What is UTM

The author understands that the UTM definition includes at least three elements as follows:

1. Threats to face

UTM is deployed at the network boundary location, targeting 2-7-tier threats of all kinds. According to the consequences of threat destruction, the threat of network boundary can be divided into three categories: the threat of destroying the network itself and the application system, the threat of using the network for illegal activities, and the threat of misuse of the network resources.

① to the network itself and the application of the threat of destruction: the characteristics of such a threat to the network itself or the internal business system as a clear target, through the technical means to cause network equipment, host, server operation is affected (including resource consumption, operation interruption, business system anomalies, etc.). ARP spoofing, DDoS attacks, worms, etc. all belong to this kind of threat. For example, Dos attacks, although not damaging the data inside the network, but blocking the application of bandwidth, the network's own resources are occupied, resulting in normal business can not be used.

② the threat of illegal activities using the Internet: Such threats are characterized by the use of technical means to attack a host or server for the purpose of achieving political or economic benefits. Including theft trojan, SQL injection, spam, malicious plug-ins and so on. For example, the theft of Trojans, through this tool, outlaws access to the user's personal account information, and then obtain economic benefits; and spam, some outlaws by sending propaganda Falun Gong mail, poisoning the masses, chasing political goals.

③ the threat of misuse of network resources: the characteristics of such a threat is the normal use of network services, network resources, organizational system and other effects of the behavior. Including a large number of peer-to-peer downloads, working hours using stock software, working time playing online games and so on. For example, Peer-to-peer download is a normal network behavior, but a large number of peer-to-peer downloads will cause waste to the network resources, may affect the normal business use, or, for example, the stock software is normal behavior, but working time use, reduce the efficiency of the company or the unit constitutes an indirect loss. These behaviors are the misuse of network resources.

Of course, as results are categorized, some threats can be attributed at the same time to two categories, such as SQL injection, some of which are for the purpose of obtaining information, political or economic purposes and belonging to the second category; Some of the injections are intended to modify the Web page to disrupt the normal web site access business. This does not affect the comprehensiveness of the classification coverage.

2. Manner of processing

UTM is the traditional protection means of integration and sublimation, is based on the original security gateway equipment, with firewalls, intrusion prevention (IPS), Anti-Virus (AV), VPN, content filtering, anti-spam and other functions, these technical processing methods are still UTM Foundation, However, these treatment methods are no longer each other, need to cooperate with each other under the unified security strategy, work together.

Of course, for many functions, there are essential functions and value-added features. In general, firewall, VPN, intrusion prevention, anti-virus is a necessary function module, the lack of any one can not be called UTM. The rest is value-added features, users can choose according to their own needs.

From the user's point of view, facing the entire network, all the security of the business, the overall security strategy implementation is very important. Unified strategy implementation is to make a variety of security functions of the key to form a joint effort is not to achieve the overall security strategy. Therefore, in the UTM processing mode, special consideration should be given to the coordination and consistency of the strategy.

3. The objectives achieved

With the face of the threat and the treatment of the way, it is necessary to see UTM can achieve the goal, that is, value. UTM equipment Protection is the network, can accurately identify all threats, according to the corresponding strategy to control, or speed limit, or limited flow, or block, keep the network unimpeded, business normal operation is the best result, "accurate identification and control" is the most critical.

At the same time, UTM integrates multiple security capabilities, still need to maintain a relatively high performance, so performance can not be significantly reduced; security gateway equipment Reliability requirements are beyond doubt; In addition, because of the function of the equipment, the requirements of the network administrator, easy to manage, simple configuration of course, is also UTM class equipment to achieve the goal.

In a comprehensive sense, the author believes that UTM can be defined as: through the unified deployment of security policies, the integration of a variety of security capabilities, for the network itself and the application of the system to destroy, use the network for illegal activities, misuse of network resources and other threats to achieve accurate control of high reliability, high-performance, easy to manage the gateway security