Please enable JavaScript.
Coggle requires JavaScript to display documents.
UTM Chapter 4 How it works (processors (general purpose (very good for…
UTM Chapter 4 How it works
UTM inspection methods
flow based
samples data, pattern matching to determine malicious content
doesnt reassemble packets [files] like proxy based
analyzes data in chunks rather than restructure into a common file
Beneftis of flow based
speed as less data needs to be analyzed
cons of flow based
miss certain vulnerable contents inside payload
similar to DDoS based anamoly detection
proxy based
recontructs the content locally, analyze for any threat and decide
if content is clean, forward
if content is not clean, remove malicious content and forward
pros - thorough security as actual contents inspected
cons - more processing power, high latency, reduced througput
processors
general purpose
very good for caching
used as application caching in firewall
generic purpose, suitable and compatible for wide range of hardwares
ASIC
specialized purpose
good in efficiency, performance and scale
good UTM makes use of generic purpose and ASIC
ASIC
content processor
performs pattern match of objects and identify threats using signature
objects can be network traffic, compressed files or other data
operate at system level
Network processor
works at interface level
high speed processing , low latency
pattern match of traffic rather than objects [like content processor]
accelerrate firewall, IPS, app control perf, Encrypted, TCP offload, QOS, traffic shaping
security processor
multi-core, multi-thread
operate at interface or system level