Results 1 to 3 of 3
  1. #1
    Newbie
    Join Date
    Mar 2021
    Posts
    3

    Default Command Center and Secruity

    Hi,

    I'm new to untangle and am trying to understand the way NG Firewall data interacts with Command Center. I reached out to support and was sent a privacy policy after asking a few questions and was left confused. So, I figured I'd ask the smart folks here.

    Is there any documentation that outlines what data is sent to the untangle cloud from NG firewall? Any information on the security of that environment? For example, are backups encrypted? Do all network flows go to the cloud? How does command center securely access the firewall other than it being an "SSL Connection"? I see that untangle has solutions for Banking, Public Sector customers, etc.; has the Untangle cloud passed any third party compliance audits?

    Sorry for all of the questions, I don't expect them all answered, just looking to be pointed in the right direction. Thanks!

  2. #2
    w00t
    Join Date
    Aug 2016
    Location
    Boulder, CO
    Posts
    21

    Default

    Hey @JakeSmith1911,

    Thanks for the question - definitely a lot of crazy stuff going on with breaches these days..

    We take that very seriously at Untangle and have layers of security in place to protect customer data and communication pathways. Of course, it's a never-ending task.

    You have the option to turn off all Command Center communication, but we feel the benefits outweigh the risks.
    See Config --> System --> Support
    Untitled picture.png

    The NGFW will still communicate with our license and update services, as well as any services used by the NGFW apps, but a lot of Command Center functionality will not be available. These service collect minimal information about the NGFW: UID, version, IP address, number of hosts.

    If 'Connect to Command Center' is checked, the NGFW will maintain a connection to our command server and will be able to execute certain instructions, as well as send report information to Command Center. Basically, the reports you see there are sent daily by the NGFW and aggregated. In addition to that, NGFW will send alerts to our cloud. These alerts are available in Command Center for you to view, but in addition to that they will be sent to any notification provider you have set up in Command Center.

    Remote access from Command Center works by telling NGFW to open an SSL proxy connection on a random port to our relay server. The security there is verified by certificates. Once this SSH connection has been established, the Command Center will redirect the user to the temporary endpoint. The endpoint is closed once the user logs out - hence the remote access via Command Center is much more secure than just exposing admin interface on a WAN - it does not stay open and requires authenticated communication to our infrastructure from the device itself.

    We are constantly conducting audits and pen testing of both our infrastructure (including users ;-) ) as well as the product itself. Naturally, 3rd parties have done that as well. Here you can see some of our CVEs https://cve.mitre.org/cgi-bin/cvekey...yword=Untangle - compare that to say…. https://cve.mitre.org/cgi-bin/cvekey...yword=Fortinet

    I think you are very secure in our infrastructure, but naturally I cannot predict / guarantee emerging threats and vulnerabilities, nor user behavior.

    With all that in mind, you have to do your part to reduce any additional risk - enable MFA in Command Center, don't use your Social Security number as your hostname, keep a local copy of any data that is important, keep SSH access disabled to your NGFW, etc.
    CMcNaughton likes this.

  3. #3
    Newbie
    Join Date
    Mar 2021
    Posts
    3

    Default

    @Timur,

    Thanks for your reply. The detail on the SSL proxy connection to the command center is helpful. The Mitre CVE information is helpful, but is that a fair comparison? Fortinet is much more widely deployed and I would imagine under much greater scrutiny. One thing that did jump out at me is the MD5 CVE; MD5 in 2020? Not trying to be overly critical, I think your point was spot on that users are probably better off using Command Center than not. However, if we're making those decisions we should understand what happens with our data.

    I see that you guys have solutions for enterprises and public sector customers. Have you not been asked to provide details of what's stored in your cloud and how? Going back to my previous example; are backups encrypted?

    Again, thanks for your answer and it is very helpful. I only write this because I like the idea of using command center, I just think Untangle needs to do a *much* better job on documentation on the security/compliance of the Untangle cloud.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2