Please enable JavaScript.
Coggle requires JavaScript to display documents.
UTM Chapter 5 UTM in action (UTM components (App control (NGFW feature,…
UTM Chapter 5 UTM in action
UTM components
App control
NGFW feature
visibility and control apps
appliations, software, network services, protocols
granular policy control
User identity based control
IPS
NGFW component
pre-defined siganture based
custom signature based
out of band mode aka one-arm mode - only IDS
packet log - store all packets matching signature for further analyzis
web content filtering
control what web contents can be allowed
reduce change of malware, spyware, phishing and other malicious web contents
scans the contents of web page
methods
based on blocked words or phrases in the contents
URL block - block certain URL
category based URL filtering - whitelist, blacklist
anti-spam
prevent bot received using e-mail
methods
block known spammer IP
block spam URL in body
compute message hash, if it matches spam hash, block
look at client and sender IP and compare against blacklist/whitelist . In case of blacklilst, block
e-mail MX domain blacklist
patterns of content in message body - blocked words or phrases
DLP
prevents accidental or intentional loss of confidential data to outsiders
methods
input and output filtering
scans files, pattern matching and allow/deny/archive contents based on DLP DB
fingerprinting
each doc is assigned unique fingerprinting value
when sensitive document, tries to go out of boundary, can be prevented
anti-virus
in case of infection, remove infection and forward, quarantines and notifes user
DB of known signatures and patterns
e-mail, FTP, HTTPS, HTTP, IM, web content
multi-layer protection - virus, spyware, malware
components of AV
AV DB
file size, file pattern, file type
grayware, heuristics, virus scan