Unified Threat
Management (UTM) is a term used to describe the consolidation of several
security features into one device, protecting against multiple threat
types. The advantage of UTM is streamlined installation and management
of these multiple security capabilities.
The security features provided as part of the UTM
solution are:
Antispam — E-mail spam consists of unwanted e-mail
messages, usually sent by commercial, malicious, or fraudulent entities.
The antispam feature examines transmitted e-mail messages to identify
e-mail spam. When the device detects an e-mail message deemed to be
spam, it either drops the message or tags the message header or subject
field with a preprogrammed string. The antispam feature uses a constantly
updated spam block list (SBL). Sophos updates and maintains the IP-based
SBL. The antispam feature is a separately licensed subscription service.
Full File-Based Antivirus — A virus is executable
code that infects or attaches itself to other executable code to reproduce
itself. Some malicious viruses erase files or lock up systems. Other
viruses merely infect files and overwhelm the target host or network
with bogus data. The full file-based antivirus feature provides file-based
scanning on specific Application Layer traffic checking for viruses
against a virus signature database. It collects the received data
packets until it has reconstructed the original application content,
such as an e-mail file attachment, and then scans this content. Kaspersky
Lab provides the internal scan engine. The full file-based antivirus
scanning feature is a separately licensed subscription service.
Express Antivirus — Express antivirus scanning is
offered as a less CPU intensive alternative to the full file-based
antivirus feature. The express antivirus feature, like the full antivirus
feature, scans specific Application Layer traffic for viruses against
a virus signature database. However, unlike full antivirus, express
antivirus does not reconstruct the original application content. Rather,
it just sends (streams) the received data packets, as is, to the scan
engine. With express antivirus, the virus scanning is executed by
a hardware pattern matching engine. This improves performance while
scanning is occurring, but the level of security provided is lessened.
Juniper Networks provides the scan engine. The express antivirus scanning
feature is a separately licensed subscription service.
Content Filtering — Content filtering blocks or
permits certain types of traffic based on the MIME type, file extension,
protocol command, and embedded object type. Content filtering does
not require a separate license.
Web Filtering — Web filtering lets you manage Internet
usage by preventing access to inappropriate Web content. There are
three types of Web filtering solutions. In the case of the integrated
Web filtering solution, the decision-making for blocking or permitting
Web access is done on the device after it identifies the category
for a URL either from user-defined categories or from a category server
(Websense provides the CPA Server). The integrated Web filtering feature
is a separately licensed subscription service. The redirect Web filtering
solution intercepts HTTP requests and forwards the server URL to an
external URL filtering server provided by Websense to determine whether
to block or permit the requested Web access. Redirect Web filtering
does not require a separate license. With Juniper Local Web Filtering,
the decision-making for blocking or permitting Web access is done
on the device after it identifies the category for a URL from user-defined
categories stored on the device. With Local filtering, there is no
additional Juniper license or remote category server required.
For information about which devices support the features
documented in this chapter, see the JUNOS Software Feature Support Reference for SRX Series and J Series Devices.
