Feature

Product review: Unified threat management (UTM) devices

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: How to tell if you need the help of security integrators and consultants."

Download it now to read this article plus other related content.

Authentication and Policies
Setting up and tuning security policies for the various modules is at the core of these products. Ideally, you would want an appliance that makes it easy to figure out how to keep your network protected, but still allows users room to get actual work done, all the while providing feedback when you have too strong or too weak a policy.

SonicWALL and Fortinet clearly lead the pack in this regard with the others scoring equally behind. Even if you don't activate all of the security modules, both vendors' approach is easy to understand and provides just enough feedback so as to not overwhelm an administrator.

    Requires Free Membership to View



Fortinet protection profiles provide a good base that can be modified for particular requirements.

There are two basic approaches to how security policies are created:

  • Integrated policy that applies to particular users or network interfaces. This has its advantages if your UTM box sits on several different network segments and you want to deploy different policies by segment or by user group (for example, one with servers on it, or one with engineering users). With this method, an administrator sets one policy that cuts across all of the individual security modules, with specifics for antivirus, IDS and so forth. Call this the traditional firewall approach, and each policy can enable different security modules for particular situations.

    Fortinet and Check Point use this approach; Fortinet does a better job, setting up a series of four default protection policies that gives you a great starting point and examples that make it easy to modify them for your specific needs (See Fortinet screen shot, right).


  • Separate policies that are module-specific. This means there will be one policy for antivirus, another for general firewall tasks, and more for IDS actions. IBM ISS uses this approach; while it also has chosen lots of defaults to get you started, making modifications isn't as easy as with Fortinet, because you must make them in several places. Juniper also sets up security policies by module.

This was first published in June 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: