SlideShare ist ein Scribd-Unternehmen logo

A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal

Rishabh Dangwal
Rishabh Dangwal

This document provides an overview of unified threat management (UTM) systems, including their evolution from firewalls and how they integrate multiple security functions. It discusses two approaches for developing UTM systems - the licensing and integrating approach used by multi-vendor UTMs, and the in-house development approach used by single vendor UTMs. It also describes the key components of UTMs, including specialized hardware like content processors, specialized software, and evolving security content.

TechnologieBusiness
1 von 12
A simple guide to Unified Threat Management Systems (UTMs) A Report by Rishabh Dangwal admin@theprohack.com www.theprohack.com Disclaimer This is a case study which by no means intends to infringe copyrights of any researcher/analyst. I have compiled the information from the web and believe it will be most useful to you. The original research credit goes to Micky Johnson, the original Fortinet whitepaper, and countless datasheets of the UTM vendors and resources on Google. This document by no means shall be used as a complete reference to UTM’s and may contain errors, but I hope it will help you test the tides of UTM scene in a much better way.
Abstract – The objective of this singular report is to explore the UTM architecture, its inner workings and how we can build a high performance UTM. We have come a long way from single purpose routers to super specialized devices which rely on customized processors and Application Specific Integrated Circuits (ASIC) to deliver high-performance traffic forwarding between networks and applications. The evolution can be thankfully credited to the increase in performance requirements, which once implemented, were adopted by as an industry standards. EVOLUTION –A little Background of UTM technology UTMs can be simply expressed as Next generation Firewalls, have evolved specifically from conventional firewalls. The first firewalls were software firewalls which were itself evolved from software routers. Later on as technology evolved, and hardware routers came into scene, hardware firewalls arrived which were nothing more than routers with packet filtering capabilities. Furthermore, the technology matured from basic packet filtering to a more complex control technology which included stateful packet inspection and finally to full application layer inspection devices (IEEE, 1997). Around the year 2000, VPN’s appeared and gained acceptance as the mainstream technology to connect networks securely, remotely. Firewalls followed closely by integrating VPN’s with Firewall which was the natural choice as enterprise solutions required both firewalls and VPNS. As the prices for bandwidth fell along with the cost of cryptographic hardware needed to encode and decode the traffic, the need for specialized hardware rose which may be used to accelerate the performance.
Unified Threat Management In mid 2004, International Data Corporation (IDC) defined UTM platforms as to minimally include firewall, VPN, intrusion prevention and antivirus features. Touted as “Next Generation Firewalls”, we have two approaches to design the UTM’s since their inception.  Licensing and Integrating Approach (Multi vendor UTM)  In-house Development Approach (Single vendor UTM) The above figure illustrates the core architecture and development approach of developing UTMs Licensing and Integrating Approach (Multi vendor UTM) The first design approach tried to get the best of worlds by integrating specialized technologies from different security vendors. For e.g.: Cyberoam UTM licenses Antivirus from Kaspersky, AntiSpam by Commtouch , both who specialize in Antivirus and AntiSpam technologies.
These UTM’s provided an integrated interface to manage all the integrated technologies in the easiest possible manner, while some others require specific management interfaces. Advantages Limitations Combines the best of all worlds Research and advancement dependent on different vendors, hindrance in optimization of individual applications Less time required in development and Again, the time is dependent on different security deployment of a new UTM box vendors Single Management interface The interface may not be adequate Cost effective If one of security vendor was compromised globally, the UTM was gone as the technology is outsourced Cannot take full benefit of hardware acceleration resources due to multivendor technologies Embedding of new technologies is difficult In-house Development Approach (Single vendor UTM) The second design approach is the more difficult out of two, which requires ground up development of a UTM device from scratch, and involves the provision of each security function natively. This was not flawless, each security function must pass a set of market guidelines and standards set by standalone security products effectively in order to be accepted. However, with time, the core functions provided by UTM platforms—firewall, intrusion prevention and antivirus—had matured since the onset of the UTM era, so building competent security functions was both possible and cost effective. Also, this approach had a better management interface as the platform incorporated all the technologies since inception. Advantages Limitations Unified architecture from scratch All the technologies may/may not be adequate as compared to their professional standalone counterparts Research and advancement dependent on own More time required in development and pace, better optimization of applications deployment of a new UTM box Unified and Best management interface High cost of development In-house code fills security gaps and poses less Security through obscurity is not always a very threat of compromise. good idea. Can take full benefit of hardware acceleration resources, which leads to exponential performance gains Embedding of new technologies is easier
Why UTM’s are required more than ever? 1. With advent of technology, blended attacks against organizations has led to older specialized protection devices/services obsolete. 2. The integrated approach allows the administrator to worry about only one device, not the whole flurry of firewalls, antivirus & IDS/IPS. 3. With falling costs, the attackers have got more speed at their dispense, hence they can carry out more attacks & hence we need more functionality on a single device to counter those. UTM – Impact Assessment Unified Threat Management – What actually it does? At its heart, a UTM does the core work of collection of data and detection of unwanted and malicious data. As quoted by Mick Johnson, Collection involves picking the packets off the wire and processing them through the network stack, reassembling and deciphering packet header information and identifying the relevant payloads. Detection is the task of scanning those payloads for data that signify a particular traffic stream is malicious or unwanted. A given portion of traffic might apply to either collection or detection at different stages: the source IP address must be checked against a set of firewall rules before being used to identify a TCP stream for reassembly and HTTP-level scanning for viruses.
That said, the process is quite complex in nature and spans through the 6 layers of OSI model. The factors identified above have made the detection phase correspondingly more important. With time, the packet header size has remained the same however more information can be funneled through packet payloads. Finally with each added security function or application in a UTM adds extra workload to the detection phase, irrespective of the amount of traffic which leads to a massive performance drop when a specific type of inspection is turned on. UTM Components While there are many components in a UTM appliance, there are three major components to high- performance UTM systems: 1. Specialized hardware, 2. Specialized software and 3. Evolving security content Specialized Hardware Two major types of specialized UTM co-processing hardware contribute to performance scalability— content processors and network processors. These processors work in conjunction with the general purpose processor. The general purpose processor works in concert with the other specialized processors similarly to the way that the brain works with the spine and peripheral nervous system to perform system activities.
Content Processors / Content ASIC Content Processors allow for the design and deployment of next-generation networking systems that can make packet or message processing decisions based on an awareness of the packet or message content. Primary Functions  Acceleration - Content processors can accelerate antivirus, intrusion prevention and other application level security technologies.  Deep Packet Inspection - Perform Deep Packet inspection and can modify and re-write content on the fly.  Scanning logic - Content processors implement only scanning logic in hardware, and don’t store threat pattern data, which continue to be stored by memory.  Encryption / Decryption - Content processors can also contain cryptographic engines that relieve the general purpose processor from the high intensity calculations that take place during encrypted communications.  Analyse - Can perform both message-based and packet-by-packet analysis and some can keep track of content across multiple packets.  Hardware acceleration - Prime candidate for hardware acceleration as they help counter performance taxing applications like VPN
Network Processors A network processor is an integrated circuit which has a feature set specifically targeted at the networking application domain and performs high sped processing of Network flows. Network processors are typically software programmable devices and would have generic characteristics similar to general purpose central processing units that are commonly used in many different types of equipment and products. This type of processors typically are placed in line between the general purpose processor and network ports, directly receiving traffic and performing some functions automatically. Primary Functions  Pattern matching - the ability to find specific patterns of bits or bytes within packets in a packet stream.  Key lookup for example, address lookup - the ability to quickly undertake a database lookup using a key (typically an address on a packet) to find a result, typically routing information.  Data bitfield manipulation - the ability to change certain data fields contained in the packet as it is being processed.  Queue management - as packets are received, processed and scheduled to be send onwards, they are stored in queues.  Control processing - the micro operations of processing a packet are controlled at a macro level which involves communication and orchestration with other nodes in a system.
 Quality of service (QoS) enforcement - identifying different types or classes of packets and providing preferential treatment for some types or classes of packet at the expense of other types or classes of packet.  Access Control functions - determining whether a specific packet or stream of packets should be allowed to traverse the piece of network equipment.  Encryption and Decryption of data streams - built in hardware-based encryption engines allow individual data flows to be encrypted/decrypted by the processor.  Act as a basic router - Packet or frame discrimination and forwarding, that is, the basic operation of a router or switch. They also allow for quick allocation and re-circulation of packet buffers.  Decrease load on system - The latest generation of network processors can be programmed with the current firewall and IPS policy, filtering traffic, detecting protocol anomalies and expediting delivery of latency-sensitive traffic at the interface level— without burdening the rest of the system Specialized Software At its core, a UTM consists of an operating system which integrates all the applications together. To facilitate the integration of specialized hardware with software, special programming approaches are needed. This needs the required ability to modify and optimize the source code, else all the tasks will be run on CPU and hence we will notice an overall performance drop on all levels. It’s highly unlikely that a 3rd party security vendor will optimize their code according to the hardware; they just tend to license their code for the platform. Also, combination of multiple technologies means there is a high probability of incompatible software and code and redundant operations which further degrade performance The basic approach for multivendor UTM is to license the software from 3rd party security vendors and integrate them for highest compatibility, for e.g., if they deploy a Linux based OS as the core of their UTM device, then they might opt for a Linux based antivirus in order to increase performance rather to risk it by virtualizing a windows based OS just for the applications. Single UTM vendors on the other hand go for the integrated approach and can optimize it according to their needs. The developers can eliminate threats as fast as possible by innovating on new trends and make UTM a true Next generation firewall.
A Brief Intro to Antivirus, Anti Spam and Content Filtering technologies Antivirus Antivirus or anti-virus software is used to prevent, detect, and remove computer viruses, worms, and trojan horses. Detection Methods  Signature Based  Heuristics/Meta-Heurisitcs  Rootkit Analysis Antivirus in UTMs  Generic Antivirus – Antivirus is fully deployed at device with only suspicious files sent for analysis and signature creation.  Gateway Anti-Virus – This technique allows applications across the enterprise to check files for viruses by providing a SOAP-based virus scanning web service. Client applications attach files to SOAP messages and submit them to the Gateway Anti- Virus web service. This may be used with active caching.  Cloud Antivirus – Cloud antivirus is a technology that uses lightweight agent software on the protected computer, while offloading the majority of data analysis to the provider's infrastructure. Anti Spam Antispam software combats spam using various techniques. Detection Methods  Authentication and reputation  SMTP proxy  Challenge/response systems  Checksum-based filtering  DNS-based blacklists  Enforcing RFC standards  Greeting delay  Greylisting  Invalid pipelining  Sender-supported whitelists and tags  Rule-based filtering  Statistical content filtering
Antispam in UTMs  Generic Antispam / Inhouse Antispam– Antispam is fully deployed at device with only suspicious mails sent for analysis and signature/reputation creation.  3rd Party Antispam – Mails may be checked using a secure connection to the 3rd party service provider for spam and false positive detection. Content Filtering & URL filtering Content filtering is the technique whereby content is blocked or allowed based on analysis of its content, rather than its source or other criteria. Detection Methods  Attachment - The blocking of certain types of file (e.g. executable programs).  Bayesian  DNS Based filtering  Char-set  Content-encoding  Heuristic  HTML anomalies  Language  Mail header  Mailing List  Phrases  Proximity  Regular Expression  URL-Filtering based on the URL Content Filtering in UTMs  Generic Content Filtering / In house– Filtering is fully deployed at device with only suspicious content sent for analysis and signature/reputation creation.  3rd Party Content Filtering – content may be checked using a secure connection to the 3rd party service provider for spam and false positive detection.
UTM – Competitive Product Analysis Cyberoam Checkpoint WatchGuard Juniper Sonicwall IBM Device Model 100ia UTM-1 XTM 510 SRX 240 NSA 3500 IBM Proventia 13x series / 27x (Supports MX 5008 series virtualization) Firewall 1.25 Gbps 1.5 Gbps 1.5 Gbps 1.5 Gbps 1.5 Gbps 1.6 Gbps Throughput Antivirus Kaspersky Gateway/Clam AVG Kaspersky McAfee Sophos Antivirus Kaspersky Anti Spam CommTouch In house In house Sophos In house In house Authentication LDAP, RADIUS RADIUS, LDAP, RADIUS, RSA XAUTH/ Active Active Windows SecureID, RADIUS, Directory, Directory, Active LDAP Active LDAP, RADIUS Directory, Directory, RADIUS, X509 VASCO, RSA SSO, SecurID, web- LDAP, based, local Terminal Services, Citrix, Internal User Database Content Filtering In House Websense In house Websense In House In house Sessions per 10K / 400K NA / 600K NA / 100K 9K / 128K 4K / 325K 9.58K / 150K second/Concurrent Sessions Epilogue The future is now gentlemen..with the onset of technologies, we have quite a lot of exotic things to work with. I will be exploring XTMs and more on UTMs in future , as well as on more security devices. I hope this document served some purpose to you. Stay Gold Rishabh Dangwal www.theprohack.com

Empfohlen

Unlocking the Promise of UTM Protection
Unlocking the Promise of UTM ProtectionUnlocking the Promise of UTM Protection
Unlocking the Promise of UTM ProtectionKerry Desberg
 
Context-Aware Intrusion Detection and Tolerance in MANETs
Context-Aware Intrusion Detection and Tolerance in MANETsContext-Aware Intrusion Detection and Tolerance in MANETs
Context-Aware Intrusion Detection and Tolerance in MANETsIDES Editor
 
Secure Trustworthy Enterprise
Secure Trustworthy EnterpriseSecure Trustworthy Enterprise
Secure Trustworthy EnterpriseDMIMarketing
 
Unified Threat Management
Unified Threat ManagementUnified Threat Management
Unified Threat ManagementMilan Petrásek
 
Unified Threat Management Solutions
Unified Threat Management SolutionsUnified Threat Management Solutions
Unified Threat Management SolutionsKelvin Charles
 
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...Tonex
 
Utm (unified threat management) security solutions
Utm (unified threat management) security solutionsUtm (unified threat management) security solutions
Utm (unified threat management) security solutionsAnthony Daniel
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 

Empfohlen

Unlocking the Promise of UTM Protection
Unlocking the Promise of UTM ProtectionUnlocking the Promise of UTM Protection
Unlocking the Promise of UTM ProtectionKerry Desberg
 
Context-Aware Intrusion Detection and Tolerance in MANETs
Context-Aware Intrusion Detection and Tolerance in MANETsContext-Aware Intrusion Detection and Tolerance in MANETs
Context-Aware Intrusion Detection and Tolerance in MANETsIDES Editor
 
Secure Trustworthy Enterprise
Secure Trustworthy EnterpriseSecure Trustworthy Enterprise
Secure Trustworthy EnterpriseDMIMarketing
 
Unified Threat Management
Unified Threat ManagementUnified Threat Management
Unified Threat ManagementMilan Petrásek
 
Unified Threat Management Solutions
Unified Threat Management SolutionsUnified Threat Management Solutions
Unified Threat Management SolutionsKelvin Charles
 
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...Tonex
 
Utm (unified threat management) security solutions
Utm (unified threat management) security solutionsUtm (unified threat management) security solutions
Utm (unified threat management) security solutionsAnthony Daniel
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Attacking intel txt paper
Attacking intel txt paperAttacking intel txt paper
Attacking intel txt papermaojunjie
 
Kb2417221726
Kb2417221726Kb2417221726
Kb2417221726IJERA Editor
 
A Secure Software Engineering Perspective
A Secure Software Engineering PerspectiveA Secure Software Engineering Perspective
A Secure Software Engineering Perspectiveidescitation
 
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS IJNSA Journal
 
Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Ian Sommerville
 
It Security Awareness Overview
It Security Awareness OverviewIt Security Awareness Overview
It Security Awareness OverviewNicholas Davis
 
Monitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System ControlMonitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System ControlMarc-Andre Heroux
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsLumension
 
A technical review and comparative analysis of machine learning techniques fo...
A technical review and comparative analysis of machine learning techniques fo...A technical review and comparative analysis of machine learning techniques fo...
A technical review and comparative analysis of machine learning techniques fo...IJECEIAES
 
In Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical SystemsIn Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical SystemsDETER-Project
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
A Trusted Integrity verification Architecture for Commodity Computers
A Trusted Integrity verification Architecture for Commodity ComputersA Trusted Integrity verification Architecture for Commodity Computers
A Trusted Integrity verification Architecture for Commodity ComputersEditor IJCATR
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
02.security systems
02.security systems02.security systems
02.security systemsSri Lanka Institute of Information Technology
 
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesA Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesIJERA Editor
 
Describing The Challenges Of Securing Information
Describing The Challenges Of Securing InformationDescribing The Challenges Of Securing Information
Describing The Challenges Of Securing InformationNicholas Davis
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214IJNSA Journal
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesIşınsu Akçetin
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
How unified threat management (utm) can benefit your enterprise network envir...
How unified threat management (utm) can benefit your enterprise network envir...How unified threat management (utm) can benefit your enterprise network envir...
How unified threat management (utm) can benefit your enterprise network envir...Cyber Security Infotech Pvt. Ltd.
 
Are You Wondering Why Your Organization Needs An Unified Threat Management Sy...
Are You Wondering Why Your Organization Needs An Unified Threat Management Sy...Are You Wondering Why Your Organization Needs An Unified Threat Management Sy...
Are You Wondering Why Your Organization Needs An Unified Threat Management Sy...IT AMC Support Dubai - Techno Edge Systems LLC
 
Are You Wondering Why Your Organization Needs a Unified Threat Management Sys...
Are You Wondering Why Your Organization Needs a Unified Threat Management Sys...Are You Wondering Why Your Organization Needs a Unified Threat Management Sys...
Are You Wondering Why Your Organization Needs a Unified Threat Management Sys...IT AMC Support Dubai - Techno Edge Systems LLC
 

Weitere ähnliche Inhalte

Was ist angesagt?

Attacking intel txt paper
Attacking intel txt paperAttacking intel txt paper
Attacking intel txt papermaojunjie
 
A Secure Software Engineering Perspective
A Secure Software Engineering PerspectiveA Secure Software Engineering Perspective
A Secure Software Engineering Perspectiveidescitation
 
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS IJNSA Journal
 
Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Ian Sommerville
 
It Security Awareness Overview
It Security Awareness OverviewIt Security Awareness Overview
It Security Awareness OverviewNicholas Davis
 
Monitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System ControlMonitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System ControlMarc-Andre Heroux
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsLumension
 
A technical review and comparative analysis of machine learning techniques fo...
A technical review and comparative analysis of machine learning techniques fo...A technical review and comparative analysis of machine learning techniques fo...
A technical review and comparative analysis of machine learning techniques fo...IJECEIAES
 
In Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical SystemsIn Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical SystemsDETER-Project
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
A Trusted Integrity verification Architecture for Commodity Computers
A Trusted Integrity verification Architecture for Commodity ComputersA Trusted Integrity verification Architecture for Commodity Computers
A Trusted Integrity verification Architecture for Commodity ComputersEditor IJCATR
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesA Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesIJERA Editor
 
Describing The Challenges Of Securing Information
Describing The Challenges Of Securing InformationDescribing The Challenges Of Securing Information
Describing The Challenges Of Securing InformationNicholas Davis
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesIşınsu Akçetin
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 

Was ist angesagt? (19)

Attacking intel txt paper
Attacking intel txt paperAttacking intel txt paper
Attacking intel txt paper
 
Kb2417221726
Kb2417221726Kb2417221726
Kb2417221726
 
A Secure Software Engineering Perspective
A Secure Software Engineering PerspectiveA Secure Software Engineering Perspective
A Secure Software Engineering Perspective
 
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS
 
Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)
 
It Security Awareness Overview
It Security Awareness OverviewIt Security Awareness Overview
It Security Awareness Overview
 
Monitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System ControlMonitoring your organization against threats - Critical System Control
Monitoring your organization against threats - Critical System Control
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
 
A technical review and comparative analysis of machine learning techniques fo...
A technical review and comparative analysis of machine learning techniques fo...A technical review and comparative analysis of machine learning techniques fo...
A technical review and comparative analysis of machine learning techniques fo...
 
In Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical SystemsIn Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical Systems
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
A Trusted Integrity verification Architecture for Commodity Computers
A Trusted Integrity verification Architecture for Commodity ComputersA Trusted Integrity verification Architecture for Commodity Computers
A Trusted Integrity verification Architecture for Commodity Computers
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013
 
02.security systems
02.security systems02.security systems
02.security systems
 
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesA Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
 
Describing The Challenges Of Securing Information
Describing The Challenges Of Securing InformationDescribing The Challenges Of Securing Information
Describing The Challenges Of Securing Information
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded Devices
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
 

Ähnlich wie A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal

How unified threat management (utm) can benefit your enterprise network envir...
How unified threat management (utm) can benefit your enterprise network envir...How unified threat management (utm) can benefit your enterprise network envir...
How unified threat management (utm) can benefit your enterprise network envir...Cyber Security Infotech Pvt. Ltd.
 
Miercom Unified Threat Management Report - WatchGuard M270
Miercom Unified Threat Management Report - WatchGuard M270Miercom Unified Threat Management Report - WatchGuard M270
Miercom Unified Threat Management Report - WatchGuard M270BAKOTECH
 
Fuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsFuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsCodenomicon
 
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...ijcncs
 
TMS320F28335 security
TMS320F28335 securityTMS320F28335 security
TMS320F28335 securityraje21
 
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshellAll about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshellHishan Shouketh
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesKrishna Chennareddy
 
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Corporation
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiStonesoft
 
110006_perils_of_aging_emul_wp
110006_perils_of_aging_emul_wp110006_perils_of_aging_emul_wp
110006_perils_of_aging_emul_wpJessica Hirst
 
unified threat management by Nisha Menon K
unified threat management by Nisha Menon K unified threat management by Nisha Menon K
unified threat management by Nisha Menon KNisha Menon K
 
Network security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdfNetwork security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdfaquazac
 
Tech trendnotes
Tech trendnotesTech trendnotes
Tech trendnotesStudying
 

Ähnlich wie A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal (20)

How unified threat management (utm) can benefit your enterprise network envir...
How unified threat management (utm) can benefit your enterprise network envir...How unified threat management (utm) can benefit your enterprise network envir...
How unified threat management (utm) can benefit your enterprise network envir...
 
Are You Wondering Why Your Organization Needs An Unified Threat Management Sy...
Are You Wondering Why Your Organization Needs An Unified Threat Management Sy...Are You Wondering Why Your Organization Needs An Unified Threat Management Sy...
Are You Wondering Why Your Organization Needs An Unified Threat Management Sy...
 
Are You Wondering Why Your Organization Needs a Unified Threat Management Sys...
Are You Wondering Why Your Organization Needs a Unified Threat Management Sys...Are You Wondering Why Your Organization Needs a Unified Threat Management Sys...
Are You Wondering Why Your Organization Needs a Unified Threat Management Sys...
 
Miercom Unified Threat Management Report - WatchGuard M270
Miercom Unified Threat Management Report - WatchGuard M270Miercom Unified Threat Management Report - WatchGuard M270
Miercom Unified Threat Management Report - WatchGuard M270
 
Cr vs fortinet
Cr vs fortinetCr vs fortinet
Cr vs fortinet
 
Fuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsFuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for Telecommunications
 
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
 
TMS320F28335 security
TMS320F28335 securityTMS320F28335 security
TMS320F28335 security
 
CSEC630 individaul assign
CSEC630 individaul assignCSEC630 individaul assign
CSEC630 individaul assign
 
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshellAll about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
 
50120140502015
5012014050201550120140502015
50120140502015
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for Utilities
 
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Whitepaper: Application Whitelisting And Energy Systems
CoreTrace Whitepaper: Application Whitelisting And Energy Systems
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewski
 
Firewall
FirewallFirewall
Firewall
 
110006_perils_of_aging_emul_wp
110006_perils_of_aging_emul_wp110006_perils_of_aging_emul_wp
110006_perils_of_aging_emul_wp
 
169
169169
169
 
unified threat management by Nisha Menon K
unified threat management by Nisha Menon K unified threat management by Nisha Menon K
unified threat management by Nisha Menon K
 
Network security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdfNetwork security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdf
 
Tech trendnotes
Tech trendnotesTech trendnotes
Tech trendnotes
 

Mehr von Rishabh Dangwal

Cliffnotes on Blue Teaming
Cliffnotes on Blue TeamingCliffnotes on Blue Teaming
Cliffnotes on Blue TeamingRishabh Dangwal
 
An introduction to SwiftNET
An introduction to SwiftNETAn introduction to SwiftNET
An introduction to SwiftNETRishabh Dangwal
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationRishabh Dangwal
 
Network nags - when security fails
Network nags - when security failsNetwork nags - when security fails
Network nags - when security failsRishabh Dangwal
 
Introduction to Wan Acceleration Devices
Introduction to Wan Acceleration DevicesIntroduction to Wan Acceleration Devices
Introduction to Wan Acceleration DevicesRishabh Dangwal
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comRishabh Dangwal
 
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comUnderstanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comRishabh Dangwal
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
An introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalAn introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalRishabh Dangwal
 

Mehr von Rishabh Dangwal (9)

Cliffnotes on Blue Teaming
Cliffnotes on Blue TeamingCliffnotes on Blue Teaming
Cliffnotes on Blue Teaming
 
An introduction to SwiftNET
An introduction to SwiftNETAn introduction to SwiftNET
An introduction to SwiftNET
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigation
 
Network nags - when security fails
Network nags - when security failsNetwork nags - when security fails
Network nags - when security fails
 
Introduction to Wan Acceleration Devices
Introduction to Wan Acceleration DevicesIntroduction to Wan Acceleration Devices
Introduction to Wan Acceleration Devices
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
 
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comUnderstanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 
An introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalAn introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh Dangwal
 

Kürzlich hochgeladen

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Kürzlich hochgeladen (20)

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal

  • 1. A simple guide to Unified Threat Management Systems (UTMs) A Report by Rishabh Dangwal admin@theprohack.com www.theprohack.com Disclaimer This is a case study which by no means intends to infringe copyrights of any researcher/analyst. I have compiled the information from the web and believe it will be most useful to you. The original research credit goes to Micky Johnson, the original Fortinet whitepaper, and countless datasheets of the UTM vendors and resources on Google. This document by no means shall be used as a complete reference to UTM’s and may contain errors, but I hope it will help you test the tides of UTM scene in a much better way.
  • 2. Abstract – The objective of this singular report is to explore the UTM architecture, its inner workings and how we can build a high performance UTM. We have come a long way from single purpose routers to super specialized devices which rely on customized processors and Application Specific Integrated Circuits (ASIC) to deliver high-performance traffic forwarding between networks and applications. The evolution can be thankfully credited to the increase in performance requirements, which once implemented, were adopted by as an industry standards. EVOLUTION –A little Background of UTM technology UTMs can be simply expressed as Next generation Firewalls, have evolved specifically from conventional firewalls. The first firewalls were software firewalls which were itself evolved from software routers. Later on as technology evolved, and hardware routers came into scene, hardware firewalls arrived which were nothing more than routers with packet filtering capabilities. Furthermore, the technology matured from basic packet filtering to a more complex control technology which included stateful packet inspection and finally to full application layer inspection devices (IEEE, 1997). Around the year 2000, VPN’s appeared and gained acceptance as the mainstream technology to connect networks securely, remotely. Firewalls followed closely by integrating VPN’s with Firewall which was the natural choice as enterprise solutions required both firewalls and VPNS. As the prices for bandwidth fell along with the cost of cryptographic hardware needed to encode and decode the traffic, the need for specialized hardware rose which may be used to accelerate the performance.
  • 3. Unified Threat Management In mid 2004, International Data Corporation (IDC) defined UTM platforms as to minimally include firewall, VPN, intrusion prevention and antivirus features. Touted as “Next Generation Firewalls”, we have two approaches to design the UTM’s since their inception.  Licensing and Integrating Approach (Multi vendor UTM)  In-house Development Approach (Single vendor UTM) The above figure illustrates the core architecture and development approach of developing UTMs Licensing and Integrating Approach (Multi vendor UTM) The first design approach tried to get the best of worlds by integrating specialized technologies from different security vendors. For e.g.: Cyberoam UTM licenses Antivirus from Kaspersky, AntiSpam by Commtouch , both who specialize in Antivirus and AntiSpam technologies.
  • 4. These UTM’s provided an integrated interface to manage all the integrated technologies in the easiest possible manner, while some others require specific management interfaces. Advantages Limitations Combines the best of all worlds Research and advancement dependent on different vendors, hindrance in optimization of individual applications Less time required in development and Again, the time is dependent on different security deployment of a new UTM box vendors Single Management interface The interface may not be adequate Cost effective If one of security vendor was compromised globally, the UTM was gone as the technology is outsourced Cannot take full benefit of hardware acceleration resources due to multivendor technologies Embedding of new technologies is difficult In-house Development Approach (Single vendor UTM) The second design approach is the more difficult out of two, which requires ground up development of a UTM device from scratch, and involves the provision of each security function natively. This was not flawless, each security function must pass a set of market guidelines and standards set by standalone security products effectively in order to be accepted. However, with time, the core functions provided by UTM platforms—firewall, intrusion prevention and antivirus—had matured since the onset of the UTM era, so building competent security functions was both possible and cost effective. Also, this approach had a better management interface as the platform incorporated all the technologies since inception. Advantages Limitations Unified architecture from scratch All the technologies may/may not be adequate as compared to their professional standalone counterparts Research and advancement dependent on own More time required in development and pace, better optimization of applications deployment of a new UTM box Unified and Best management interface High cost of development In-house code fills security gaps and poses less Security through obscurity is not always a very threat of compromise. good idea. Can take full benefit of hardware acceleration resources, which leads to exponential performance gains Embedding of new technologies is easier
  • 5. Why UTM’s are required more than ever? 1. With advent of technology, blended attacks against organizations has led to older specialized protection devices/services obsolete. 2. The integrated approach allows the administrator to worry about only one device, not the whole flurry of firewalls, antivirus & IDS/IPS. 3. With falling costs, the attackers have got more speed at their dispense, hence they can carry out more attacks & hence we need more functionality on a single device to counter those. UTM – Impact Assessment Unified Threat Management – What actually it does? At its heart, a UTM does the core work of collection of data and detection of unwanted and malicious data. As quoted by Mick Johnson, Collection involves picking the packets off the wire and processing them through the network stack, reassembling and deciphering packet header information and identifying the relevant payloads. Detection is the task of scanning those payloads for data that signify a particular traffic stream is malicious or unwanted. A given portion of traffic might apply to either collection or detection at different stages: the source IP address must be checked against a set of firewall rules before being used to identify a TCP stream for reassembly and HTTP-level scanning for viruses.
  • 6. That said, the process is quite complex in nature and spans through the 6 layers of OSI model. The factors identified above have made the detection phase correspondingly more important. With time, the packet header size has remained the same however more information can be funneled through packet payloads. Finally with each added security function or application in a UTM adds extra workload to the detection phase, irrespective of the amount of traffic which leads to a massive performance drop when a specific type of inspection is turned on. UTM Components While there are many components in a UTM appliance, there are three major components to high- performance UTM systems: 1. Specialized hardware, 2. Specialized software and 3. Evolving security content Specialized Hardware Two major types of specialized UTM co-processing hardware contribute to performance scalability— content processors and network processors. These processors work in conjunction with the general purpose processor. The general purpose processor works in concert with the other specialized processors similarly to the way that the brain works with the spine and peripheral nervous system to perform system activities.
  • 7. Content Processors / Content ASIC Content Processors allow for the design and deployment of next-generation networking systems that can make packet or message processing decisions based on an awareness of the packet or message content. Primary Functions  Acceleration - Content processors can accelerate antivirus, intrusion prevention and other application level security technologies.  Deep Packet Inspection - Perform Deep Packet inspection and can modify and re-write content on the fly.  Scanning logic - Content processors implement only scanning logic in hardware, and don’t store threat pattern data, which continue to be stored by memory.  Encryption / Decryption - Content processors can also contain cryptographic engines that relieve the general purpose processor from the high intensity calculations that take place during encrypted communications.  Analyse - Can perform both message-based and packet-by-packet analysis and some can keep track of content across multiple packets.  Hardware acceleration - Prime candidate for hardware acceleration as they help counter performance taxing applications like VPN
  • 8. Network Processors A network processor is an integrated circuit which has a feature set specifically targeted at the networking application domain and performs high sped processing of Network flows. Network processors are typically software programmable devices and would have generic characteristics similar to general purpose central processing units that are commonly used in many different types of equipment and products. This type of processors typically are placed in line between the general purpose processor and network ports, directly receiving traffic and performing some functions automatically. Primary Functions  Pattern matching - the ability to find specific patterns of bits or bytes within packets in a packet stream.  Key lookup for example, address lookup - the ability to quickly undertake a database lookup using a key (typically an address on a packet) to find a result, typically routing information.  Data bitfield manipulation - the ability to change certain data fields contained in the packet as it is being processed.  Queue management - as packets are received, processed and scheduled to be send onwards, they are stored in queues.  Control processing - the micro operations of processing a packet are controlled at a macro level which involves communication and orchestration with other nodes in a system.
  • 9. Quality of service (QoS) enforcement - identifying different types or classes of packets and providing preferential treatment for some types or classes of packet at the expense of other types or classes of packet.  Access Control functions - determining whether a specific packet or stream of packets should be allowed to traverse the piece of network equipment.  Encryption and Decryption of data streams - built in hardware-based encryption engines allow individual data flows to be encrypted/decrypted by the processor.  Act as a basic router - Packet or frame discrimination and forwarding, that is, the basic operation of a router or switch. They also allow for quick allocation and re-circulation of packet buffers.  Decrease load on system - The latest generation of network processors can be programmed with the current firewall and IPS policy, filtering traffic, detecting protocol anomalies and expediting delivery of latency-sensitive traffic at the interface level— without burdening the rest of the system Specialized Software At its core, a UTM consists of an operating system which integrates all the applications together. To facilitate the integration of specialized hardware with software, special programming approaches are needed. This needs the required ability to modify and optimize the source code, else all the tasks will be run on CPU and hence we will notice an overall performance drop on all levels. It’s highly unlikely that a 3rd party security vendor will optimize their code according to the hardware; they just tend to license their code for the platform. Also, combination of multiple technologies means there is a high probability of incompatible software and code and redundant operations which further degrade performance The basic approach for multivendor UTM is to license the software from 3rd party security vendors and integrate them for highest compatibility, for e.g., if they deploy a Linux based OS as the core of their UTM device, then they might opt for a Linux based antivirus in order to increase performance rather to risk it by virtualizing a windows based OS just for the applications. Single UTM vendors on the other hand go for the integrated approach and can optimize it according to their needs. The developers can eliminate threats as fast as possible by innovating on new trends and make UTM a true Next generation firewall.
  • 10. A Brief Intro to Antivirus, Anti Spam and Content Filtering technologies Antivirus Antivirus or anti-virus software is used to prevent, detect, and remove computer viruses, worms, and trojan horses. Detection Methods  Signature Based  Heuristics/Meta-Heurisitcs  Rootkit Analysis Antivirus in UTMs  Generic Antivirus – Antivirus is fully deployed at device with only suspicious files sent for analysis and signature creation.  Gateway Anti-Virus – This technique allows applications across the enterprise to check files for viruses by providing a SOAP-based virus scanning web service. Client applications attach files to SOAP messages and submit them to the Gateway Anti- Virus web service. This may be used with active caching.  Cloud Antivirus – Cloud antivirus is a technology that uses lightweight agent software on the protected computer, while offloading the majority of data analysis to the provider's infrastructure. Anti Spam Antispam software combats spam using various techniques. Detection Methods  Authentication and reputation  SMTP proxy  Challenge/response systems  Checksum-based filtering  DNS-based blacklists  Enforcing RFC standards  Greeting delay  Greylisting  Invalid pipelining  Sender-supported whitelists and tags  Rule-based filtering  Statistical content filtering
  • 11. Antispam in UTMs  Generic Antispam / Inhouse Antispam– Antispam is fully deployed at device with only suspicious mails sent for analysis and signature/reputation creation.  3rd Party Antispam – Mails may be checked using a secure connection to the 3rd party service provider for spam and false positive detection. Content Filtering & URL filtering Content filtering is the technique whereby content is blocked or allowed based on analysis of its content, rather than its source or other criteria. Detection Methods  Attachment - The blocking of certain types of file (e.g. executable programs).  Bayesian  DNS Based filtering  Char-set  Content-encoding  Heuristic  HTML anomalies  Language  Mail header  Mailing List  Phrases  Proximity  Regular Expression  URL-Filtering based on the URL Content Filtering in UTMs  Generic Content Filtering / In house– Filtering is fully deployed at device with only suspicious content sent for analysis and signature/reputation creation.  3rd Party Content Filtering – content may be checked using a secure connection to the 3rd party service provider for spam and false positive detection.
  • 12. UTM – Competitive Product Analysis Cyberoam Checkpoint WatchGuard Juniper Sonicwall IBM Device Model 100ia UTM-1 XTM 510 SRX 240 NSA 3500 IBM Proventia 13x series / 27x (Supports MX 5008 series virtualization) Firewall 1.25 Gbps 1.5 Gbps 1.5 Gbps 1.5 Gbps 1.5 Gbps 1.6 Gbps Throughput Antivirus Kaspersky Gateway/Clam AVG Kaspersky McAfee Sophos Antivirus Kaspersky Anti Spam CommTouch In house In house Sophos In house In house Authentication LDAP, RADIUS RADIUS, LDAP, RADIUS, RSA XAUTH/ Active Active Windows SecureID, RADIUS, Directory, Directory, Active LDAP Active LDAP, RADIUS Directory, Directory, RADIUS, X509 VASCO, RSA SSO, SecurID, web- LDAP, based, local Terminal Services, Citrix, Internal User Database Content Filtering In House Websense In house Websense In House In house Sessions per 10K / 400K NA / 600K NA / 100K 9K / 128K 4K / 325K 9.58K / 150K second/Concurrent Sessions Epilogue The future is now gentlemen..with the onset of technologies, we have quite a lot of exotic things to work with. I will be exploring XTMs and more on UTMs in future , as well as on more security devices. I hope this document served some purpose to you. Stay Gold Rishabh Dangwal www.theprohack.com