- Joined
- Jun 21, 2020
- Messages
- 5,618
- Reaction score
- 1,363
- Points
- 1,012
- Awards
- 4
On 2021, a new version of the Ideco UTM universal security gateway was released by the Russian company Aydeko under the motto “Conquering Space”. This is already the 10th release of Ideco UTM, refined and supplemented with new security features. For the first time, the company announced its own VPN agent, improved work with Active Directory security groups, improved monitoring, logging, web interface and much more.
Content:
1. Introduction
2. Functionality
3. Ideco UTM 10 Ideco UTM 10 System Requirements
4. Ideco UTM 10 use cases
4.1. Dashboard
4.2. user management
4.3. User activity monitoring
4.4. Firewalling
4.5. Application control
4.6. Content filtering
4.7. Limiting the speed of incoming Internet traffic and quotas
4.8. Antivirus filtering
4.9. Intrusion prevention system 4.10. Ideco UTM Server Management
4.11. Reporting system
4.12. Ideco VPN
4.13. Mail relay
5. Conclusions
Introduction
Unified Threat Management (UTM) gateways are a logical evolution of firewalls and are designed to provide comprehensive protection against network threats. Typically, a classic security gateway includes the following set of components, which were originally developed as separate, stand-alone solutions:
The main advantage of UTM solutions for users is the provision of a set of ready-made security functions from a single source. This reduces implementation and administration costs as all functions are managed through a single console. The Russian company "Aydeko" has been developing and modernizing its UTM solution since 2005 (earlier the product was called Ideco ICS). In the middle of summer 2021, the Ideco UTM 10 version was released. Historically, Ideco UTM releases are released once a quarter, but the 10th version took the developer more time due to the implementation of a large number of tasks and fixes. As a result, we have before us a new platform with an updated kernel and package base. The release of Ideco UTM 10 did not stop functioning and support for the 9th version. This was provided for a gradual transition to a new version of the product, but, as we are already used to, Aydeko immediately began preparations for the release of a new, 11th version, in which, according to the developer, a fault tolerance cluster and a new event reporting system will appear for the first time IPS. Ideco UTM is registered in the unified register of Russian programs for electronic computers and databases (register of the Ministry of Digital Science) under No. 329 dated April 08, 2016, which confirms its compliance with the requirements of PP-1236. At the moment, the solution is being certified in the FSTEC of Russia system for compliance with the requirements for firewalls according to classes A4 / B4 (corresponds to the protection profiles IT.ME.A4.PZ and IT.ME.B4.PZ), to intrusion detection systems of the fourth class network level protection (IT.СО.С4.ПЗ) and the fourth level of trust (UD4).
Functionality Ideco UTM 10
Ideco UTM 10 is based on Linux 5.11 kernel. In this version all system packages and drivers are updated, performance is increased.
The new version of Ideco UTM adds the following functionality:
In addition to the above, Ideco UTM provides users with an intrusion prevention system, content filtering, application control, anti-virus scanning of mail and web traffic with Kaspersky Lab technologies, and a proxy server.
Ideco UTM 10 System Requirements
Ideco UTM is installed on a dedicated server or virtual machine from a bootable disk or USB drive, no additional software is required, the installation of components and the creation of the file system are automatic. For the correct functioning of Ideco UTM, the following technical characteristics of the equipment are required (Table 1).
Table 1. Hardware requirements for Ideco UTM 10
Processor model - Intel Pentium G / i3 / i5 / i7 / Xeon E3 / Xeon E5 with SSE 4.2 support
The amount of RAM - 8/16 GB depending on the number of users supported
Disk space - 64 GB or more, HDD / SSD supporting SATA / mSATA / SAS interface or compatible hardware RAID. Requires additional HDD / SSD when using mail server
Network interfaces - 100/1000 Mbps × 2. It is recommended to use cards based on Intel, Broadcom chips (Realtek, D-Link and others)
Other requirements - UEFI (Unified Extensible Firmware Interface) support required
Hypervisors - VMware, Microsoft Hyper-V (2nd generation), VirtualBox, KVM, Citrix XenServer
Ideco UTM is a software solution installed on the customer's servers, however, for the convenience of users, the manufacturer has provided the option of supplying Ideco UTM in the form of hardware gateways that differ in performance and technical characteristics.
Table 2. Characteristics of Ideco UTM hardware gateways
Ideco SX +
Processor model - Intel Core i5-10210U (4 cores, 1.6 GHz, 6 MB cache)
The amount of RAM - 16 GB SO-DIMM DDR4 Disk space 120 GB SATA SSD
Number of users - 50 to 75 active users
Consumers -bSmall businesses
Ideco MX
Processor model - Intel Xeon E-2234 (4 cores, 3.6 GHz, 8 MB cache)
The amount of RAM - 16 GB DDR4-2133 ECC
Disk space - 240 GB SATA SSD
Form Factor - 1U
Number of users - 50 to 350 active users
Consumers - Medium enterprises
Ideco LX
Processor model - Intel Xeon E-2236 (6 cores, 3.4 GHz, 12 MB cache, 8 GT / s)
The amount of RAM - 32 GB DDR4-2133 ECC
Disk space - 240 GB SATA SSD
Form Factor - 1U
Number of users - From 300 to 3000 active users
Consumers - Large enterprises
Ideco UTM 10 use cases
Let's consider the capabilities of Ideco UTM 10 in more detail.
Dashboard
In the new version of Ideco UTM, the web interface is equipped with a new section - a dashboard. The panel displays information about the server load, its operating time and temperature to the administrator. For the convenience of the user, the control panel of the filtering modules is placed on the panel to disable them and quickly go to the corresponding section.
Ideco UTM web interface. Dashboard.
User management.
User accounts are displayed in the form of a tree, it is allowed to combine users into groups. The parameters of the parent group are automatically inherited.
"Users" section of the Ideco UTM web interface, "Accounts" tab. The parameters of the "Accounting" group are displayed on the right side of the page.
Color indication in front of user accounts informs the administrator about currently authorized users and their access to the Internet.
Form for creating a new user in the Ideco UTM web interface.
Ideco UTM supports IP based authentication (dynamic, web, Kerberos / NTLM, AD, VPN). At the same time, authorization from three different devices is possible for one user account.
"Users" section of the Ideco UTM web interface, "Accounts" tab. Allow authorization for a user by IP address.
"Users" section of the Ideco UTM web interface, "Authorization" tab. Parameters for different types of authorizations.
Ideco UTM supports user authorization through the Ideco Agent, which controls user access to the Internet. Access is provided only when the user is authorized through an agent. Any request by an unauthorized user through a web browser can be redirected to the authorization form using Ideco UTM.
Page in a web browser generated by Ideco UTM for user web authorization.
Ideco UTM can be integrated with an Active Directory domain (Windows Server 2008 R2, 2012, 2016, 2019) by importing accounts from there. All types of authorization are available for users imported from Active Directory, while verification is carried out by means of Active Directory, and not Ideco UTM.
"Users" section of the Ideco UTM web interface, "Active Directory" tab.
Ideco UTM provides the ability to automatically create a user with authorization by IP address for a device trying to access the Internet.
"Users" section of the Ideco UTM web interface, "Device Discovery" tab. Defined address pool for automatic device discovery and user creation.
User activity monitoring
Ideco UTM provides the administrator with detailed information about active users in the monitored network and VPN connections, as well as real-time traffic data.
"Monitoring" section of the Ideco UTM web interface, "Active users" tab. Active sessions are displayed to the administrator.
"Monitoring" section of the Ideco UTM web interface, "VPN users" tab. Active sessions are displayed to the administrator.
The administrator has access to the logs of the Ideco UTM modules in the web interface. With their help, you can control the start and operation of modules, identify errors in their functioning.
"Monitoring" section of the Ideco UTM web interface, "Logs" tab. The administrator is shown the available system logs of the Ideco UTM modules.
To control the load on the processor, RAM and server interfaces, as well as the activity of users, the administrator is provided with statistical information in the form of load graphs. Ideco UTM can store and provide information for the last three months.
"Monitoring" section of the Ideco UTM web interface, "Load charts" tab. Average Server Load (Load Average) and the number of established connections.
As mentioned above, in the new version of Ideco UTM, the real-time traffic monitor module has been completely redesigned. Now the administrator can easily determine by whom and with what traffic the channel is loaded.
"Monitoring" section of the Ideco UTM web interface, "Traffic Monitor" tab. Traffic by nodes of the local network.
"Monitoring" section of the Ideco UTM web interface, "Traffic Monitor" tab. Protocol traffic.
The administrator can receive notifications from Ideco UTM in Telegram from a special bot.
"Monitoring" section of the Ideco UTM web interface, "Telegram bot" tab. Instructions for setting up notifications via Telegram.
Telegram bot Ideco. Beginning of work.
The administrator has the ability to monitor and manage Ideco UTM using SNMP versions 1 / 2c and 3.
"Monitoring" section of the Ideco UTM web interface, "SNMP" tab. Configuring SNMP Access Settings.
Ideco UTM can transfer system messages (syslog) to third-party collectors (Syslog Collector) or SIEM systems.
"Monitoring" section of the Ideco UTM web interface, "Syslog" tab. Configuring network parameters of transmission of system messages Ideco UTM.
Ideco UTM supports integration with the Zabbix monitoring system in two modes: active and passive. In active mode, the connection to the Zabbix server is initiated by Ideco UTM, in passive mode, vice versa.
"Monitoring" section of the Ideco UTM web interface, "Zabbix agent" tab. Configuring parameters for interaction with Zabbix server.
Firewalling
Firewall functions are key in any UTM device. The Ideco UTM firewall module allows you to restrict user traffic according to various criteria.
Traffic rules section of the Ideco UTM web interface, Firewall tab. Adding a new filtering rule.
The module analyzes the headers of packets passing through the server's interfaces and makes a decision to pass traffic based on global rules configured for network protocols, ports, IP addresses, etc.
The rules are divided into four categories:
Application control
Ideco UTM Application Control Module performs deep traffic analysis (DPI) to identify application layer protocols (L7).
"Traffic rules" section of the Ideco UTM web interface, "Application Control" tab. List of popular application traffic filtering rules.
The module contains a wide range of popular protocols that allow you to prohibit unwanted traffic related to network games, mining, social networks, instant messengers, remote access, etc.
Content filtering
Content filtering module Ideco UTM, also known as content filter, checks the address of the requested site for belonging to the list of prohibited resources. The list contains the categories into which the resources are broken down. Since the filtering rules are applied in order, content filtering can be configured as flexibly as possible for different user groups, allowing it to be tailored to the organization's business processes.
"Traffic rules" section of the Ideco UTM web interface, "Content filter" tab. Resource categories.
The built-in database contains about 140 categories, including millions of URLs, automatically updated by the Ideco UTM server. These categories work only with an active subscription to updates in commercial editions. It also provides for the creation of custom categories of rules.
"Traffic rules" section of the Ideco UTM web interface, "Content filter" tab. Creating a custom content filtering category.
Limiting the speed of incoming Internet traffic and quotas
Ideco UTM allows you to limit the speed of incoming Internet traffic for users and their groups.
"Traffic rules" section of the Ideco UTM web interface, "Rate limiting" tab. Speed limit rules.
"Traffic rules" section of the Ideco UTM web interface, "Rate limiting" tab. Adding a new constraint.
Ideco UTM has the ability to configure traffic limits for users and groups - quotas. Each quota is determined by the validity period (hour, day, week, month, quarter) and the amount of allowed traffic.
"Traffic rules" section of the Ideco UTM web interface, "Quotas" tab.
Antivirus filtering
Ideco UTM provides an automatically configured anti-virus filtering module that does not require manual configuration. You can choose from filtering using the open source antivirus ClamAV and a commercial product from Kaspersky Lab, provided under an additional license. To optimize the load on the Ideco UTM server, anti-virus filtering is performed after checking the proxy server exclusion lists by source and destination. HTTPS traffic is scanned if it is decrypted by the content filter.
"Traffic rules" section of the Ideco UTM web interface, "Web traffic antivirus" tab.
Intrusion prevention system
Intrusion Prevention System, part of Ideco UTM, detects, logs and prevents malicious attacks on the server, integrated services (mail, website, etc.) and the local network.
"Traffic rules" section of the Ideco UTM web interface, "Intrusion prevention" tab. Alert log.
Electronic journal entries are stored for the time specified in the "Settings" tab. The web interface displays the last 100 log entries, the full log is available through the terminal. The rules include blocking the activity of Trojans and spyware, viruses, botnets, P2P clients and torrent trackers, the TOR network, anonymizers, etc.
Ideco UTM Server Management
As already mentioned, the manufacturer has made changes to the web interface to improve the user experience and add new functionality. In the new version of Ideco UTM, server management settings are grouped into two sections - "Services" and "Server management". The first section contains basic network parameters: network interfaces, routing, integration with third-party servers. Parameters of network interfaces, local and external, of the Ideco UTM server and connection protocols (Ethernet, L2TP, PPPoE) to the provider are set in the "Network interfaces" subsection of the "Services" section.
The "Services" section of the Ideco UTM web interface, the "Network interfaces" tab.
When the server is connected to several ISPs, connection redundancy, static and dynamic balancing are provided. With static balancing, part of the Internet connections is made through one provider, and part through another. With dynamic balancing, switching to providers is carried out one by one, depending on the load. In this case, user sessions are evenly distributed between providers.
“Services” section of the Ideco UTM web interface, “Balancing and Load” tab. Connection to Internet providers is carried out in the "Reservation" mode.
Ideco UTM Routing System allows you to redirect network traffic with a number of advantages:
"Services" section of the Ideco UTM web interface, "Routing" tab. Adding a new LAN route.
By default, Ideco UTM transparently proxies web traffic to the corporate LAN. The proxy server also acts as a master service for some services related to the processing, control and accounting of user web traffic: anti-virus and content filtering, real-time traffic monitoring.
The "Services" section of the Ideco UTM web interface, the "Proxy" tab.
Ideco UTM supports reverse proxying technology, allowing you to publish local resources for access from the Internet. The main parameter when publishing a web resource is the requested Internet address. UTM is accessed from the external network via the HTTP protocol and the given URL. A reverse proxy allows this request to be redirected to an HTTP server on the local network. Thus, having one resource A record for the external UTM network interface, you can publish multiple resources on the local network, distributing them across multiple incoming URLs.
"Services" section of the Ideco UTM web interface, "Reverse proxy" tab. Create a publish rule.
DNS service translates server names to IP addresses and works in most cases without additional configuration. Ideco UTM provides the ability to use third-party DNS servers specifying specific DNS zones that these servers serve (“Forward-zones” tab). Also, on the "Master-zones" tab, you can configure a fully functional DNS server that resolves names to IP addresses of network devices in the local network.
"Services" section of the Ideco UTM web interface, "DNS" tab. External DNS servers.
For the convenience of configuring and administering network devices in the local network (automatic assignment of IP addresses), Ideco UTM has its own DHCP server. Ideco UTM web interface allows you to configure a range of IP addresses for automatic assignment, as well as generate static bindings of IP addresses to MAC addresses of these devices.
Section "Services" of the Ideco UTM web interface, tab "DHCP server". DHCP Server Options.
Ideco UTM supports multiple administrator accounts to access the web interface and server settings. You cannot delete a preset administrator record, you can only change its data (name, login and password). Access of administrators from the external network to the web interface is supported, as well as administration via the SSH protocol.
The "Server management" section of the Ideco UTM web interface, the "Administrators" tab. List of administrator accounts and their access parameters.
Ideco UTM updates are carried out exclusively over the network. The administrator configures the automatic update settings so as not to disrupt the user experience.
The "Server Management" section of the Ideco UTM web interface, the "Automatic Updates" tab. Ideco UTM automatic update options.
To restore the gateway operability quickly, a backup is provided. Supports automatic copying to network file storage via FTP or NetBIOS, as well as to a local hard drive. Backups are kept for a week or a month.
The "Server management" section of the Ideco UTM web interface, the "Backup" tab. Ideco UTM backups.
To diagnose the server, the use of the terminal is provided. It is not recommended to use the terminal for configuring Ideco UTM, as this can lead to irreversible consequences.
"Server Management" section of the Ideco UTM web interface, "Terminal" tab.
Additionally, the web interface allows you to manage the Ideco UTM license and server power. Aydeko collects anonymous statistics on server operation and modules used by users' permission. Confidential information, such as information about users, traffic passing through the server, network interfaces and server and license IDs, is not collected.
The "Server management" section of the Ideco UTM web interface, the "Advanced" tab. Server statistics collection is allowed
Reporting system
Ideco UTM automatically generates reports on the activity of users and the sites they visit, by categories of network traffic.
"Reports" section of the Ideco UTM web interface, the "Sites" tab. Website traffic report.
"Reports" section of the Ideco UTM web interface, "Users" tab. User activity report.
"Reports" section of the Ideco UTM web interface, "Categories" tab. Report by traffic categories.
"Reports" section of the Ideco UTM web interface, "Event log" tab.
"Reports" section of the Ideco UTM web interface, "Authorization log" tab.
Ideco VPN
To gain access to the local network of the enterprise from the outside (from home, hotel, other office), a VPN connection from a remote user's device is provided. Ideco UTM supports the following popular VPN protocols: WireGuard, IKEv2 / IPsec, SSTP, L2TP / IPsec.
"Services" section of the Ideco UTM web interface, "IPsec" tab. IPsec connection parameters.
Ideco UTM now has its own VPN agent based on WireGuard protocol. Previously, support for tunneling protocols fell on operating systems. Aideco's VPN agent runs on Microsoft Windows 8 or higher and is automatically deployed using MSI packages. Then the agent updates itself - the developer announced plans to add new functions to it.
Ideco VPN main window.
Mail relay
A full-fledged mail server is built into Ideco UTM. All mail traffic filtering capabilities apply to the internal mail server published through the relay node (relay). Basic parameters include many basic settings required for the server to work.
The "Mail relay" section of the Ideco UTM web interface, the "Basic settings" tab. Basic Mail Relay Settings.
Advanced mail relay settings include options such as mailbox size, mail forwarding, security settings, and DKIM signature.
The "Mail relay" section of the Ideco UTM web interface, the "Advanced settings" tab. Security options.
The administrator can manage the anti-spam service based on Kaspersky Lab technologies with the function of machine learning and artificial intelligence through the administrator's web interface.
The "Mail relay" section of the Ideco UTM web interface, the "Antispam" tab. Antispam parameters.
Mail forwarding is configured using mail aliases. Aliases do not require usernames and passwords, they are assigned to the mailbox and serve as copies of it with different names. If you assign an alias to multiple mailboxes, it can serve as a distribution group. Incoming mail for an alias is automatically forwarded to all real mailboxes associated with it.
The "Mail relay" section of the Ideco UTM web interface, the "Rules" tab. Adding a call forwarding rule.
Conclusions
Ideco UTM 10 is a new version of a popular domestic product. The manufacturer took into account the wishes of users and added a whole set of updates. I am glad that the product continues to develop according to the set schedule. New changes have already been announced, in particular dynamic routing, new reporting (including used applications), clustering. In the near future, the release of a version certified according to the requirements of the FSTEC of Russia is expected, which will significantly expand the scope of the gateway.
Advantages:
Disadvantages:
Content:
1. Introduction
2. Functionality
3. Ideco UTM 10 Ideco UTM 10 System Requirements
4. Ideco UTM 10 use cases
4.1. Dashboard
4.2. user management
4.3. User activity monitoring
4.4. Firewalling
4.5. Application control
4.6. Content filtering
4.7. Limiting the speed of incoming Internet traffic and quotas
4.8. Antivirus filtering
4.9. Intrusion prevention system 4.10. Ideco UTM Server Management
4.11. Reporting system
4.12. Ideco VPN
4.13. Mail relay
5. Conclusions
Introduction
Unified Threat Management (UTM) gateways are a logical evolution of firewalls and are designed to provide comprehensive protection against network threats. Typically, a classic security gateway includes the following set of components, which were originally developed as separate, stand-alone solutions:
- firewall;
- intrusion prevention system (IPS);
- network traffic and bandwidth management system;
- information leakage prevention system (DLP);
- anti-virus filtering, anti-spam and anti-spyware; content filtering of web traffic;
- VPN.
The main advantage of UTM solutions for users is the provision of a set of ready-made security functions from a single source. This reduces implementation and administration costs as all functions are managed through a single console. The Russian company "Aydeko" has been developing and modernizing its UTM solution since 2005 (earlier the product was called Ideco ICS). In the middle of summer 2021, the Ideco UTM 10 version was released. Historically, Ideco UTM releases are released once a quarter, but the 10th version took the developer more time due to the implementation of a large number of tasks and fixes. As a result, we have before us a new platform with an updated kernel and package base. The release of Ideco UTM 10 did not stop functioning and support for the 9th version. This was provided for a gradual transition to a new version of the product, but, as we are already used to, Aydeko immediately began preparations for the release of a new, 11th version, in which, according to the developer, a fault tolerance cluster and a new event reporting system will appear for the first time IPS. Ideco UTM is registered in the unified register of Russian programs for electronic computers and databases (register of the Ministry of Digital Science) under No. 329 dated April 08, 2016, which confirms its compliance with the requirements of PP-1236. At the moment, the solution is being certified in the FSTEC of Russia system for compliance with the requirements for firewalls according to classes A4 / B4 (corresponds to the protection profiles IT.ME.A4.PZ and IT.ME.B4.PZ), to intrusion detection systems of the fourth class network level protection (IT.СО.С4.ПЗ) and the fourth level of trust (UD4).
Functionality Ideco UTM 10
Ideco UTM 10 is based on Linux 5.11 kernel. In this version all system packages and drivers are updated, performance is increased.
The new version of Ideco UTM adds the following functionality:
- Improved work with Active Directory security groups - now all groups are available as objects automatically generated in the administrator interface when Ideco UTM is entered into the domain. Security group management rules are now applied without the user logging out.
- New implementation of the real-time traffic monitoring module. Ideco UTM 10 allows you to determine by whom and with what traffic the channel is loaded.
- Improved reporting: in particular, the generation of reports on user authorizations has appeared. Both intranet and VPN authorizations are recorded.
- Own VPN agent.
- Improved and simplified routing. Added DNAT mechanism for forwarding to internal resources. Dynamic routing is not yet supported, but its implementation is planned in later versions of Ideco UTM.
- The master zones in the DNS server were returned to Ideco UTM at the request of users.
- Improved web-interface of the administrator: a general dashboard has appeared, containing basic information on the server, filtering, etc., new load graphs have been added. In addition, in the new version, a web interface in English is available for the first time, and then a web interface for mobile devices is planned to be released.
- Increased convenience of creating filtering rules due to the automatic creation of objects.
- Increased traffic processing speed.
- Notifying the administrator via the telegram bot about new types of events on the server.
In addition to the above, Ideco UTM provides users with an intrusion prevention system, content filtering, application control, anti-virus scanning of mail and web traffic with Kaspersky Lab technologies, and a proxy server.
Ideco UTM 10 System Requirements
Ideco UTM is installed on a dedicated server or virtual machine from a bootable disk or USB drive, no additional software is required, the installation of components and the creation of the file system are automatic. For the correct functioning of Ideco UTM, the following technical characteristics of the equipment are required (Table 1).
Table 1. Hardware requirements for Ideco UTM 10
Processor model - Intel Pentium G / i3 / i5 / i7 / Xeon E3 / Xeon E5 with SSE 4.2 support
The amount of RAM - 8/16 GB depending on the number of users supported
Disk space - 64 GB or more, HDD / SSD supporting SATA / mSATA / SAS interface or compatible hardware RAID. Requires additional HDD / SSD when using mail server
Network interfaces - 100/1000 Mbps × 2. It is recommended to use cards based on Intel, Broadcom chips (Realtek, D-Link and others)
Other requirements - UEFI (Unified Extensible Firmware Interface) support required
Hypervisors - VMware, Microsoft Hyper-V (2nd generation), VirtualBox, KVM, Citrix XenServer
Ideco UTM is a software solution installed on the customer's servers, however, for the convenience of users, the manufacturer has provided the option of supplying Ideco UTM in the form of hardware gateways that differ in performance and technical characteristics.
Table 2. Characteristics of Ideco UTM hardware gateways
Ideco SX +
Processor model - Intel Core i5-10210U (4 cores, 1.6 GHz, 6 MB cache)
The amount of RAM - 16 GB SO-DIMM DDR4 Disk space 120 GB SATA SSD
Number of users - 50 to 75 active users
Consumers -bSmall businesses
Ideco MX
Processor model - Intel Xeon E-2234 (4 cores, 3.6 GHz, 8 MB cache)
The amount of RAM - 16 GB DDR4-2133 ECC
Disk space - 240 GB SATA SSD
Form Factor - 1U
Number of users - 50 to 350 active users
Consumers - Medium enterprises
Ideco LX
Processor model - Intel Xeon E-2236 (6 cores, 3.4 GHz, 12 MB cache, 8 GT / s)
The amount of RAM - 32 GB DDR4-2133 ECC
Disk space - 240 GB SATA SSD
Form Factor - 1U
Number of users - From 300 to 3000 active users
Consumers - Large enterprises
Ideco UTM 10 use cases
Let's consider the capabilities of Ideco UTM 10 in more detail.
Dashboard
In the new version of Ideco UTM, the web interface is equipped with a new section - a dashboard. The panel displays information about the server load, its operating time and temperature to the administrator. For the convenience of the user, the control panel of the filtering modules is placed on the panel to disable them and quickly go to the corresponding section.
Ideco UTM web interface. Dashboard.
User management.
User accounts are displayed in the form of a tree, it is allowed to combine users into groups. The parameters of the parent group are automatically inherited.
"Users" section of the Ideco UTM web interface, "Accounts" tab. The parameters of the "Accounting" group are displayed on the right side of the page.
Color indication in front of user accounts informs the administrator about currently authorized users and their access to the Internet.
Form for creating a new user in the Ideco UTM web interface.
Ideco UTM supports IP based authentication (dynamic, web, Kerberos / NTLM, AD, VPN). At the same time, authorization from three different devices is possible for one user account.
"Users" section of the Ideco UTM web interface, "Accounts" tab. Allow authorization for a user by IP address.
"Users" section of the Ideco UTM web interface, "Authorization" tab. Parameters for different types of authorizations.
Ideco UTM supports user authorization through the Ideco Agent, which controls user access to the Internet. Access is provided only when the user is authorized through an agent. Any request by an unauthorized user through a web browser can be redirected to the authorization form using Ideco UTM.
Page in a web browser generated by Ideco UTM for user web authorization.
Ideco UTM can be integrated with an Active Directory domain (Windows Server 2008 R2, 2012, 2016, 2019) by importing accounts from there. All types of authorization are available for users imported from Active Directory, while verification is carried out by means of Active Directory, and not Ideco UTM.
"Users" section of the Ideco UTM web interface, "Active Directory" tab.
Ideco UTM provides the ability to automatically create a user with authorization by IP address for a device trying to access the Internet.
"Users" section of the Ideco UTM web interface, "Device Discovery" tab. Defined address pool for automatic device discovery and user creation.
User activity monitoring
Ideco UTM provides the administrator with detailed information about active users in the monitored network and VPN connections, as well as real-time traffic data.
"Monitoring" section of the Ideco UTM web interface, "Active users" tab. Active sessions are displayed to the administrator.
"Monitoring" section of the Ideco UTM web interface, "VPN users" tab. Active sessions are displayed to the administrator.
The administrator has access to the logs of the Ideco UTM modules in the web interface. With their help, you can control the start and operation of modules, identify errors in their functioning.
"Monitoring" section of the Ideco UTM web interface, "Logs" tab. The administrator is shown the available system logs of the Ideco UTM modules.
To control the load on the processor, RAM and server interfaces, as well as the activity of users, the administrator is provided with statistical information in the form of load graphs. Ideco UTM can store and provide information for the last three months.
"Monitoring" section of the Ideco UTM web interface, "Load charts" tab. Average Server Load (Load Average) and the number of established connections.
As mentioned above, in the new version of Ideco UTM, the real-time traffic monitor module has been completely redesigned. Now the administrator can easily determine by whom and with what traffic the channel is loaded.
"Monitoring" section of the Ideco UTM web interface, "Traffic Monitor" tab. Traffic by nodes of the local network.
"Monitoring" section of the Ideco UTM web interface, "Traffic Monitor" tab. Protocol traffic.
The administrator can receive notifications from Ideco UTM in Telegram from a special bot.
"Monitoring" section of the Ideco UTM web interface, "Telegram bot" tab. Instructions for setting up notifications via Telegram.
Telegram bot Ideco. Beginning of work.
The administrator has the ability to monitor and manage Ideco UTM using SNMP versions 1 / 2c and 3.
"Monitoring" section of the Ideco UTM web interface, "SNMP" tab. Configuring SNMP Access Settings.
Ideco UTM can transfer system messages (syslog) to third-party collectors (Syslog Collector) or SIEM systems.
"Monitoring" section of the Ideco UTM web interface, "Syslog" tab. Configuring network parameters of transmission of system messages Ideco UTM.
Ideco UTM supports integration with the Zabbix monitoring system in two modes: active and passive. In active mode, the connection to the Zabbix server is initiated by Ideco UTM, in passive mode, vice versa.
"Monitoring" section of the Ideco UTM web interface, "Zabbix agent" tab. Configuring parameters for interaction with Zabbix server.
Firewalling
Firewall functions are key in any UTM device. The Ideco UTM firewall module allows you to restrict user traffic according to various criteria.
Traffic rules section of the Ideco UTM web interface, Firewall tab. Adding a new filtering rule.
The module analyzes the headers of packets passing through the server's interfaces and makes a decision to pass traffic based on global rules configured for network protocols, ports, IP addresses, etc.
The rules are divided into four categories:
- FORWARD - rules for traffic that passes between server interfaces: the Internet and the local network, as well as between local networks. These are the basic rules that limit user traffic.
- DNAT (port forwarding) - rules for direct port forwarding from the external interface to certain resources on the local network (port forwarding).
- INPUT - rules for incoming traffic to the server interfaces. Typically, this is traffic for server services (for example, mail).
- SNAT - rules for managing network address translation.
Application control
Ideco UTM Application Control Module performs deep traffic analysis (DPI) to identify application layer protocols (L7).
"Traffic rules" section of the Ideco UTM web interface, "Application Control" tab. List of popular application traffic filtering rules.
The module contains a wide range of popular protocols that allow you to prohibit unwanted traffic related to network games, mining, social networks, instant messengers, remote access, etc.
Content filtering
Content filtering module Ideco UTM, also known as content filter, checks the address of the requested site for belonging to the list of prohibited resources. The list contains the categories into which the resources are broken down. Since the filtering rules are applied in order, content filtering can be configured as flexibly as possible for different user groups, allowing it to be tailored to the organization's business processes.
"Traffic rules" section of the Ideco UTM web interface, "Content filter" tab. Resource categories.
The built-in database contains about 140 categories, including millions of URLs, automatically updated by the Ideco UTM server. These categories work only with an active subscription to updates in commercial editions. It also provides for the creation of custom categories of rules.
"Traffic rules" section of the Ideco UTM web interface, "Content filter" tab. Creating a custom content filtering category.
Limiting the speed of incoming Internet traffic and quotas
Ideco UTM allows you to limit the speed of incoming Internet traffic for users and their groups.
"Traffic rules" section of the Ideco UTM web interface, "Rate limiting" tab. Speed limit rules.
"Traffic rules" section of the Ideco UTM web interface, "Rate limiting" tab. Adding a new constraint.
Ideco UTM has the ability to configure traffic limits for users and groups - quotas. Each quota is determined by the validity period (hour, day, week, month, quarter) and the amount of allowed traffic.
"Traffic rules" section of the Ideco UTM web interface, "Quotas" tab.
Antivirus filtering
Ideco UTM provides an automatically configured anti-virus filtering module that does not require manual configuration. You can choose from filtering using the open source antivirus ClamAV and a commercial product from Kaspersky Lab, provided under an additional license. To optimize the load on the Ideco UTM server, anti-virus filtering is performed after checking the proxy server exclusion lists by source and destination. HTTPS traffic is scanned if it is decrypted by the content filter.
"Traffic rules" section of the Ideco UTM web interface, "Web traffic antivirus" tab.
Intrusion prevention system
Intrusion Prevention System, part of Ideco UTM, detects, logs and prevents malicious attacks on the server, integrated services (mail, website, etc.) and the local network.
"Traffic rules" section of the Ideco UTM web interface, "Intrusion prevention" tab. Alert log.
Electronic journal entries are stored for the time specified in the "Settings" tab. The web interface displays the last 100 log entries, the full log is available through the terminal. The rules include blocking the activity of Trojans and spyware, viruses, botnets, P2P clients and torrent trackers, the TOR network, anonymizers, etc.
Ideco UTM Server Management
As already mentioned, the manufacturer has made changes to the web interface to improve the user experience and add new functionality. In the new version of Ideco UTM, server management settings are grouped into two sections - "Services" and "Server management". The first section contains basic network parameters: network interfaces, routing, integration with third-party servers. Parameters of network interfaces, local and external, of the Ideco UTM server and connection protocols (Ethernet, L2TP, PPPoE) to the provider are set in the "Network interfaces" subsection of the "Services" section.
The "Services" section of the Ideco UTM web interface, the "Network interfaces" tab.
When the server is connected to several ISPs, connection redundancy, static and dynamic balancing are provided. With static balancing, part of the Internet connections is made through one provider, and part through another. With dynamic balancing, switching to providers is carried out one by one, depending on the load. In this case, user sessions are evenly distributed between providers.
“Services” section of the Ideco UTM web interface, “Balancing and Load” tab. Connection to Internet providers is carried out in the "Reservation" mode.
Ideco UTM Routing System allows you to redirect network traffic with a number of advantages:
- the administrator can indicate the source network directly in the route;
- in case of unavailability of Ideco UTM or network interface, the path is searched for according to the routing rules;
- creation, editing and deletion of routing rules for local and external networks is carried out through the Ideco UTM web interface.
"Services" section of the Ideco UTM web interface, "Routing" tab. Adding a new LAN route.
By default, Ideco UTM transparently proxies web traffic to the corporate LAN. The proxy server also acts as a master service for some services related to the processing, control and accounting of user web traffic: anti-virus and content filtering, real-time traffic monitoring.
The "Services" section of the Ideco UTM web interface, the "Proxy" tab.
Ideco UTM supports reverse proxying technology, allowing you to publish local resources for access from the Internet. The main parameter when publishing a web resource is the requested Internet address. UTM is accessed from the external network via the HTTP protocol and the given URL. A reverse proxy allows this request to be redirected to an HTTP server on the local network. Thus, having one resource A record for the external UTM network interface, you can publish multiple resources on the local network, distributing them across multiple incoming URLs.
"Services" section of the Ideco UTM web interface, "Reverse proxy" tab. Create a publish rule.
DNS service translates server names to IP addresses and works in most cases without additional configuration. Ideco UTM provides the ability to use third-party DNS servers specifying specific DNS zones that these servers serve (“Forward-zones” tab). Also, on the "Master-zones" tab, you can configure a fully functional DNS server that resolves names to IP addresses of network devices in the local network.
"Services" section of the Ideco UTM web interface, "DNS" tab. External DNS servers.
For the convenience of configuring and administering network devices in the local network (automatic assignment of IP addresses), Ideco UTM has its own DHCP server. Ideco UTM web interface allows you to configure a range of IP addresses for automatic assignment, as well as generate static bindings of IP addresses to MAC addresses of these devices.
Section "Services" of the Ideco UTM web interface, tab "DHCP server". DHCP Server Options.
Ideco UTM supports multiple administrator accounts to access the web interface and server settings. You cannot delete a preset administrator record, you can only change its data (name, login and password). Access of administrators from the external network to the web interface is supported, as well as administration via the SSH protocol.
The "Server management" section of the Ideco UTM web interface, the "Administrators" tab. List of administrator accounts and their access parameters.
Ideco UTM updates are carried out exclusively over the network. The administrator configures the automatic update settings so as not to disrupt the user experience.
The "Server Management" section of the Ideco UTM web interface, the "Automatic Updates" tab. Ideco UTM automatic update options.
To restore the gateway operability quickly, a backup is provided. Supports automatic copying to network file storage via FTP or NetBIOS, as well as to a local hard drive. Backups are kept for a week or a month.
The "Server management" section of the Ideco UTM web interface, the "Backup" tab. Ideco UTM backups.
To diagnose the server, the use of the terminal is provided. It is not recommended to use the terminal for configuring Ideco UTM, as this can lead to irreversible consequences.
"Server Management" section of the Ideco UTM web interface, "Terminal" tab.
Additionally, the web interface allows you to manage the Ideco UTM license and server power. Aydeko collects anonymous statistics on server operation and modules used by users' permission. Confidential information, such as information about users, traffic passing through the server, network interfaces and server and license IDs, is not collected.
The "Server management" section of the Ideco UTM web interface, the "Advanced" tab. Server statistics collection is allowed
Reporting system
Ideco UTM automatically generates reports on the activity of users and the sites they visit, by categories of network traffic.
"Reports" section of the Ideco UTM web interface, the "Sites" tab. Website traffic report.
"Reports" section of the Ideco UTM web interface, "Users" tab. User activity report.
"Reports" section of the Ideco UTM web interface, "Categories" tab. Report by traffic categories.
"Reports" section of the Ideco UTM web interface, "Event log" tab.
"Reports" section of the Ideco UTM web interface, "Authorization log" tab.
Ideco VPN
To gain access to the local network of the enterprise from the outside (from home, hotel, other office), a VPN connection from a remote user's device is provided. Ideco UTM supports the following popular VPN protocols: WireGuard, IKEv2 / IPsec, SSTP, L2TP / IPsec.
"Services" section of the Ideco UTM web interface, "IPsec" tab. IPsec connection parameters.
Ideco UTM now has its own VPN agent based on WireGuard protocol. Previously, support for tunneling protocols fell on operating systems. Aideco's VPN agent runs on Microsoft Windows 8 or higher and is automatically deployed using MSI packages. Then the agent updates itself - the developer announced plans to add new functions to it.
Ideco VPN main window.
Mail relay
A full-fledged mail server is built into Ideco UTM. All mail traffic filtering capabilities apply to the internal mail server published through the relay node (relay). Basic parameters include many basic settings required for the server to work.
The "Mail relay" section of the Ideco UTM web interface, the "Basic settings" tab. Basic Mail Relay Settings.
Advanced mail relay settings include options such as mailbox size, mail forwarding, security settings, and DKIM signature.
The "Mail relay" section of the Ideco UTM web interface, the "Advanced settings" tab. Security options.
The administrator can manage the anti-spam service based on Kaspersky Lab technologies with the function of machine learning and artificial intelligence through the administrator's web interface.
The "Mail relay" section of the Ideco UTM web interface, the "Antispam" tab. Antispam parameters.
Mail forwarding is configured using mail aliases. Aliases do not require usernames and passwords, they are assigned to the mailbox and serve as copies of it with different names. If you assign an alias to multiple mailboxes, it can serve as a distribution group. Incoming mail for an alias is automatically forwarded to all real mailboxes associated with it.
The "Mail relay" section of the Ideco UTM web interface, the "Rules" tab. Adding a call forwarding rule.
Conclusions
Ideco UTM 10 is a new version of a popular domestic product. The manufacturer took into account the wishes of users and added a whole set of updates. I am glad that the product continues to develop according to the set schedule. New changes have already been announced, in particular dynamic routing, new reporting (including used applications), clustering. In the near future, the release of a version certified according to the requirements of the FSTEC of Russia is expected, which will significantly expand the scope of the gateway.
Advantages:
- Transition to a new version of the Linux kernel, complete platform upgrade.
- For the first time, its own VPN agent has been announced.
- The web interface has been redesigned, an English version has appeared.
- Added real-time traffic monitoring.
- Filtering rules have been worked out. Increased traffic processing speed.
- Notifying the administrator via the telegram bot about new types of events on the server.
Disadvantages:
- The VPN agent is only available for Microsoft Windows, but a Linux release is expected soon.
- There is no dynamic routing (it is planned to implement it in new versions of Ideco UTM).
- Some customers may need more dashboards on the dashboard, it is necessary to provide for the possibility of changing its appearance by the administrator. The manufacturer announced improvements in the next versions of Ideco UTM.