Contact Me @ +91-9041922099

Mail me at mail@amarjit.info

Friday, May 20, 2011

Unified Threat Management Basic Tutorial | UTM's single user and Multi user explored

Unified Threat Management Basic Tutorial | UTM's single user and Multi user explored

In my last post, i blogged about UTM’s which got a fairly positive response over mail :) . Unified Threat Management systems (UTM) – Single user UTMs vs Multi User UTM’sUTMs can be simply expressed as Next generation Firewalls, have evolved specifically from conventional firewalls. The first firewalls were software firewalls which were itself evolved from software routers.
Later on as technology evolved, and hardware routers came into scene, hardware firewalls arrived which were nothing more than routers with packet filtering capabilities. Furthermore, the technology matured from basic packet filtering to a more complex control technology which included stateful packet inspection and finally to full application layer inspection devices (IEEE, 1997). Around the year 2000, VPN’s appeared and gained acceptance as the mainstream technology to connect networks securely, remotely. Firewalls followed closely by integrating VPN’s with Firewall which was the natural choice as enterprise solutions required both firewalls and VPNS.
Unified Threat Management systems (UTM) – Single user UTMs vs Multi User UTM’s
As the prices for bandwidth fell along with the cost of cryptographic hardware needed to encode and decode the traffic, the need for specialized hardware rose which may be used to accelerate the performance.
Unified Threat Management
In mid 2004, International Data Corporation (IDC) defined UTM platforms as to minimally include firewall, VPN, intrusion prevention and antivirus features. Touted as “Next Generation Firewalls”, we have two approaches to design the UTM’s since their inception.
  • Licensing and Integrating Approach (Multi vendor UTM)
  • In-house Development Approach (Single vendor UTM)

Unified Threat Management systems (UTM) – Single user UTMs vs Multi User UTM’s
The above figure illustrates the core architecture and development approach of developing UTMs

Licensing and Integrating Approach (Multi vendor UTM)
The first design approach tried to get the best of worlds by integrating specialized technologies from different security vendors. For e.g.:
Cyberoam UTM licenses Antivirus from Kaspersky, AntiSpam by Commtouch , both who specialize in Antivirus and AntiSpam technologies.
These UTM’s provided an integrated interface to manage all the integrated technologies in the easiest possible manner, while some others require specific management interfaces.

Advantages Limitations
  • Combines the best of all worlds
  • Research and advancement dependent on different vendors, hindrance in optimization of individual applications
  • Less time required in development and deployment of a new UTM box
  • Again, the time is dependent on different security vendors
  • Single Management interface
  • The interface may not be adequate
  • Cost effective
  • If one of security vendor was compromised globally, the UTM was gone as the technology is outsourced

  • Cannot take full benefit of hardware acceleration resources due to multivendor technologies
  • Embedding of new technologies is difficult


In-house Development Approach (Single vendor UTM)
The second design approach is the more difficult out of two, which requires ground up development of a UTM device from scratch, and involves the provision of each security function natively. This was not flawless, each security function must pass a set of market guidelines and standards set by standalone security products effectively in order to be accepted. However, with time, the core functions provided by UTM platforms—firewall, intrusion prevention and antivirus—had matured since the onset of the UTM era, so building competent security functions was both possible and cost effective. Also, this approach had a better management interface as the platform incorporated all the technologies since inception.
Advantages
Limitations
  • Unified architecture from scratch
  • All the technologies may/may not be adequate as compared to their professional standalone counterparts
  • Research and advancement dependent on own pace, better optimization of applications
  • More time required in development and deployment of a new UTM box
  • Unified and Best management interface
  • High cost of development
  • In-house code fills security gaps and poses less threat of compromise.
  • Security through obscurity is not always a very good idea.
  • Can take full benefit of hardware acceleration resources, which leads to exponential performance gains
  • Embedding of new technologies is easier

In my next article I will be discussing more about UTMs. Please add your points so I can make it better.


Unified Threat Management Basic Tutorial | UTM's single user and Multi user explored

3 Visitor Reactions & Comments:

 
Design by Amarjit Singh | Idea From Blogging Tutorials - Premium Themes | Best Buy Coupons