UserGate Platform Overview

Hello!

We continue the series of articles on the topic of integrated IT integration.

And today we want to talk about one of the domestic developments that we, as integrators, can offer our customers to solve the problem of ensuring network perimeter security. This is especially true in the context of sectional policies and the requirements of import substitution.

The imposition of sanctions was a challenge, including for engineers who received certification, a huge knowledge base on the solutions of foreign vendors, but at some point they were forced to quickly switch to the "new wave", actually starting a lot over again.

Domestic developers also had to reach a new level in order to promptly offer a worthy alternative to the leaders of IT solutions. Now we can already say that they do pretty well. Let's move on to a specific example, namely the UserGate Internet screen. Let us briefly consider what tasks it allows us to solve and what potential for development lies in it.

So, let's talk about what UserGate offers from the functional, and in what areas it can be applied. Figure 1 - Functionality of UserGate firewalls Figure 2 - Scopes of UserGate firewalls







The developers devoted a lot of time to creating their own platform, which does not rely on the use of someone else's source code and third-party modules. UserGate operates on the basis of the specially created and constantly supported and evolving operating system UG OS.

In essence, UserGate is a universal Internet gateway of the Unified Threat Management class (unified threat protection), combining the functionality of a firewall, router, gateway antivirus, intrusion detection and prevention system (SOV), VPN server, content filtering system, and monitoring module and statistics and more. The product allows you to manage the company’s network, optimize the traffic it uses and effectively prevent Internet threats.

Let's take a closer look at what UserGate has to offer in terms of network security functionality and protection against network threats.

Firewalling


UserGate’s built-in next-generation firewall (NGFW - Next Generation Firewall) filters traffic passing through certain protocols (e.g. TCP, UDP, IP), thereby protecting the network from hacker attacks and various types of intrusions based on the use of these protocols.

Intrusion Detection and Prevention


Intrusion Detection and Prevention System (SRO) allows you to recognize malicious activity within the network. The main objective of the system is the detection, logging and prevention of threats in real time, as well as the provision of reports. The administrator can create various COB profiles (sets of signatures relevant for protecting certain services) and set COB rules that define actions for the selected type of traffic, which will be checked by the COB module in accordance with the assigned profiles.

Antivirus traffic scan


UserGate Streaming Antivirus allows you to provide antivirus scan of traffic without sacrificing network performance and speed. According to the vendor, the module uses an extensive signature database, which is constantly updated. As an additional protection, a heuristic analysis module can be connected.

Checking Email Traffic


UserGate is able to process transit mail traffic (SMTP (S), POP3 (S)), analyzing its source, as well as the contents of the message and attachments, which guarantees reliable protection against spam, viruses, pharming and phishing attacks. UserGate also provides the ability to flexibly configure mail filtering by user group.

Work with external security systems


It is possible to transfer HTTP / HTTPS and mail traffic (SMTP, POP3) to external ICAP servers, for example, for anti-virus scanning or for analysis of data transmitted by users with DLP systems. The administrator can specify what traffic is required to be sent to ICAP, as well as configure work with server farms.

ASU TP Management


In the new version of the platform, it became possible to configure and manage an automated process control system for technological production (ACS TP). The administrator can control traffic by configuring rules for detecting, blocking, and logging events. This allows you to automate the basic operations of the process, while maintaining the ability to control and intervene if necessary.

Setting Security Policies Using Scripts


UserGate can significantly reduce the time between detection of an attack and reaction to it thanks to security automation using a scripting mechanism (SOAR - Security Orchestration, Automation and Response). This concept is at the peak of popularity and allows the administrator to create scripts (run according to plan or when an attack is detected), where automatic actions are written in response to certain events. This approach provides flexible configuration of security policies, reduces human participation due to automation of repetitive tasks, and also makes it possible to prioritize scenarios for a speedy response to critical threats.

Now let's see what technologies UserGate offers to provide solutions to the problems of fault tolerance and reliability.

Clustering and Failover Support


UserGate supports 2 types of clusters: a configuration cluster, which allows you to specify uniform settings for nodes within the cluster, and a failover cluster, designed to ensure uninterrupted operation of the network. The failover cluster can operate in two modes: Asset-Asset and Asset-Passive. Both support synchronization of user sessions, which provides transparent for users switching traffic from one node to another.

FTP over HTTP


The FTP module over HTTP allows you to access the contents of the FTP server from the user's browser.

Support for multiple providers


When connecting the system to several providers, UserGate allows you to configure a gateway for each of them to provide access to the Internet. The administrator can also adjust the balancing of traffic between providers by indicating the weight of each gateway, or specify one of the gateways as the main one with switching to other providers if the main gateway is unavailable.

Bandwidth management


Bandwidth control rules are used to limit the channel for specific users, hosts, services or applications. Among other things, UserGate products have a fairly wide functionality for routing traffic and publishing local resources.

UserGate allows you to use both static and dynamic routing. Dynamic routing is performed using OSPF and BGP protocols, which makes it possible to use UserGate in a complex routed enterprise network. The administrator can create NAT rules in the system (to provide users with Internet access), as well as rules for securely publishing internal resources on the Internet using reverse proxies for HTTP / HTTPS and DNAT for other protocols.

In principle, nothing innovative, but in order for the customer’s engineers to feel relatively calm, these technologies are quite enough.

Traffic management and internet access control


If you have Internet access, there is the task of controlling traffic. Not so long ago, most corporate clients were primarily interested in minimizing the cost of Internet access (especially for small companies) and security (all kinds of antivirus software have successfully solved this problem for a long time). Today, more and more attention is paid to how employees use the Network and how to ensure that their actions do not threaten the security of business critical services.

The use of the Internet filtering module provides administrative control over the use of the Internet and blocks visits to potentially dangerous resources, as well as, when necessary, non-work sites. To analyze the security of resources requested by users, reputation services, MIME types of content (photos, videos, texts, etc.), special morphological dictionaries provided by UserGate, as well as URL black and white lists are used. Using Useragent, an administrator can prohibit or allow work with a specific type of browser. UserGate provides the ability to create your own black and white lists, dictionaries, MIME types, morphological dictionaries and Useragent, applying them to users and user groups. Even safe sites can contain unwanted images on banners, the contents of which are independent of the owner of the resource. UserGate solves this problem by blocking banners, protecting users from negative content. UserGate, in our opinion, has a very interesting function of injecting code onto web pages. It allows you to insert the necessary code into all the web pages that the user views. Further, the administrator can receive various metrics for each element of the page and, if necessary, hide various elements from showing on web pages.

Using MITM technology (Man In The Middle), it is possible to filter not only regular, but also encrypted traffic (HTTPS, SMTPS, POP3S protocols), signing it with a trusted root certificate for encryption after analysis. The system allows you to configure selective traffic verification, for example, not to decrypt the resources of the "Finance" category.

UserGate helps force the SafeSearch feature to be activated for Google, Yandex, Yahoo, Bing, Rambler, Ask and the YouTube portal. With the help of such protection it is possible to achieve high efficiency, for example, by filtering responses to requests by graphic or video content. You can also block search engines that do not have a secure search feature. In addition, administrators have tools to block games and applications on the most popular social networks, despite the fact that access to the social networks themselves can be allowed.

The platform supports various user authorization mechanisms: Captive portal, Kerberos, NTLM, while accounts can come from various sources - LDAP, Active directory, FreeIPA, TACACS +, Radius, SAML IDP. Authorization SAML IDP, Kerberos or NTLM allows you to transparently (without asking for a username and password) to connect users in an Active Directory domain. The administrator can configure security rules, channel width, firewall rules, content filtering and application control for individual users, user groups, as well as all known or unknown users. In addition, the product supports the application of security rules to users of terminal services using special agents (Terminal Services Agents), as well as the use of an authorization agent for Windows platforms. To ensure greater security of accounts, it is possible to use multi-factor authentication using TOTP tokens (Time-based One Time Password Algorithm), SMS or email. The functionality of providing temporary access to the network can be useful for guest WiFi with confirmation via email or sms. In this case, administrators can create separate security settings for each temporary client.

Conclusion


In this article we tried to briefly talk about the functionality that is implemented on the UserGate firewall platform. So far, technologies for organizing virtual networks for a geo-distributed network, and safe user access to company resources, etc. have remained outside the brackets.

All these topics, down to examples of configurations of various technologies, are planned in the following articles on the UserGate platform.

Also popular now: