Unified Threat Management System

Download Report

Transcript Unified Threat Management System

Unified Threat Management
System
Abdul Basheer P
• Introduction
Contents
• Network security
• Firewall
• Why do I need a firewall
• Types of Firewall
• The New Standard – UTM
• Basic Working of UTM
• Features of UTM
• Advantages of UTM
• Disadvantages of UTM
• Conclusion
• References
2
Introduction
Unified Threat Management (UTM) is a category of
security appliances that integrates a range of security
features into a single appliance
Network Security
 Network Security is the process of taking preventative
measures to protect the networking infrastructure from
unauthorized access, misuse, malfunction, modification,
destruction, or improper disclosure
 Thereby creating a secure platform for computers, users
and programs to perform
firewall
A firewall is a dedicated appliance which
inspects network traffic passing through it,
and denies or permits passage based on a set of
rules.
Why do I need a firewall?
• If you connected to the cyber space, you are a potential
target to an array of cyber threats
• such as hackers, keyloggers, and Trojans that
attack identity theft and other malicious attacks through
unpatched security holes
• A firewall works as a barrier, or a shield, between your PC
and cyber space
Types of Firewall
•
•
•
•
Packet-filtering firewalls
Circuit-level Firewalls
Stateful inspection firewalls
Application-level gateways
Traditional firewalls
• Previous generations of firewalls were port-based or used
packet filtering
• Determined whether traffic is allowed or disallowed based
on characteristics of the packets
• However, traditional firewalls have failed to keep pace with
the increased use of modern applications, and network
security threats
The New Standard - UTM
 Around 2000, unified threat management (UTM) technology
came onto the scene
 Category of security appliances which integrates a range of
security features into a single appliance
 UTM appliances combine firewall, gateway, anti-virus,
intrusion detection and prevention capabilities etc. into a
single platform
Basic deployment of firewall/UTM
Basic Working of UTM
 Integration of Firewall
 Statefull Packet Inspection
 Deep Packet Inspection
 Intrusion Prevention for blocking network threats
 Anti-Virus for blocking file based threats
 Anti-Spyware for blocking Spyware
 Content Inspection
Stateful Packet Inspection
INSPECT
Stateful is limited
that |can
Version | Service
Total Length
Sourceinspection
UDP Port
| Flags
| Fragment
only ID
block
on ports
Protocol | IP Checksum
Source IP Address
Data
Inspection!
Destination IP Address
IP Options
TTL
Destination
No
UDP Port
|
Stateful
Packet
Inspection
Firewall Traffic Path
Deep Packet Inspection
Signature Database
Source
UDP Port
|
|
|
Destination
UDP Port
INSPECT
INSPECT
ATTACK-RESPONSES 14BACKDOOR
58BAD-TRAFFIC 15DDOS 33DNS
19DOS 18EXPLOIT >35FINGER
13FTP 50ICMP
115Instant
Version
Service
Total Length
Messenger 25IMAP 16INFO
7Miscellaneous44MS-SQL
24MSID
Flags Fragment
SQL/SMB 19MULTIMEDIA 6MYSQL
2NETBIOS Protocol
25NNTP 2ORACLE
TTL
IP Checksum
25P2P 51POLICY 21POP2 4POP3
18RPC 124RSERVICES
13SCAN
Source IP Address
25SMTP 23SNMP 17TELNET
Destination
IP Address
14TFTP
9VIRUS 3WEB-ATTACKS
47WEB-CGI 312WEB-CLIENT
|
|
|
IP Options
Stateful
Packet
Inspection
Deep
Packet
Inspection
Deep Packet Inspection inspects
all traffic moving through a
device
Firewall Traffic Path
Deep Packet Inspection / Prevention
Signature Database
ATTACK-RESPONSES 14BACKDOOR
58BAD-TRAFFIC 15DDOS 33DNS
19DOS 18EXPLOIT >35FINGER
13FTP 50ICMP
115Instant
Version
Service
Total Length
Messenger 25IMAP 16INFO Source
UDP
7Miscellaneous44MS-SQL
24MSID
Flags Fragment
UDP
Port
Length
SQL/SMB 19MULTIMEDIA
6MYSQL
2NETBIOS
25NNTP
2ORACLE
TTL
Protocol IP Checksum
25P2P 51POLICY 21POP2 4POP3
18RPCSource
124RSERVICES
13SCAN
IP Address
Destination
UDP
25SMTP 23SNMP 17TELNETUDP Port
Checksum
Destination
IP Address
14TFTP
9VIRUS
3WEB-ATTACKS
47WEB-CGI 312WEB-CLIENT
Comparing…
Version | Service | Total Length
ID
|
Flags | Fragment
TTL | Protocol | IP Checksum
Source IP Address
Destination IP Address
Source
UDP Port
|
|
DATA
|
Version | Service | Total Length
ID
|
Flags | Fragment
TTL | Protocol | IP Checksum
Source IP Address
Destination IP Address
Destination
UDP Port
|
|
Version | Service | Total Length
ID
|
Flags | Fragment
TTL | Protocol | IP Checksum
Source IP Address
Destination IP Address
|
IP Options
Stateful
Packet
Inspection
Version | Service | Total Length
|
ID
TTL
Flags
| Fragment
|
Protocol | IP Checksum
Source IP Address
Destination IP Address
IP Options
Deep
Packet
Inspection
Application
Attack, Worm or
Trojan Found!
Deep Packet Inspection with
Intrusion Prevention can find and
block, application vulnerabilities,
worms or Trojans.
Firewall Traffic Path
Gateway Anti-Virus and Content Control
Signature Database
Source
UDP Port
Destination
m UDP Port
ATTACK-RESPONSES 14BACKDOOR
58BAD-TRAFFIC 15DDOS 33DNS
19DOS 18EXPLOIT >35FINGER
13FTP 50ICMP
115Instant
Version
Service
Total Length
Messenger 25IMAP 16INFO
7Miscellaneous44MS-SQL
24MSID
Flags Fragment
SQL/SMB 19MULTIMEDIA 6MYSQL
2NETBIOS
25NNTP 2ORACLE
TTL
Protocol
IP Checksum
25P2P 51POLICY 21POP2 4POP3
18RPC Source
124RSERVICES
13SCAN
IP Address
25SMTP 23SNMP 17TELNET
Destination
IP Address
14TFTP
9VIRUS 3WEB-ATTACKS
47WEB-CGI 312WEB-CLIENT
|
|
|
|
|
|
Virus
File!
AuctionSite
IP Options
Stateful
Packet
Inspection
Deep
Packet
Inspection
Gateway
Anti-Virus
Anti-Spyware
Firewall Traffic Path
Content
Inspection
Security Must Be Updated
Signature Database
ATTACK-RESPONSES 14BACKDOOR
58BAD-TRAFFIC 15DDOS 33DNS
19DOS 18EXPLOIT >35FINGER
13FTP 50ICMP 115Instant
Messenger 25IMAP 16INFO
7Miscellaneous44MS-SQL 24MSSQL/SMB 19MULTIMEDIA 6MYSQL
2NETBIOS 25NNTP 2ORACLE
25P2P 51POLICY 21POP2 4POP3
18RPC 124RSERVICES 13SCAN
25SMTP 23SNMP 17TELNET
14TFTP 9VIRUS 3WEB-ATTACKS
47WEB-CGI 312WEB-CLIENT
Stateful
Packet
Inspection
AV Database
IPS Database
Spy Database
Content
Filtering
Database
Deep
Packet
Inspection
Gateway
Anti-Virus
Anti-Virus
Anti-Spyware
Firewall Traffic Path
Content
Content
Filtering
Inspection
Service
Features of UTM
• Scalable central management
• Single Interface to manage
• Firewall
• Web Filtering
• Antivirus
• Bandwidth Management
Features of UTM
•,
• VPN
• URL Filtering
• Traffic shaping
• Content Filtering
• Realtime monitoring
• Reporting.
Features of UTM
• Identity Based Policy Control
• ISP Load Balancing/Failover
• Secure Wireless
• High Availability - Appliance
• One UTM divided in to several logical units, each serving
different locations
• Updateable database by an expert signature team
UTM Venders
Advantages of UTM
 Lower up-front cost
 Less space
 Lower power consumption
 Easier to install and configure
 Fully integrated
Disadvantages of UTM
 Need of Administrator
 Single point-of-failure
 creating a vendor lock-in on a longer term
 When processing peaks are reached, there could be some
compromise in the functionality
Conclusion
UTM can meet the needs of enterprise network
results a powerful toolset that can displace
traditional firewalls and give network managers greater
flexibility and greater capability to solve their immediate
security problems quickly
References
• http://searchmidmarketsecurity.techtarget.com/
• https://en.wikipedia.org
• http://www.crn.com/