280 likes | 313 Views
Unified Threat Management System. Abdul Basheer P. Contents. Introduction Network security Firewall Why do I need a firewall Types of Firewall The New Standard – UTM Basic Working of UTM Features of UTM Advantages of UTM Disadvantages of UTM Conclusion References. Introduction.
E N D
Unified Threat Management System Abdul Basheer P
Contents • Introduction • Network security • Firewall • Why do I need a firewall • Types of Firewall • The New Standard – UTM • Basic Working of UTM • Features of UTM • Advantages of UTM • Disadvantages of UTM • Conclusion • References
Introduction Unified Threat Management (UTM) is a category of security appliances that integrates a range of security features into a single appliance
Network Security • Network Security is the process of taking preventative measures to protect the networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure • Thereby creating a secure platform for computers, users and programs to perform
firewall A firewall is a dedicated appliance which inspects network traffic passing through it, and denies or permits passage based on a set of rules.
Why do I need a firewall? • If you connected to the cyber space, you are a potential target to an array of cyber threats • such as hackers, keyloggers, and Trojans that attack identity theft and other malicious attacks through unpatched security holes • A firewall works as a barrier, or a shield, between your PC and cyber space
Types of Firewall • Packet-filtering firewalls • Circuit-level Firewalls • Stateful inspection firewalls • Application-level gateways
Traditional firewalls • Previous generations of firewalls were port-based or used packet filtering • Determined whether traffic is allowed or disallowed based on characteristics of the packets • However, traditional firewalls have failed to keep pace with the increased use of modern applications, and network security threats
The New Standard - UTM • Around 2000, unified threat management (UTM) technology came onto the scene • Category of security appliances which integrates a range of security features into a single appliance • UTM appliances combine firewall, gateway, anti-virus, intrusion detection and prevention capabilities etc. into a single platform
Basic Working of UTM • Integration of Firewall • Statefull Packet Inspection • Deep Packet Inspection • Intrusion Prevention for blocking network threats • Anti-Virus for blocking file based threats • Anti-Spyware for blocking Spyware • Content Inspection
Stateful Packet Inspection INSPECT Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options SourceUDP Port Destination UDP Port UDP Length UDP Checksum DATA Stateful is limited inspection that can only block on ports No Data Inspection! Stateful PacketInspection Firewall Traffic Path
Deep Packet Inspection INSPECT INSPECT Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options SourceUDP Port Destination UDP Port UDP Length UDP Checksum DATA Deep Packet Inspection inspects all traffic moving through a device Deep PacketInspection Stateful PacketInspection Firewall Traffic Path
SourceUDP Port Destination UDP Port SourceUDP Port Destination UDP Port SourceUDP Port Destination UDP Port SourceUDP Port Destination UDP Port UDP Length UDP Checksum UDP Length UDP Checksum UDP Length UDP Checksum UDP Length UDP Checksum DATA DATA DATA DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address Deep Packet Inspection / Prevention Signature Database Comparing… ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT Application Attack, Worm or Trojan Found! Deep Packet Inspection with Intrusion Prevention can find and block, application vulnerabilities, worms or Trojans. Stateful PacketInspection Deep PacketInspection Firewall Traffic Path
SourceUDP Port Destination UDP Port SourceUDP Port Destination UDP Port SourceUDP Port Destination UDP Port SourceUDP Port Destination UDP Port UDP Length UDP Checksum UDP Length UDP Checksum UDP Length UDP Checksum UDP Length UDP Checksum DATA DATA Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Version | Service | Total Length ID | Flags | Fragment TTL | Protocol | IP Checksum Source IP Address Destination IP Address IP Options Gateway Anti-Virus Anti-Spyware Content Inspection Gateway Anti-Virus and Content Control Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT Virus File! AuctionSite Stateful PacketInspection Deep PacketInspection Firewall Traffic Path
Security Must Be Updated Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT AV Database IPS Database Spy Database Content Filtering Database Content Inspection Stateful PacketInspection Deep PacketInspection Anti-Virus Content Filtering Service Gateway Anti-Virus Anti-Spyware Firewall Traffic Path
Features of UTM • Scalable central management • Single Interface to manage • Firewall • Web Filtering • Antivirus • Bandwidth Management
Features of UTM • , • VPN • URL Filtering • Traffic shaping • Content Filtering • Realtime monitoring • Reporting.
Features of UTM • Identity Based Policy Control • ISP Load Balancing/Failover • Secure Wireless • High Availability - Appliance • One UTM divided in to several logical units, each serving different locations • Updateable database by an expert signature team
Advantages of UTM • Lower up-front cost • Less space • Lower power consumption • Easier to install and configure • Fully integrated
Disadvantages of UTM • Need of Administrator • Single point-of-failure • creating a vendor lock-in on a longer term • When processing peaks are reached, there could be some compromise in the functionality
Conclusion UTM can meet the needs of enterprise network results a powerful toolset that can displace traditional firewalls and give network managers greater flexibility and greater capability to solve their immediate security problems quickly
References • http://searchmidmarketsecurity.techtarget.com/ • https://en.wikipedia.org • http://www.crn.com/