1 / 25

Unified Threat Management System

Unified Threat Management System. Abdul Basheer P. Contents. Introduction Network security Firewall Why do I need a firewall Types of Firewall The New Standard – UTM Basic Working of UTM Features of UTM Advantages of UTM Disadvantages of UTM Conclusion References. Introduction.

holmesj
Download Presentation

Unified Threat Management System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unified Threat Management System Abdul Basheer P

  2. Contents • Introduction • Network security • Firewall • Why do I need a firewall • Types of Firewall • The New Standard – UTM • Basic Working of UTM • Features of UTM • Advantages of UTM • Disadvantages of UTM • Conclusion • References

  3. Introduction Unified Threat Management (UTM) is a category of security appliances that integrates a range of security features into a single appliance

  4. Network Security • Network Security is the process of taking preventative measures to protect the networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure • Thereby creating a secure platform for computers, users and programs to perform

  5. firewall A firewall is a dedicated appliance which inspects network traffic passing through it, and denies or permits passage based on a set of rules.

  6. Why do I need a firewall? • If you connected to the cyber space, you are a potential target to an array of cyber threats • such as hackers, keyloggers, and Trojans that attack  identity theft and other malicious attacks through unpatched security holes • A firewall works as a barrier, or a shield, between your PC and cyber space

  7. Types of Firewall • Packet-filtering firewalls • Circuit-level Firewalls • Stateful inspection firewalls • Application-level gateways

  8. Traditional firewalls • Previous generations of firewalls were port-based or used packet filtering • Determined whether traffic is allowed or disallowed based on characteristics of the packets • However, traditional firewalls have failed to keep pace with the increased use of modern applications, and network security threats

  9. The New Standard - UTM • Around 2000, unified threat management (UTM) technology came onto the scene • Category of security appliances which integrates a range of security features into a single appliance • UTM appliances combine firewall, gateway, anti-virus, intrusion detection and prevention capabilities etc. into a single platform

  10. Basic deployment of firewall/UTM

  11. Basic Working of UTM • Integration of Firewall • Statefull Packet Inspection • Deep Packet Inspection • Intrusion Prevention for blocking network threats • Anti-Virus for blocking file based threats • Anti-Spyware for blocking Spyware • Content Inspection

  12. Stateful Packet Inspection INSPECT Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options SourceUDP Port Destination UDP Port UDP Length UDP Checksum DATA Stateful is limited inspection that can only block on ports No Data Inspection! Stateful PacketInspection Firewall Traffic Path

  13. Deep Packet Inspection INSPECT INSPECT Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options SourceUDP Port Destination UDP Port UDP Length UDP Checksum DATA Deep Packet Inspection inspects all traffic moving through a device Deep PacketInspection Stateful PacketInspection Firewall Traffic Path

  14. SourceUDP Port Destination UDP Port SourceUDP Port Destination UDP Port SourceUDP Port Destination UDP Port SourceUDP Port Destination UDP Port UDP Length UDP Checksum UDP Length UDP Checksum UDP Length UDP Checksum UDP Length UDP Checksum DATA DATA DATA DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address Deep Packet Inspection / Prevention Signature Database Comparing… ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT Application Attack, Worm or Trojan Found! Deep Packet Inspection with Intrusion Prevention can find and block, application vulnerabilities, worms or Trojans. Stateful PacketInspection Deep PacketInspection Firewall Traffic Path

  15. SourceUDP Port Destination UDP Port SourceUDP Port Destination UDP Port SourceUDP Port Destination UDP Port SourceUDP Port Destination UDP Port UDP Length UDP Checksum UDP Length UDP Checksum UDP Length UDP Checksum UDP Length UDP Checksum DATA DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Gateway Anti-Virus Anti-Spyware Content Inspection Gateway Anti-Virus and Content Control Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT Virus File! AuctionSite Stateful PacketInspection Deep PacketInspection Firewall Traffic Path

  16. Security Must Be Updated Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT AV Database IPS Database Spy Database Content Filtering Database Content Inspection Stateful PacketInspection Deep PacketInspection Anti-Virus Content Filtering Service Gateway Anti-Virus Anti-Spyware Firewall Traffic Path

  17. Features of UTM • Scalable central management • Single Interface to manage • Firewall • Web Filtering • Antivirus • Bandwidth Management

  18. Features of UTM • , • VPN • URL Filtering • Traffic shaping • Content Filtering • Realtime monitoring • Reporting.

  19. Features of UTM • Identity Based Policy Control • ISP Load Balancing/Failover • Secure Wireless • High Availability - Appliance • One UTM divided in to several logical units, each serving different locations • Updateable database by an expert signature team

  20. UTM Venders

  21. Advantages of UTM • Lower up-front cost • Less space • Lower power consumption • Easier to install and configure  • Fully integrated 

  22. Disadvantages of UTM • Need of Administrator • Single point-of-failure  • creating a vendor lock-in on a longer term • When processing peaks are reached, there could be some compromise in the functionality

  23. Conclusion UTM can meet the needs of enterprise network results a powerful toolset that can displace traditional firewalls and give network managers greater flexibility and greater capability to solve their immediate security problems quickly

  24. References • http://searchmidmarketsecurity.techtarget.com/ • https://en.wikipedia.org • http://www.crn.com/

  25. THANK YOU

More Related