Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Security - Web

For web traffic to be filtered, the data flow has to be identified as web traffic.  Out of the box, the UTM10 monitors HTTP, HTTPS and FTP traffic on the default ports of 80, 443, and 21.  Additional ports can be easily added for monitoring.

The UTM10 automatically filters web traffic for malware as it does for email, and has additional  configuration options.  Basic configurations include whitelist, blacklist and keyword filtering.  More detailed configurations include category based filtering, embedded object filtering on sites using ActiveX, Java and Flash, as well as file type filtering. 

Whitelists and blacklists can be useful to allow specific sites that are blocked via a category based filter or block specific sites that are allowed via a category based filter.  For example, selecting the filtering category to sports will block espn.com.  End users will see a web page with a banner as shown in Figure 7 below.  If you wish to allow espn.com but block all other sports websites, setting the filtering category = sports and entering espn.com in the whitelist does the trick.  The “*” wildcard is available, so a whitelist entry of *espn* would allow all websites with “espn” in the URL. 

Blocked message

Figure 7: Blocked message

As a side note, sports websites may seem innocuous, but during several times of the year, such as March Madness, web traffic to sports websites can consume excessive resources on a company's network.  Multiple end users streaming video highlights of their favorite college basketball team can consume a lot of bandwidth!

Keyword blocking is also manually configurable.  For example, I entered all seven of George Carlin's famous “Words You Can Never Say on Television” in the keyword blocking section.  This was a rather entertaining test, but effective.  Once enabled, websites containing any of the listed words in text were blocked by the UTM10.

Category filtering on the UTM10 is hierarchical, with 12 main categories.  The main filtering categories are Commerce, Drugs and Violence, Education, Gaming, Inactive Sites, Internet Communication and Search, Leisure and News, Malicious, Politics and Religion, Sexual Content, Technology, and Uncategorized.  Each main category has 2 to 14 subcategories, for a total of 64 different category filtering options.

Category filtering blocks websites that have been categorized in the NETGEAR Classification database, depicted back in Figure 6.  As with the SonicWall TZ100W and other UTM products I've reviewed, category based filters can be easily defeated.  With the category pornography selected for content filtering, the UTM10 blocks browsing to adult sites.  However, simply typing porn xxx in a search on Google.com and clicking the images option displays adult images which should be blocked.

There is an interesting list of websites known to be infected with malware, located at safeweb.norton.com/dirtysites.  So to perform a rudimentary test, I tried to browse several of the websites on the list.  Many of them triggered either the content filter or the George Carlin keyword list. But the first one, 17ebook.com, triggered the UTM10's malware filters which gave me the message in Figure 8.

CAUTION!! The sites listed in the Norton list do contain active malware. Don't even think of loading these sites unless you have up-to-date anti-virus and anti-malware running on a test machine that is isolated from other LAN systems. A virtual machine or system running from a live Linux distro is highly recommended.

The Norton page itself is perfectly safe to load.

Malware message

Figure 8: Malware message

Additional web security options include filtering embedded ActiveX, Java, or Flash objects within web sites.  This option is applied even on whitelisted URLs.  I enabled the embedded object filtering option and then tried browsing web sites that utilize Flash. 

Stattracker, a handy web page for Yahoo! Fantasy Football is a good test, since it uses Flash technology.  With Flash filtering enabled, Stattracker failed to load; only a blank page would come up.  Note that, according to NETGEAR, pages that aren't entirely Flash (or Java or ActiveX) based, will display and just the objects will be blocked.

HTTP file downloads can also be filtered based on extensions, such as .exe for executables and media files like .mpg and .mp3.  Additional file extensions are easily added in the content filtering menu.

NETGEAR also provides useful tools for content filter management, including traffic logging, filter scheduling, a lookup tool to determine a URL's category, and a reporting tool to suggest reclassification of a URL. 

To determine a URL's classification, and thus determine if it would be filtered by the UTM10, simply enter the URL in the web category lookup tool.  As shown in Figure 9, smallnetbuilder.com is classified under Computers&Technology, and access to this website would be blocked if this category was selected for filtering.

Web Category Lookup

Figure 9: Web Category Lookup

Note the link in Figure 9 labeled “Click here to Report a URL Misclassification.”  This link allows for reporting a URL that may be misclassified.  I tried this link, reporting a domain which was registering as “Computers & Technology” and recommended it be classified as “Information Security.”  I received a message stating “The Web page that you entered is currently under review. It will be analyzed in the next 24 hours and if the classification is found to be incorrect it will be fixed.”  I checked back after the recommended 24 hours, but the domain was still listed as “Computers & Technology.”

In addition to Email and Web traffic filtering, the UTM10 can filter FTP traffic for malware, size and extension type.  Further, the UTM10 can be configured to pass or block traffic generated by Instant Messenger (IM) and Peer-to-Peer (P2P) traffic services.  IM services that are monitored include Google, Yahoo, mIRC, and MSN.  Note, however, that Skype traffic can't be blocked. PSP services that are monitored include BitTorrent, eDonkey, and Gnutella.

Security - Network

In addition to the protection offered by the UTM10's Email and Web filters, the UTM10 has a full-featured firewall.  The functionality of the firewall is very similar to that on the FVS318G and FVS336G, but the Intrusion Protection (IPS) is new.  NETGEAR takes a more economical approach for IPS, incorporating technology from the open source solution, Snort.

The UTM10's IPS functionality is more basic than other UTM devices I've reviewed.  For example, SonicWall's TZ100W detects 48 different categories of possible network intrusions, whereas the UTM lists a total of 6.  Once detected, intrusions can be either dropped or an alert can be sent.

Although basic, I verified the UTM10 is monitoring activity on the WAN port.  I set up my UTM10 to send an alert email on possible Intrusion activity, then deliberately ran a port scan on the WAN interface of the router to generate an Intrusion condition.  Almost immediately, I received the following email alert:

At time : 2009-11-22 09:00:03
Intrusion Prevention System of UTM detected : TCP Portscan .
Target host IP : 16.2.18.35
Number of ports which scanned in target host: 1663
The port range scanned in target host : 3:65389
The number of active attack connection : 1700
The attacker IP : 16.8.15.18

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I am testing wan speed on a gigabit network while activating different options in the router. Here is what I got so far:- about 920 mbs while no optio...
So this is going to probably sound crazy but here is how this unfolded. I have a dedicated IP address on TorGuard's VPN service and it's been working ...
Hello,I have Guest Network enabled on my RT-AC68U router, I noticed the ip address assigned to the device connected on guest network are in the same i...
Hi,Since a few versions ago, the list of connected devices (Not sure how it was called, network map or so) seems to be completely broken on my AC68U.F...
Hi There, I've been checking the latest wireless systems for home and I came along Orbi and Google Wifi. I'm planning to upgrade my old Linksys router...

Don't Miss These

  • 1
  • 2
  • 3