UTM Devices (Unified Threat Management) in The Security of Computer Installations

Posted by

The computers of the companies, since their local networks are currently connected to a public network such as the Internet, are subject to multiple threats, both internal and external. Among the best known of both types are the following:

 Internal threats:

  • Introduction of viruses and other types of malware through the indiscriminate use of external hard drives, pen drive and the like.
  • Passwords to access shared resources that are weak or known to all workers.
  • Absence of a rigorous policy of access permits to the shared resources of the company.
  • Absence of rigorous procedures in the management of security copies of critical data.
  • Existence of equipment with obsolete versions of operating systems or without the corresponding security updates
  • Absence of antivirus in the equipment or use of free versions that do not have the necessary functionalities.
  • Storage of important information for the company in local folders of the work team instead of using the available servers.

External threats:

  • Improper configuration of the firewall that does not block access to the internal network from potentially dangerous external locations.
  • Inadequate configuration of the firewall that allows the access of the company’s workers to inappropriate or dangerous websites.
  • Malicious applications installed on work computers.
  • Absence of an antivirus, antispam, antimalware and tools control against ramsonware attacks on connections over the Internet.
  • Lack of effective control over the type of company data that goes abroad through the Internet.

Internal threats require rigorous operating protocols in the company, where each worker must have a password to access and must also be renewed every so often. In the same way it is necessary to ensure that critical documents for the company are never left in local folders such as “my documents” or on the desktop itself, since a hardware failure in the computer’s hard disk will make it very difficult or impossible to recover the information lost. It is necessary to make workers and users aware that the safest place to deposit information is the company’s servers, whether they are their own or external.

Regarding threats of external type, the current trend is to avoid the use of dispersed equipment for each of the threats and instead, concentrate all the resources and tools in a single team, called the UTM (Unified Threat Management) system or unified threat treatment system.

Depending on the size of the company and the number of employees, these teams are available in different versions. In medium and large companies, a UTM will have to be able to examine in real time a high volume of information, both incoming and outgoing, so it’s hardware capabilities must be superior to those of UTM equipment located in a small company and with a reduced number of workers. At Sopto we have the solution equipment.

Some features of this equipment are:

  • Protection against exploits, malware and malicious websites.
  • Control of applications that access the Internet.
  • Detection of new attacks and threats.
  • Firewall of new generation.
  • Routing, switching, wifi controller and VPN management.
  • Dedicated processor to achieve high packet handling speeds. Firewall up to 3 Gbps, analysis of up to 4.5 million packets per second, up to 2 million concurrent sessions, up to 77000 new TCP / UDP sessions per second, up to 1.3 Gbps in traffic through VPN, etc.
  • Virtual domains It allows creating 10 independent virtual firewalls on the same machine.
  • 2 WAN Gigabit Ethernet ports
  • 16 Gigabit Ethernet LAN ports
  • 2 Gigabit Ethernet SFP ports for DMZ
  • etc etc.

As it is observed, this equipment is destined to an organization or company with a high number of connected clients, as it is the case of our institute, the CIFP Tartanga, that has 700 computers in service and a system of virtualized servers with applications as a email server (Zimbra), a blog server (WordPress), a cloud storage service (Nextcloud), a VPN server (OpenVPN), a backup server (FreeNAS) and others.

The UTM Fortigate 200D team “monitors” the incoming and outgoing communications of all the equipment located in the LAN and in the DMZ, and also of the mobile devices that connect to the Wi-Fi network of the institute. These communications are carried out through two fiber optic connections provided respectively by the companies Movistar (Macrolan 500 symmetric Mbps network) and Sarenet (300 Mbps FTTH access and 16 public IP addresses), so that, taking advantage of the virtual domains of the UTM Fortigate 200D, each one of them has different security policies. The routing capacity of the Fortigate 200D makes it possible to select the equipment that accesses the exterior by one or the other of the connections.