ISP Planet - Technology - Fire-Proofing Your Network With UTM - Part 2: Deploying a UTM appliance - page three

Sections

• Best of the Lists
• Business
• CLEC-Planet
• Equipment
• Executive
Perspectives
• Fixed Wireless
• Investor
• Marketing
• Market Research
• News
• Notable Quotes
• Politics
• Profiles
• Resources
• Technology
• Value-Added
Services
• Webhosting
Also ...
• About Us
• Authors
• ISP-Planet Blog
• Letters
• Site Map
• Technology Jobs

ISP Resources

ISP-Lists
ISP Glossary
ISP News
The List
ISPCON Events
Free Newsletters

internet.com

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

internet.commerce

Partner With Us

Managed Security Services

Fire-Proofing Your Network With UTM,
Part 2: Deploying a UTM appliance — continued

by Lisa Phifer
VP Core Competence, Inc.
[December 28, 2007]

What's going on?
Anyone who has ever managed a firewall knows the importance of traffic logging and analysis. Ideally, UTM products should make it easier to eyeball dangerous traffic and understand whether and how your deployed defenses actually responded.

Without UTM, you might be forced to sift through several independent event logs, trying to correlate traffic that slipped through your firewall with alerts reported by your IDS and worms detected on servers. With UTM, you can review firewall and IPS and anti-X alerts by looking in just one place.

Here again, the degree of unification varies. UTM events are time-stamped by the same clock and written to the same local log (or sent to the same mailbox or SYSLOG server). But many UTM products incorporate third-party anti-X engines, such as Sophos anti-virus, Symantec anti-spam, or WebSense URL filters. Even when third-party engines are bolted into the same UTM appliance and GUI, they can still trigger independent events.

For example, all alerts generated by each MX1004 service are written to the same log and share the same overall structure, but they differ in detail—even hot-linking to different websites. It is not always easy to tell when multiple alerts were caused by the same incident, but scrolling through all events in time-sequence can be a big help (Figure 2-6). On the other hand, event configuration is disjoint—detailed alert and summary settings must be established independently for each service (Figure 2-7).

Figure 2-6: Events listed by date and time
Figure 2-7: Configuring events for each service

Coming up next
Once a UTM appliance has been successfully installed and you understand how basic firewall and perhaps IPS policies are being enforced, it is time to start taking advantage of all those additional security capabilities. To demonstrate the benefits and limitations of UTM anti-X services, Part 3 of this series will dig into the MX1004's network-based threat management features. Stay tuned...

—End

UTM series:
	[Dec. 27, 2007]	Part 1: Battling new security threats
	[Dec. 28, 2007]	Part 2: Deploying a UTM appliance
	[Dec. 31, 2007]	Part 3: Layering on anti-X defenses
	[Dec. 31, 2007]	Part 4: Delivering UTM as a managed service

< Back to Part 2, page 1

Best of ISP-Planet

ISP-Planet Guide

ISP-Planet's
Principal Studies

Directories:
• Anti-Spam
• Backbone Providers
• Billing Services
• Customer Support
• IDS
• ISP Associations
• Registrar
• Trouble Ticketing
• Webmail
• Wholesale Dialup
• Wireless Equipment

Q3 2008
Top U.S. ISPs
by Subscriber
(Updated 12/02/2008)

VoIP Ranking by Subscriber (Updated 12/05/2008)

ISP-Planet's
Blogroll

ISP-Planet's RSS feed

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Whitepapers and eBooks

Avaya Article: Developing Speech Grammars that Rock, Part 2: Grammar Tuning
Microsoft Partner Portal: Hyper-V Vaults Microsoft into Virtualization Race
Small Business Solution Exchange: The Pros and Cons of Outsourcing Enterprise Emails
Avaya Article: JSR 289: SIP Servlet 1.1 Provides Significant Benefits for SIP Application Developers

Microsoft Article: Build and Run Virtual Machines with Hyper-V Server 2008
Internet.com eBook: Real Life Rails
Internet.com eBook: Best Practices for Developing a Web Site
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

HP Webinar: Virtualization for Business Critical SAP on SQL Server
Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices

Rackspace Hosting Center: Customer Videos
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

IdeaBlade Download: DevForce EF--Developing for LINQ and the Entity Framework
Microsoft Download: Silverlight 2 SDK
30-Day Trial: SPAMfighter Exchange Module
Iron Speed Designer Application Generator

Microsoft Download: Silverlight 2 Developer Runtime (Windows)
IdeaBlade Download: .NET Programming with DevForce Classic
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Online Demo: IBM Cognos 8 Business Intelligence Reporting

MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES