unified threat management by Nisha Menon K

1. UNIFIED THREAT MANAGEMENT
NISHA MENON K
ROLL NO: 16
M-TECH
COMMUNICATION ENGINEERING
12/23/2013
1

2. OUTLINE
 INTRODUCTION
 THREATS
 FEATURES OF UTM
 TYPES OF UTM
 ADVANTAGES
 DISADVANTAGES
 NEXT GENERATION UTM
 CONCLUSION
12/23/2013
2

3. INTRODUCTION
Unified threat management (UTM) is a comprehensive solution
that has recently emerged in the network security industry.
.
A Unified Threat Management (UTM) can simplify management of
security strategy, with just one device taking the place of
multiple layers of legacy security hardware and software.
Additionally, UTM security solutions can be monitored and
configured from a single, centralized management console.
12/23/2013
3

4. Why UTM??
12/23/2013
4

5. Why UTM??
• UTM solutions emerged of the need to stem the increasing number
of
attacks
on
corporate
information
systems
via
hacking/cracking, viruses, worms - mostly an outcome of
blended threats and insider threats.
• Firms have been increasingly falling victim to attacks from cyber
hackers.
• Traditional security solutions which evolved to tackle specific
threats are usually more difficult to deploy, manage and update.
This increases operational complexities and overhead costs.
• Today's organizations demand an integrated approach to network
security and productivity that combines the features of traditional
technologies with the streamlined ease of use of UTM
12/23/2013
5

6.  UTM typically includes a firewall, antivirus software,
content filtering and a spam filter in a single
integrated package.
Content
filtering
Firewall
Antivirus
12/23/2013
6

7. THREATS
THREATS/ATTACKS
Spyware
12/23/2013
Application
Attacks
File based threats
Email viruses
7

8. Spyware/Adware
 Spyware is any software that utilizes a computer’s
Internet access without the host’s knowledge or
explicit permission
 Approximately 90% of computers have some form of
Spyware.
 Aids in gathering information:



12/23/2013
Browsing habits (sites visited, links clicked, etc.)
Data entered into forms (including account
names, passwords, text of Web forms and Web-based
email, etc.)
Key stokes and work habits
8

9. Application
Attacks
 Unpatched Servers:
 Servers do not get up to date
Buffer Overflow
patches
Malicious Hacker
 Attacker sends malicious code
through a buffer overflow
 Server is infected
 New users who access server get
infected
12/23/2013
9

10. File Based
Threats
 Example: Internet download
 Viruses and malicious code
File Server
infection:
 Peer to Peer
Corp Network
 Instant Messaging apps
 Shareware sites
 Compromised servers
 Legitimate corporations
 Web based email
 Threats pass through firewalls
 Once inside the network, others
are easily affected
12/23/2013
10

11. E-mail Viruses
 E-mail has become the primary
Corp Network
means for distributing threats
 Trojans are easy to deliver and
install
 HTML viruses (no user
intervention) with webmail
 E-mails with attachments
containing:
 java scripts and html scripts
12/23/2013
11

12. FEATURES OF UTM
FIREWALL INSPECTION
INTRUSION PREVENTION
URL FILTERING
ANTI-VIRUS
ANTI-SPAM
VIRTUAL PRIVATE NETWORK
12/23/2013
12

13. • FIREWALL INSPECTION
• A system designed to prevent unauthorized access to or from a
private network
• Firewalls can be implemented in both hardware and software, or a
combination of both.
12/23/2013
13

14. • INTRUSION PREVENTION
• Intrusion prevention systems (IPS), also known as intrusion detection
and prevention systems (IDPS)
•
Monitor network and/or system activities for malicious activity
• Identify malicious activity, log information about this activity, attempt to
block/stop it, and report it
12/23/2013
14

15. • URL FILTERING
URL filtering is strictly a client protection technology of UTM.
It can be used for both providing policy enforcement, such as limiting access
to what sites different users can access based on category and organizational
policy, as well as to act as another layer of security by limiting access to
potentially malicious sites.
12/23/2013
15

16. • ANTI-SPAM
• Unwanted e-mail messages, usually sent by commercial, malicious, or
fraudulent entities .
• The anti-spam feature examines transmitted e-mail messages to identify
spam.
• When the device detects a message seemed to be spam, it blocks the
e-mail message.
12/23/2013
16

17. • ANTI VIRUS
The UTM Appliance AntiVirus feature handles the
detection and removal of viruses.
12/23/2013
17

18. • VPN (VIRTUAL PRIVATE NETWORK)
Used to connect two or more private networks via the
internet
•Provides an encrypted tunnel
between the two private networks
•Usually cheaper than a private
leased line
•Once established and as long as the
encryption remains secure the VPN is
impervious to exploitation
12/23/2013
18

19. STANDARD - UTM
 Unified Threat Management
 Integration of
• Firewall
• Intrusion Prevention for blocking network
threats
• Anti-Virus for blocking file based threats
• Anti-Spyware for blocking Spyware
 Faster updates to the dynamic changing
threat environment and elimination of False
Positives
12/23/2013
19

20. Integrated Threat Protection in Action
Error message:
“Drops” copy of itself
on system and
attempts to propagate
“Innocent” Video Link:
Redirects to malicious Website
“Out of date” Flash player error:
“Download” malware file
Solution:
Integrated Web Filtering
Blocks access to malicious Website
Network Antivirus
Blocks download of virus
Intrusion Protection
Blocks the spread of the worm
12/23/2013
20

21. TYPES OF UTM
UTM
Hardware
based
12/23/2013
Software
based
21

22. ADVANTAGES
• REDUCED COMPLEXITY: Single security solution.
• SIMPLICITY : Avoidance of multiple software installation and
maintenance
• EASY MANAGEMENT
• LOW OPERATOR INTERACTION
• EASY TO TROUBLESHOOT
12/23/2013
22

23. DISADVANTAGES
o Single point of failure for network traffic
o Single point of compromise if the UTM has vulnerabilities
o Potential impact on latency and bandwidth when the UTM cannot keep
up with the traffic
12/23/2013
23

24. NEXT GENERATION - UTM
Identity-based UTM: provide discrete identity information
of each user in the network along with network log data.
They allow creation of identity-based network access policies for
individual users, delivering complete visibility and control on the
network activities.
Voice Over IP security
Instant Messaging
Worm protection
Expanded security
security to every corner of an organization’s network, from the core to
the perimeter and every point in between.
12/23/2013
24

25. CONCLUSION
• UTM is answer to new challenges in the “wild” Internet
• UTM is integrated solution with easy management
• UTM offers complete support for all users, whether they are at an
enterprise site or in between network zones-ensuring maximum
protection
12/23/2013
25

26. REFERENCE
[1] Ranjit Shrirang Nimbalkar , Dr. B. B. Meshram “Survey on Integrated
Management” International Journal of Engineering Research &
Technology (IJERT), Vol. 2, Issue 6, June - 2013
[2] U.R.Naik and P.R.Chandra, “Designing Highperformance
Networking Applications,” Intel Press, 2004.
12/23/2013
26

27. 12/23/2013
27