2. OUTLINE
INTRODUCTION
THREATS
FEATURES OF UTM
TYPES OF UTM
ADVANTAGES
DISADVANTAGES
NEXT GENERATION UTM
CONCLUSION
12/23/2013
2
3. INTRODUCTION
Unified threat management (UTM) is a comprehensive solution
that has recently emerged in the network security industry.
.
A Unified Threat Management (UTM) can simplify management of
security strategy, with just one device taking the place of
multiple layers of legacy security hardware and software.
Additionally, UTM security solutions can be monitored and
configured from a single, centralized management console.
12/23/2013
3
5. Why UTM??
• UTM solutions emerged of the need to stem the increasing number
of
attacks
on
corporate
information
systems
via
hacking/cracking, viruses, worms - mostly an outcome of
blended threats and insider threats.
• Firms have been increasingly falling victim to attacks from cyber
hackers.
• Traditional security solutions which evolved to tackle specific
threats are usually more difficult to deploy, manage and update.
This increases operational complexities and overhead costs.
• Today's organizations demand an integrated approach to network
security and productivity that combines the features of traditional
technologies with the streamlined ease of use of UTM
12/23/2013
5
6. UTM typically includes a firewall, antivirus software,
content filtering and a spam filter in a single
integrated package.
Content
filtering
Firewall
Antivirus
12/23/2013
6
8. Spyware/Adware
Spyware is any software that utilizes a computer’s
Internet access without the host’s knowledge or
explicit permission
Approximately 90% of computers have some form of
Spyware.
Aids in gathering information:
12/23/2013
Browsing habits (sites visited, links clicked, etc.)
Data entered into forms (including account
names, passwords, text of Web forms and Web-based
email, etc.)
Key stokes and work habits
8
9. Application
Attacks
Unpatched Servers:
Servers do not get up to date
Buffer Overflow
patches
Malicious Hacker
Attacker sends malicious code
through a buffer overflow
Server is infected
New users who access server get
infected
12/23/2013
9
10. File Based
Threats
Example: Internet download
Viruses and malicious code
File Server
infection:
Peer to Peer
Corp Network
Instant Messaging apps
Shareware sites
Compromised servers
Legitimate corporations
Web based email
Threats pass through firewalls
Once inside the network, others
are easily affected
12/23/2013
10
11. E-mail Viruses
E-mail has become the primary
Corp Network
means for distributing threats
Trojans are easy to deliver and
install
HTML viruses (no user
intervention) with webmail
E-mails with attachments
containing:
java scripts and html scripts
12/23/2013
11
12. FEATURES OF UTM
FIREWALL INSPECTION
INTRUSION PREVENTION
URL FILTERING
ANTI-VIRUS
ANTI-SPAM
VIRTUAL PRIVATE NETWORK
12/23/2013
12
13. • FIREWALL INSPECTION
• A system designed to prevent unauthorized access to or from a
private network
• Firewalls can be implemented in both hardware and software, or a
combination of both.
12/23/2013
13
14. • INTRUSION PREVENTION
• Intrusion prevention systems (IPS), also known as intrusion detection
and prevention systems (IDPS)
•
Monitor network and/or system activities for malicious activity
• Identify malicious activity, log information about this activity, attempt to
block/stop it, and report it
12/23/2013
14
15. • URL FILTERING
URL filtering is strictly a client protection technology of UTM.
It can be used for both providing policy enforcement, such as limiting access
to what sites different users can access based on category and organizational
policy, as well as to act as another layer of security by limiting access to
potentially malicious sites.
12/23/2013
15
16. • ANTI-SPAM
• Unwanted e-mail messages, usually sent by commercial, malicious, or
fraudulent entities .
• The anti-spam feature examines transmitted e-mail messages to identify
spam.
• When the device detects a message seemed to be spam, it blocks the
e-mail message.
12/23/2013
16
17. • ANTI VIRUS
The UTM Appliance AntiVirus feature handles the
detection and removal of viruses.
12/23/2013
17
18. • VPN (VIRTUAL PRIVATE NETWORK)
Used to connect two or more private networks via the
internet
•Provides an encrypted tunnel
between the two private networks
•Usually cheaper than a private
leased line
•Once established and as long as the
encryption remains secure the VPN is
impervious to exploitation
12/23/2013
18
19. STANDARD - UTM
Unified Threat Management
Integration of
• Firewall
• Intrusion Prevention for blocking network
threats
• Anti-Virus for blocking file based threats
• Anti-Spyware for blocking Spyware
Faster updates to the dynamic changing
threat environment and elimination of False
Positives
12/23/2013
19
20. Integrated Threat Protection in Action
Error message:
“Drops” copy of itself
on system and
attempts to propagate
“Innocent” Video Link:
Redirects to malicious Website
“Out of date” Flash player error:
“Download” malware file
Solution:
Integrated Web Filtering
Blocks access to malicious Website
Network Antivirus
Blocks download of virus
Intrusion Protection
Blocks the spread of the worm
12/23/2013
20
22. ADVANTAGES
• REDUCED COMPLEXITY: Single security solution.
• SIMPLICITY : Avoidance of multiple software installation and
maintenance
• EASY MANAGEMENT
• LOW OPERATOR INTERACTION
• EASY TO TROUBLESHOOT
12/23/2013
22
23. DISADVANTAGES
o Single point of failure for network traffic
o Single point of compromise if the UTM has vulnerabilities
o Potential impact on latency and bandwidth when the UTM cannot keep
up with the traffic
12/23/2013
23
24. NEXT GENERATION - UTM
Identity-based UTM: provide discrete identity information
of each user in the network along with network log data.
They allow creation of identity-based network access policies for
individual users, delivering complete visibility and control on the
network activities.
Voice Over IP security
Instant Messaging
Worm protection
Expanded security
security to every corner of an organization’s network, from the core to
the perimeter and every point in between.
12/23/2013
24
25. CONCLUSION
• UTM is answer to new challenges in the “wild” Internet
• UTM is integrated solution with easy management
• UTM offers complete support for all users, whether they are at an
enterprise site or in between network zones-ensuring maximum
protection
12/23/2013
25
26. REFERENCE
[1] Ranjit Shrirang Nimbalkar , Dr. B. B. Meshram “Survey on Integrated
Management” International Journal of Engineering Research &
Technology (IJERT), Vol. 2, Issue 6, June - 2013
[2] U.R.Naik and P.R.Chandra, “Designing Highperformance
Networking Applications,” Intel Press, 2004.
12/23/2013
26