For all networks, there is focus given on what traffic is permitted in from the Internet to keep the internal computing resources secure and reliable. As small office or home office (SOHO) users become more sophisticated and at risk for using different Web services, we can start to see a need arise for prohibiting what traffic can also leave a network. One way to tackle this subject is to set up a protocol control that prohibits configured outbound traffic from an internal network. For various reasons, the outbound traffic can be managed for free with the Untangle open source gateway.
Untangle’s protocol control module is a canned collection of 94 protocols and an associated application that can be either blocked and/or logged. Some of the available protocols to be managed on the gateway include:
- Instant Messenger: Eight of the top instant messenger Web products are included. This can help prevent an untracked leakage of sensitive company data by using an Internet-based instant messenger in lieu of an internally hosted, managed, and traceable system.
- E-mail: Three e-mail protocols such as SMTP, IMAP, and POP3 can be blocked from the internal SOHO network.
- Peer to Peer file exchange: Over 20 services offered for uncontrolled file exchange.
- Voice over IP, games, other VPN clients, and more: A various collection of Web-based services that the SOHO may not really need if not part of your standard offering.
The protocol control module is displayed like the other Untangle components in the virtual rack. Further, protocols and applications can be added to the list based on your specific needs. Figure A shows a page of the available applications for managements:
Click to enlarge.
This is different from the standard Web filter module of the Untangle as it goes beyond port 80 and generic categories. The protocol control list allows specific Web-based services to be prohibited that may not be using ports 80 or 443. More information on the Untangle protocol control module can be found on the Untangle Web site.