Zentyal Unified Threat Manager¶

The UTM (Unified Threat Manager) is a more advanced concept than the firewall. The UTM not only defines a policy based on source or destination, ports or protocols, but provides the necessary tools to secure your network. These tools allow you to interconnect different subnets safely, define advanced browsing policies, detect attacks on your network from Internet or hosts in the internal network, amongst other options.

By using VPN (Virtual Private Network), it is possible to interconnect different private subnets via the Internet in a completely safe way. A typical example of this feature is the communication between two or more offices of the same company or organisation. You can also use VPN to allow users to connect remotely and securely to the corporate network.

In addition to the openvpn protocol, Zentyal offers you the IPSec and PPTP protocols to ensure compatibility with third party devices and windows boxes where you do not want to install additional software.

Another feature included in Zentyal is the definition of advanced browsing features based on, not only on the content of the pages, but also on the different profiles per subnet, user, group and time - including malware analysis.

Email filtering is a fundamental feature for the security of your server and users, so Zentyal offers great configurability and integration of services to cover it. It will be explained on the communications chapter due to logical dependencies with the mail module.

Finally, you will learn about - perhaps the most important feature of the UTM - the IDS (Intrusion Detection System). This element analyses network traffic searching for patterns of attacks. Unlike the firewall, which imposes static rules predefined by the administrator, an IDS analyses each real-time connection. This feature allows you to go one step further when maintaining the security of your network and be immediately aware of what is going on. Like other filters it can be affected by false positives, security alerts on harmless events and also by false negatives - unidentified potentially dangerous events. You can lessen these drawbacks by keeping the recognition rules and patterns regularly updated. By using the Advanced Security Updates from Zentyal [1] the IDS rules can be automatically updated using a wide range of rules and patters pre-selected by security experts.