Please enable JavaScript.
Coggle requires JavaScript to display documents.
UTM Chapter 2 Why traditional firewalls cant keep up (standalone security…
UTM Chapter 2 Why traditional firewalls cant keep up
Firewall technology evolutions
Firewall as proxy
sits between client and server
re-assembles and reconstructs complete traffic stream
inspects the content and take decision, rather looking one packet at a time
Stateful packet inspection
maintains state and take decision accordingly
DPI
inspects payload - complete or partial
protects against virus and worms
identifies based on signature
complete content inspection and not only on headers
standalone security products
Adds complexity
difficult to manage
SIEM can be used to aggregate logs from multiple systems
central visibility
but not central control for all devices
Types of stand alone security appliances
VPN
DLP
IPS
Content inspection and filtering
multiple stand alone devices
performance hit end to end
latency increase
high TCO
high capex and opex
Defense in depth
establish and manage security control end to end
if vulnerbaility misses one countermeasure, gets matched by other security function and stopped
suitable for APT
if a threat is missed by anti-virus but matched and dropped by IPS