[zhang888 1066]

recent backdoors in products like Juniper, Cisco and Fortinet

 

Please clarify.

Open Source does not guarantee quality, security or lack of backdoors, but it guarantees that a much bigger audience will be in charge

of scrutinizing the entire development and product management process. No one forces you to use any cloud features.

Personally I won't recommend Untangle because it is much inferior than pfSense, yet not entirely open source and community driven.

[itguy2017 25]

 

Thank you, itguy2017. I don't use Untangle Firewall, never heard of 'em until I read your post. But it's always a good thing to get the news out as a caution to others who use them or are thinking about it. Vigilance against the surveillance state must be 24/7/365. Those vampires never sleep.

Agreed. Also, this thread may prove interesting. 

 

https://forums.untangle.com/off-topic/37365-so-untangle-bought-us-govt-linked-equity-group-where-do-we-go-here.html

 

It looks like the guy that started it got banned for starting it.

 

As to zhang;

Clarify what? Just because a product like Untangle is OpenSource, it doesn't mean there isn't extensive logging and telemetry gathering. While the chance of a backdoor is much less with OpenSource and people evaluating the code on a regular basis, it still doesn't mean it's safe to use. Especially if spook firms control the primary company. That logging/telemetry can prove more valuable than any backdoor.

 

Long story short;

 

PfSense is decent, assuming you don't have an extremely fast connection, accept 'ClamAV' as sufficient (LOL), and don't mind an interface that looks like a DOS program. In my case, I can't even find a PFsense appliance that can run properly on my 1000Mbps symmetrical connection. Even a purpose built PFSense UTM appliance with Quad Core 2Ghz, integrated PCIE-Intel's and 120GB 550MB/s SSD couldn't push past 450Mbps with PFSense. I've found all of the Opensource products not to be sufficient to handle 1000/1000, including OPNsense, PFSense, Untangle, ClearOS and SophosUTM. That leaves me with running a 2,000,000pps Edgerouter with generally no UTM features present. Not ideal. Unless I want to spend $5,000.00 on an appliance that can guarantee 1000/1000 with UTM features enabled that's my only option.

 

Nevertheless, back to my point.. We're finding almost all of the US-Based stuff compromised. I'm to the point I do not trust ANYTHING for security that is made by a US Corporation. Even Fortinet wasn't immune with their hard coded backdoor Super Admin Account - FGTAbc11*xy+Qqz27 gets you that super admin access.. MOST of the big UTM companies are either backdoored or working together with the spooks. Companies like Palo Alto and Checkpoint are UNIT8200, which is worse than the NSA, FireEye is CIA, on and on.. Now that Symantec purchased BlueCoat, which is a Unit8200 firm and utilized Bluecoat for spying/suppression of dissidents in some countries I would say nobody can trust Symantec any longer.

 

These are certainly difficult times, when companies that provide security themselves are the source of the compromises.

[zhang888 1066]

Which backdoors were in Juniper, Cisco and Fortinet firewalls?

Don't mix between exploits of the equation group and deliberate backdoors, the only common thing between

the two is that both allow your device to be hacked remotely, but this is where this similarity ends.

 

Companies like Palo Alto and Checkpoint are UNIT8200

 

This is similar to the claim that the internet belongs to the US military since it was started and funded by DARPA and DoD.

Many of the cutting edge communication devices you are using every day started as military products, that doesn't mean

that the companies that develop them are military affiliated, and definitely doesn't mean that people with military experience

are a threat and such products should be avoided.

[hackers2016 13]

pfSense is the best that ever used

Careful! They were bought out by a US-Govt linked private equity firm and the new guys they are bringing in are largely former/current intelligence agents or people with very close links to the intelligence and law enforcement. Coincidentally, the moment they brought in these spook-types they added 'amazing new cloud based technologies' to their product.. (err... Telemetry potential LOL)

 

Be safe, and realize with a UTM it has the potential to filter/monitor/log all of your activities and if you have suspicions about the company behind your UTM you should be careful. Given the recent backdoors in products like Juniper, Cisco and Fortinet, you can't be too safe. Also OpenSource doesn't guarantee you privacy/security, they can easily gather extensive telemetry under the guise of logging and protection(cloud) of their products/services.

[itguy2017 25]

Which backdoors were in Juniper, Cisco and Fortinet firewalls?

Don't mix between exploits of the equation group and deliberate backdoors, the only common thing between

the two is that both allow your device to be hacked remotely, but this is where this similarity ends.

 

Companies like Palo Alto and Checkpoint are UNIT8200

 

This is similar to the claim that the internet belongs to the US military since it was started and funded by DARPA and DoD.

Many of the cutting edge communication devices you are using every day started as military products, that doesn't mean

that the companies that develop them are military affiliated, and definitely doesn't mean that people with military experience

are a threat and such products should be avoided.

 

They should be avoided if you know anything about the intelligence community (and have worked in it). These companies generally have intelligence officers as leaders and revolving doors with intelligence firms. Anyone that knows anything about intelligence operations knows the close knit community, the brotherhood. How people bring along others with them as they move from company to company. How their rolodex's are filled with 'I have a guy' cards to hand out to anyone and everyone and those cards are usually former associates.

 

Make no mistake, these products SHOULD be avoided if you value your security and privacy. Even if you ignore the history lesson - which is many of these companies have already been implicated in backdooring and/or ignoring exploits or delaying patches in their products and/or services as well as in some cases offering up enhanced telemetry. There is a very specific reason intelligence firms are keen to fund new companies and get a feeler in the door. It's much easier to build bridges into firms through funding and networking at the outset than it is later to force compliancy through threats, National Security Letters or Intelligence Directives.

 

I'd take it so far to recommend people that live in the USA to never use any US-Corporate product for security and privacy. Once again, history as our lesson - it's a terrible idea.. (Yahoo, McAfee, Juniper, etc) Quite a number of major corporations we work with as one of the largest MSP's won't touch US-Corporate security products. Spreading privacy over multiple jurisdictions is SMART.

[serenacat 83]

From a distance, as a non US citizen, the incoming administration, from the Abuser In Chief through the ideological correct-think generals, to the opportunistic supporters for hire, and the corporations after their own interests, look much more likely to extend monitoring, disinformation, disruption and evidence planting activities internally. Enemies and scapegoats are needed, and opposition will be incited. Agendas will be actioned.

[itguy2017 25]

From a distance, as a non US citizen, the incoming administration, from the Abuser In Chief through the ideological correct-think generals, to the opportunistic supporters for hire, and the corporations after their own interests, look much more likely to extend monitoring, disinformation, disruption and evidence planting activities internally. Enemies and scapegoats are needed, and opposition will be incited. Agendas will be actioned.

 

Serenacat, this has been an ongoing thing in this country. I'm unsure if it will get any worse or better with the next administration, it might just continue on the same path. The erosion of privacy and freedom started long ago on a slow, steady decline and then accelerated by the False-Flag 9/11 that evidence suggests was utilized to push their agendas at a quicker pace. The US is not exclusive in the erosion of privacy and security, it's happening everywhere. From Russia with it's new surveillance laws to the UK with massive privacy killing laws coming to fruit over the last few weeks. The Swiss have had them, Germany had some pass.. It seems to be a worldwide phenomenon perpetrated by the Deep State's within each government.

 

On the flipside we're seeing companies, software and services become more privacy focused to try and offset some of this intrusion into our privacy. They've found a market for this kind of thing as consumer worry continues to rise. It's really impossible to guess how much the Snowden dump cost US Corporations. Some say multiple billions of lost business as trust in US security/SaaS firms has eroded to new lows.. When the average small company says to us 'We don't trust US firms for our security' then you know it's a pretty widespread concern. I expect this concern will grow and in response more people and firms will move to secure services. I know when I am forced to use a US Corporate product for software/services I take extra precautions to secure it and without a DOUBT will use my own encryption layer under it.

 

Administrations will come and go, but the continuous erosion of privacy and security seems to be on a steady path REGARDLESS of who is in office.