Zentyal Unified Threat Manager¶

The UTM (Unified Threat Manager) is a more advanced concept than the firewall. The UTM not only defines a policy based on source or destination, ports or protocols, but provides the necessary tools to secure your network. These tools allow you to interconnect different subnets safely, define advanced browsing policies, detect attacks on your network from Internet or hosts in the internal network, amongst other options.

By using VPN (Virtual Private Network), it is possible to interconnect different private subnets via the Internet in a completely safe way. A typical example of this feature is the communication between two or more offices of the same company or organisation. You can also use VPN to allow users to connect remotely and securely to the corporate network.

Another feature included is the definition of advanced browsing features based on; not only on the content of the pages, but also on the different profiles per subnet, user, group and time - including malware analysis.

Since email became popular, it has suffered from the receipt of unwanted mail, sent in bulk. This mail is often used to deceive the recipient in order to fraudulently obtain money from them, or simply unwanted advertising. You will also see how to filter incoming and outgoing e-mail within your network and to avoid both the reception of unwanted emails and to block outgoing mail from any potentially compromised computer of your network.

Finally, you will learn about - perhaps the most important feature of the UTM - the IDS (Intrusion Detection System). This element analyses network traffic searching for signs of attacks and alerting the administrator so that necessary steps can be taken. Unlike the firewall, which imposes static rules predefined by the administrator, an IDS analyses each real-time connection. This feature allows you to go one step further when maintaining the security of your network and be immediately aware of what is going on. Like other filters it can be affected by false positives, security alerts on harmless events and also by false negatives - unidentified potentially dangerous events. You can lessen these drawbacks by keeping the recognition rules and patterns regularly updated. By using the Advanced Security Updates from Zentyal [1] the IDS rules can be automatically updated using a wide range of rules and patters pre-selected by security experts.