Network Security
       
  Gateway Security Solution  
   

Traditional firewalls with VPN functionality are unable to fence off application layer attacks, viruses and spyware. The reason is they filter packets on IP addresses and port numbers. For example, if you have a web server on DMZ, your firewall must allow any internet IP address with port 80 (HTTP) to come in. The firewall only checks destination IP address and port number of the incoming packets. If these criteria are matched, it is allowed.

Other than buffer overflow, there are numerous vulnerabilities that allow hackers to get in. Blaster worm uses Remote Procedure Call (RPC) and Sasser worm uses LSASS vulnerabilities in 2004 were causing considerable damages.

  
   

We have the problems. The next course of action is to combat them.
There are at least 3 ways to stop them:

  1. UTM security appliance.
  2. Block certain ports
  3. Apply patches from vendors

Unified Threat Management (UTM) security appliance uses Deep Packet Inspection (DPI) technology to scan incoming packets for attacks. It operates at application layer. Incoming packets are compared against the intrusion signature database. If matched, it is an attack packet and will be dropped. Otherwise, it is a good packet and let go.

  
   

UTM security appliance has the following advantages:

 
 

Auto updated intrusion signature database
 

In addition to intrusion, it stops viruses and spyware
  Unload burdens of patch deployment team
 

Maximum internet/intranet protection
 

Cost effective