IDC defines UTM information security hardware equipment as: it contains multiple security functions integrated into a single hardware device, which must include network firewall, network intrusion detection and defense, and gateway anti-virus. All functions on this device do not need to be fully utilized, but must be built-in, and individual components cannot be cut.
In order to test these devices, NSS Group clearly defined UTM devices as a single device with functions such as firewall, VPN, IDS/IPS, anti-virus, anti-spam, URL filtering, content filtering, etc. The detailed definitions are as follows:
* Firewall: Deployed at the network boundary, a powerful state NAT firewall is required.
* VPN: It is often deployed on the enterprise wide area network as a branch office network solution. Basically, it is necessary to be able to establish a small number of secure VPN channels.
* IDS/IPS: The firewall can only enforce policies. If the policy allows incoming HTTP traffic to the website server in the DMZ zone, the firewall cannot prevent hackers from damaging the target website server from the HTTP protocol. The IPS function will detect and block such intrusions that attempt to use the network boundary to break in, and prevent malicious network flows from reaching the server. The IDS function can detect intrusions and issue warnings, but it cannot block malicious traffic.
* Antivirus: The gateway antivirus filter can prevent inbound virus traffic on the network boundary, strengthen the computer desktop security, and block them before they reach the desktop. The solution can also prevent internal computers from being infected by viruses from outside the corporate network. .
* Anti-spam: Gateway anti-spam can mark incoming emails, allowing further processing by computer filtering solutions. The solution can prevent internal hosts from sending spam messages outside the enterprise.
* URL filtering: Using a continuously updated URL classification database, a set of gateway URL filtering solutions can prevent employees from accessing unpleasant or inappropriate websites from within the corporate network.
* Content filtering: Scan specific content of webpages and mail traffic. Gateway content filtering solutions can prevent unpleasant or inappropriate content from passing through or being sent out from the corporate network.