unified threat management by Nisha Menon K

842 views

Published on

unified threat management by Nisha Menon K

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
842
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

unified threat management by Nisha Menon K

  1. 1. UNIFIED THREAT MANAGEMENT NISHA MENON K ROLL NO: 16 M-TECH COMMUNICATION ENGINEERING 12/23/2013 1
  2. 2. OUTLINE  INTRODUCTION  THREATS  FEATURES OF UTM  TYPES OF UTM  ADVANTAGES  DISADVANTAGES  NEXT GENERATION UTM  CONCLUSION 12/23/2013 2
  3. 3. INTRODUCTION Unified threat management (UTM) is a comprehensive solution that has recently emerged in the network security industry. . A Unified Threat Management (UTM) can simplify management of security strategy, with just one device taking the place of multiple layers of legacy security hardware and software. Additionally, UTM security solutions can be monitored and configured from a single, centralized management console. 12/23/2013 3
  4. 4. Why UTM?? 12/23/2013 4
  5. 5. Why UTM?? • UTM solutions emerged of the need to stem the increasing number of attacks on corporate information systems via hacking/cracking, viruses, worms - mostly an outcome of blended threats and insider threats. • Firms have been increasingly falling victim to attacks from cyber hackers. • Traditional security solutions which evolved to tackle specific threats are usually more difficult to deploy, manage and update. This increases operational complexities and overhead costs. • Today's organizations demand an integrated approach to network security and productivity that combines the features of traditional technologies with the streamlined ease of use of UTM 12/23/2013 5
  6. 6.  UTM typically includes a firewall, antivirus software, content filtering and a spam filter in a single integrated package. Content filtering Firewall Antivirus 12/23/2013 6
  7. 7. THREATS THREATS/ATTACKS Spyware 12/23/2013 Application Attacks File based threats Email viruses 7
  8. 8. Spyware/Adware  Spyware is any software that utilizes a computer’s Internet access without the host’s knowledge or explicit permission  Approximately 90% of computers have some form of Spyware.  Aids in gathering information:    12/23/2013 Browsing habits (sites visited, links clicked, etc.) Data entered into forms (including account names, passwords, text of Web forms and Web-based email, etc.) Key stokes and work habits 8
  9. 9. Application Attacks  Unpatched Servers:  Servers do not get up to date Buffer Overflow patches Malicious Hacker  Attacker sends malicious code through a buffer overflow  Server is infected  New users who access server get infected 12/23/2013 9
  10. 10. File Based Threats  Example: Internet download  Viruses and malicious code File Server infection:  Peer to Peer Corp Network  Instant Messaging apps  Shareware sites  Compromised servers  Legitimate corporations  Web based email  Threats pass through firewalls  Once inside the network, others are easily affected 12/23/2013 10
  11. 11. E-mail Viruses  E-mail has become the primary Corp Network means for distributing threats  Trojans are easy to deliver and install  HTML viruses (no user intervention) with webmail  E-mails with attachments containing:  java scripts and html scripts 12/23/2013 11
  12. 12. FEATURES OF UTM FIREWALL INSPECTION INTRUSION PREVENTION URL FILTERING ANTI-VIRUS ANTI-SPAM VIRTUAL PRIVATE NETWORK 12/23/2013 12
  13. 13. • FIREWALL INSPECTION • A system designed to prevent unauthorized access to or from a private network • Firewalls can be implemented in both hardware and software, or a combination of both. 12/23/2013 13
  14. 14. • INTRUSION PREVENTION • Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS) • Monitor network and/or system activities for malicious activity • Identify malicious activity, log information about this activity, attempt to block/stop it, and report it 12/23/2013 14
  15. 15. • URL FILTERING URL filtering is strictly a client protection technology of UTM. It can be used for both providing policy enforcement, such as limiting access to what sites different users can access based on category and organizational policy, as well as to act as another layer of security by limiting access to potentially malicious sites. 12/23/2013 15
  16. 16. • ANTI-SPAM • Unwanted e-mail messages, usually sent by commercial, malicious, or fraudulent entities . • The anti-spam feature examines transmitted e-mail messages to identify spam. • When the device detects a message seemed to be spam, it blocks the e-mail message. 12/23/2013 16
  17. 17. • ANTI VIRUS The UTM Appliance AntiVirus feature handles the detection and removal of viruses. 12/23/2013 17
  18. 18. • VPN (VIRTUAL PRIVATE NETWORK) Used to connect two or more private networks via the internet •Provides an encrypted tunnel between the two private networks •Usually cheaper than a private leased line •Once established and as long as the encryption remains secure the VPN is impervious to exploitation 12/23/2013 18
  19. 19. STANDARD - UTM  Unified Threat Management  Integration of • Firewall • Intrusion Prevention for blocking network threats • Anti-Virus for blocking file based threats • Anti-Spyware for blocking Spyware  Faster updates to the dynamic changing threat environment and elimination of False Positives 12/23/2013 19
  20. 20. Integrated Threat Protection in Action Error message: “Drops” copy of itself on system and attempts to propagate “Innocent” Video Link: Redirects to malicious Website “Out of date” Flash player error: “Download” malware file Solution: Integrated Web Filtering Blocks access to malicious Website Network Antivirus Blocks download of virus Intrusion Protection Blocks the spread of the worm 12/23/2013 20
  21. 21. TYPES OF UTM UTM Hardware based 12/23/2013 Software based 21
  22. 22. ADVANTAGES • REDUCED COMPLEXITY: Single security solution. • SIMPLICITY : Avoidance of multiple software installation and maintenance • EASY MANAGEMENT • LOW OPERATOR INTERACTION • EASY TO TROUBLESHOOT 12/23/2013 22
  23. 23. DISADVANTAGES o Single point of failure for network traffic o Single point of compromise if the UTM has vulnerabilities o Potential impact on latency and bandwidth when the UTM cannot keep up with the traffic 12/23/2013 23
  24. 24. NEXT GENERATION - UTM Identity-based UTM: provide discrete identity information of each user in the network along with network log data. They allow creation of identity-based network access policies for individual users, delivering complete visibility and control on the network activities. Voice Over IP security Instant Messaging Worm protection Expanded security security to every corner of an organization’s network, from the core to the perimeter and every point in between. 12/23/2013 24
  25. 25. CONCLUSION • UTM is answer to new challenges in the “wild” Internet • UTM is integrated solution with easy management • UTM offers complete support for all users, whether they are at an enterprise site or in between network zones-ensuring maximum protection 12/23/2013 25
  26. 26. REFERENCE [1] Ranjit Shrirang Nimbalkar , Dr. B. B. Meshram “Survey on Integrated Management” International Journal of Engineering Research & Technology (IJERT), Vol. 2, Issue 6, June - 2013 [2] U.R.Naik and P.R.Chandra, “Designing Highperformance Networking Applications,” Intel Press, 2004. 12/23/2013 26
  27. 27. 12/23/2013 27

×