 |
Unified Threat Management (UTM) Certification Summary
NB: For the moment, this section also covers
the Firewall, VPN, Anti Spam, Anti Virus, Content Filtering and Web/URL
Filtering certification programs
For the purposes of the NSS test, a UTM device is defined as a single
appliance combining the following possible functions:
- Firewall - these devices are
typically deployed at the network perimeter, and therefore robust,
stateful firewall capabilities with NAT are required.
- VPN - often deployed as branch
office solutions on a corporate WAN, the ability to create a small number
of secure VPN tunnels is essential.
- IDS/IPS - a firewall only
enforces policy, and if that policy includes allowing inbound HTTP traffic
to Web servers on the DMZ, then there is nothing the firewall can do to
prevent HTTP exploits from subverting the target Web server. The IPS
capability will detect and block such attempted exploits at the network
perimeter, preventing the malicious traffic from ever reaching the server.
An IDS-only capability can detect exploits and raise alerts, but will be
unable to block the malicious traffic.
- Anti Virus - gateway Anti Virus
prevents inbound virus traffic at the edge of the network, thus
reinforcing desktop security solutions and blocking viruses before they
reach the desktop. This solution can also prevent infected machines from
propagating viruses outside the corporate network.
- Anti Spam - gateway Anti Spam can
tag inbound e-mail, allowing it to be handled more effectively by desktop
filtering solutions, or can block suspected spam mails completely. This
solution can also prevent internal hosts from sending spam mail outside
the corporate network.
- URL Filtering - using a
constantly-updated database of categorised URLs, a gateway URL filtering
solution can prevent employees from accessing objectionable or
inappropriate Web sites from the corporate network
- Content Filtering - by scanning
Web and mail traffic for specific content, a gateway content filtering
solution can prevent objectionable or inappropriate material from passing
into, or out of, the corporate network.
In order to conform to the strict
definition of a Unified Threat Management product as defined by IDC, the
appliance should include the first three at a minimum - the remaining items
are optional.
Those transparent gateway security devices which combine items three to
seven, but which - by their very nature as transparent, non-routing devices
- may not include items one or two (or, where a layer 2 firewall is
included, may not provide all the functionality of a typical layer 3
firewall device) are defined as Secure Content Appliances (SCA) and a
separate testing methodology exists for such products.
The NSS tests are designed to determine the suitability of a particular UTM
product for use as a basic, all-in-one gateway security device and will
focus on the effects of combining multiple security technologies (as listed
above) in a single appliance.
Thus, the overall focus of the tests will be on the manageability,
performance and capabilities of the appliance as a basic firewall or
transparent bridge, and how the performance is affected by
enabling/disabling the additional security functions.
|
Certification Programs
UTM Certification:
Introduction
Testing
Procedure Summary
Testing Procedure (PDF)
Certified UTM Products
Test Equipment
Contact The NSS Group
Home
|
