Unified Threat Management

Table of content

1 Introduction

2 Product features

* Virus Blocker Lite

* Intrusion Prevention

* Phish Blocker

* Web Filter Lite

* Application Control Lite

* Open VPN

* Reports

2 Conclusion

INTRODUCTION

Unified threat management (UTM) is an approach to security management that allows an administrator to monitor and manage a wide variety of security-related applications and infrastructure components through a single management console

UTM is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single appliance: network firewalling, network intrusion prevention and gateway antivirus . . ., gateway antispam, VPN, content filtering & reporting.

Product Features

Virus Blocker Light

Virus Blocker Lite transparently scans your HTTP, FTP and SMTP traffic to protect your network from viruses, Trojans and other malware. It scans within archives such as zip, rar, tar, gzip, bzip2 (and more).

Virus Blocker Lite is based on Clam AV. Clam AV is well-known for its speed and accuracy.

Web

This section reviews the different settings and configuration options for web traffic.

Scan HTTP: This enables or disables HTTP scanning.

File Types: The File Types section allows you to scan files by file extension - just select (or add) your chosen file extension, check your preferred action (scan or not), and save.

MIME Types: The MIME Types section allows you to scan files by MIME types - just select (or add) your chosen file extension, check your preferred action (scan or not), and save

Email

This section reviews the different settings and configuration options for email traffic.

Scan SMTP: This option enables scanning of SMTP messages with attachments.

Action: The selected action will be taken on a message if a virus is found.

FTP

This section reviews the different settings and configuration options for FTP traffic.

Scan FTP: This enables or disables scanning of FTP downloads.

Pass Sites

This section allows you to specify sites that are not scanned. The list uses the Glob Matcher syntax.

HTTP. Match the HTTP Host header.

FTP. Match the server IP address or domain address (if a reverse DNS address exists).

Email. Match the client or server IP address or domain address (if a reverse DNS address exists).

Intrusion Prevention

Intrusion Prevention blocks hacking attempts before they reach internal servers and desktops. pre-configured signature-based IPS makes it easier for administrators to provide 24/7 network protection from hackers.

Thousands of signatures for a variety of attacks.

Carefully selected defaults continually tuned by UTM.

New attack signatures automatically downloaded to your server.

Phis Blocker

Identity thieves are becoming increasingly sophisticated with email and website spoofs that are nearly impossible to discern from the real thing. Phish Blocker protects users from email phishing attacks and fraudulent pharming websites.

Protection for multiple protocols, including HTTP and SMTP, ensure that signatures are always current with automatic updates.

Block phishing email on SMTP

Blocks malicious ”pharming” websites.

Event log of phish caught.

Reports show how many fraud emails were stopped, who they were targeting, and from where they were sent.

Web Filter Lite

Web Filter Lite monitors internet traffic on your network to monitor user behaviour and block inappropriate content.

Block Categories

Block Categories allows you to customize which categories of sites will be blocked or flagged. Categories that are blocked will display a block page to the user; categories that are flagged will allow the user to access the site, but will be silently flagged as a violation for event logs and Reports. These block/flag actions operate the same way for all of the different Web Filter options.

Block Sites

Under Blocked Sites you can add individual domain names you want to be blocked or flagged - just enter the domain name (e.g. youtube.com) and specify your chosen action. This list uses URL Matcher syntax.

Block File Types

The Block File Types section allows you to block files by file extension - just select (or add) your chosen file extension, check your preferred action, and save. This list uses Glob Matcher syntax.

Block MIME Types

The Block File Types section allows you to block files by file extension - just select (or add) your chosen file extension, check your preferred action, and save. This list uses Glob Matcher syntax.

Pass Sites

Pass Sites is used to pass content that would have otherwise been blocked. This can be useful for "unblocking" sites that you don't want blocked according to block settings. Any domains you add to the Passed Sites list will be allowed, even if blocked by category or by individual URL - just add the domain and save. Unchecking the pass option will allow the site to be blocked as if the entry was not present. This list uses URL Matcher syntax.

Pass Clients

If you add an IP address to this list, Web Filter will not block any traffic from that IP regardless of the blocked categories or sites. Just add the IP and save. Unchecking the pass option will have the block/pass lists affect the user as if they were not entered into the Passed Client IPs list. This list uses IP Matcher syntax

Advanced

The Advanced section allows you to configure additional web filter options.

Block pages from IP only hosts: When this option is enabled, users entering an IP address rather than domain name will be blocked.

Pass if referers match Pass Sites. When this option is checked, if a page contains external content from any site in Pass Sites, that external content will be passed regardless of other block policies.

Block Google applications: When this option is enabled, only domains listed in Domain are allowed to access Google applications such as Gmail. All others are blocked by Google. Multiple domains can be specified.

Application Control Lite

Application Control Lite lets administrators take back control of their networks from disruptive applications like peer-to-peer applications or online games.

Signature based layer 7 filtering makes it easy to improve productivity by blocking IM & online games that evade firewall rules.

Write custom signatures for any protocol and conserve bandwidth by blocking applications like peer-to-peer that open multiple TCP ports.

• Application Control Lite lets you select the protocol signatures to log or block.

• Custom rules can be added for any unsupported protocols.

• Time-based policies let you decide when and if these applications are permitted.

• Reporting lets you see which protocols are active on your network and who is using them.

Open VPN

OpenVPN enables administrators to provide secure remote access to the internal network to remote users and sites. UTM intuitive GUI makes it easier to configure basic settings through a setup wizard. 

You can generate custom certs for each client, and easily distribute pre-configured client software via email.

• Event Log shows VPN login/logout events.

• Reports show general statistics on VPN usage.

Reports

Reports provide administrators the visibility and data necessary to investigate security incidents and enforce acceptable network usage policies.

Now you can monitor behaviour at the user, client and incident level, understand traffic flows and network usage patterns, plus share reports in PDF or HTML formats.

• Summary, detail, and per user reports

• Automated email report delivery.

• Report archive.

• Report data available in CSV format.

Why UTM….?????

Malware infections of your network – The web has surpassed email as the main vector for desktop and server infection. The Wall Street Journal recently reported that are approximately 403 million active PC threats. Targeted attacks against organizations with fewer than 2,500 employees are on the rise, accounting for 50% of the total. Nearly 18% target companies with fewer than 250 employees. The overall threat has continued to skyrocket, largely due to the commoditization of malware; last year, attacks increased 81% compared to 2010.1 Some of these pages are related to porn and free offer sites, but can also come through infected web servers and the download of executable files. Content control is one of several layers (e.g. anti-spyware, anti-virus) that are needed to secure today’s small business networks.

Misuse of employee time – Excessive time spent on personal web surfing, especially on addictive sites such as Facebook and YouTube, can take a toll on an employee’s performance. Salary.com reported in 2006 that the average worker admits to spending nearly an hour a day outside of lunch and breaks surfing the Internet for personal reasons – a truly astonishing figure!

Misuse of company resources – Excessive bandwidth use, and the use of corporate server space to store large amounts of personal downloads, can be expensive and slow down the entire network, especially for hosted applications. Peer-to-peer and “torrent” software used for gaming and music sharing is notorious for crippling networks because it consumes a disproportionate amount of network resources by opening multiple connections, not to mention opening up liability for trafficking content that violates intellectual property laws.

Liability – Inappropriate content on the network, especially pornography, can lead to a hostile work environment and ultimately a lawsuit. These four types of problems incorporate a wide range of cultural, social, legal and commercial concerns. Thus, policing network use is not simply a case of thinking of all the possible forms of abuse that might

Monitoring

Staff who are aware that network monitoring is taking place (or even possible) are much more likely to comply with the AUP, including those parts that govern acceptable online behaviour. It should be made abundantly clear that everything staff do on the corporate network and every website they visit using company connectivity is visible to the administrator and traceable directly to them. Although it is probably undesirable to overplay the “Big Brother” hand, you will usually find that a simple awareness that their online actions are subject to monitoring will prevent the vast majority of incidents of staff accessing inappropriate material. A good line to take might be something like this: “Yes, we do log network traffic and bandwidth use, and we routinely review those logs to ensure everything is running smoothly. We don’t mind if you spend a little time surfing for your own private purposes, as long as it doesn’t interfere with you job or otherwise violate the AUP.”

Bandwidth Issues

Sites like YouTube that offer streaming audio and video may be relatively secure and present a low level of threat in terms of malware, but if many users on a network visit them, the excess bandwidth usage can really slow things down. This problem is becoming more widespread as an increasing number of commercial sites contain streaming video advertisements as well as major events like the NCAA basketball tournament. An explanation that bandwidth is limited, that a slowdown affects everyone on the network, and that it costs money to add additional DSL or T1 lines should help to underline prohibitions contained in the AUP. It should further be explained that peer-to-peer applications used for music sharing and gaming are notorious for clogging networks because they open multiple connections to grab more bandwidth.

………………………………………………………………………………………………………………………………………………….

ABOUT UTM,

a network software and appliance company, provides a new breed of multi-function firewall and Internet management applications that are optimized for the unique needs of smaller organizations. With a free multi-function firewall at its core and a suite of complementary Internet management applications

Thank you !