Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

Study Guide
for NSE 1:
Unified
Threat
Management
(UTM)

February 1

2016

This Study Guide is designed to provide information for the Fortinet

Network Security Expert Program Level 1 curriculum. The study guide
presents discussions on concepts and equipment necessary as a
foundational understanding for modern network security prior to taking
more advanced and focused NSE program levels.

Fortinet
Network
Security
Solutions

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

Contents

Figures............................................................................................................................................... iii

Unified Threat Management (UTM) ......................................................................................................... 1

The Key to UTM: Consolidation ........................................................................................................ 1
UTM Features ...................................................................................................................................... 2

UTM Distributed Enterprise Advanced Features ............................................................................... 3

Extended UTM Features ...................................................................................................................... 5
Evolving UTM Features .................................................................................................................... 5
UTM Functions .................................................................................................................................... 8
Where UTM Fits In ............................................................................................................................ 9
UTM: Scalable Deployment ............................................................................................................ 10
Summary ........................................................................................................................................... 12
Key Acronyms........................................................................................................................................ 13
Glossary ................................................................................................................................................ 15
References ............................................................................................................................................ 16

ii

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

Figures

Figure 1. Legacy network security add-ons vs. UTM architecture ............................................................. 1

Figure 2. Unified Threat Management (UTM). ......................................................................................... 2
Figure 3. LAN control. .............................................................................................................................. 6
Figure 4. Typical Power over Ethernet (POE) cable configuration. ............................................................ 7
Figure 5. UTM scalability........................................................................................................................ 10
Figure 6. Fortinets concept of Connected UTM. ................................................................................. 11

iii

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

Unified Threat Management (UTM)

Unified Threat Management (UTM) is a security management approach providing administrators the
ability to monitor and manage multiple security-related applications and infrastructure components
through a single management console. Through this simplified management approach, UTM provides
administrators the ability to protect both local and branch offices from potential threats, rather than
having to depend on coordination with remote site administrators or multiple control panels. This
integrated approach to security control is an extension of the philosophy that resulted in integration of
multiple security functions into hardware and software appliances, compared to legacy network security
systems that used single- or dual-function add-on appliances that resulted in complex hardware,
software, and management control systems (Figure 1).

Figure 1. Legacy network security add-ons vs. UTM architecture

UTM provides administrators the ability to monitor and manage multiple, complex security-related
applications and infrastructure components through a single management console. Because UTM is
designed as an integrated solution, it does not suffer the problems of network address translation,
overheating, or throughput difficulties caused by activating multiple security services in legacy systems.

The Key to UTM: Consolidation

Similar to NGFW, one of the strengths of UTM is integration of components and functions into both
hardware appliances and associated security software applications. The advantage to UTM is that it goes
beyond the NGFW focus of high performance protection of data centers by incorporating a broader
range of security capabilities to provide administrator-friendly, threat-unfriendly management. Using
firewall capabilities as a foundation, UTM integrates additional VPN, intrusion detection and prevention,
and secure content management capabilities.

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

UTM Features

UTMs are generally acquired as either cloud services or network appliances, and integrate firewall,
intrusion detection system (IDS), anti-malware, spam and content filtering, and VPN capabilities
(Figure 2). These can be installed and updated as necessary to keep pace with emerging threats.[1]

Figure 2. Unified Threat Management (UTM).

Firewall. The most basic, necessary, and deployed network security technology, which uses sets or rules
or policies to determine which traffic is allowed into or out of a system or network. UTM builds on this
foundation to integraterather than add onenhanced security capabilities.[2]
Intrusion Detection System (IDS). IDS is capable of detecting potential threats to the network, but does
not react by sending a message to the firewall to block the threat.[2] IDS is an integrated feature in
Intrusion Prevention System (IPS).
Antivirus/Antimalware. Antivirus/Antimalware (AV/AM) provides multi-layered protection against
viruses, spyware, and other types of malware attacks. It enables scanning for e-mail for viruses, but it
doesnt stop there. You can also apply anti-virus protection to File Transfer Protocol (FTP) traffic, instant
messaging (IM), and web content at the network perimeter. Some solutions support Secure Sockets
Layer (SSL) content scanning, which means that you can protect the secure counterparts to those types
of traffic as well, such as HTTPS, SFTP, POP3S, and so on. A UTM virus filter examines all files against a
database of known virus signatures and file patterns for infection. If no infection is detected, the file is
sent to the recipient. If an infection is detected, the UTM solution deletes or quarantines the infected
file and notifies the user. [3]

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

Antispam. This is a module that detects and removes unwanted email (spam) messages by applying
verification criteria to determine if the email fits defined parameters as spam traffic. Anti-spam filtering
can block many Web 2.0 threats like bots, many of which arrive in your users e-mail boxes. Multiple
anti-spam technologies incorporated into UTM detects threats through a variety of techniques [3].These
parameters may be as simple as a list of senders identified by a user or comparison against databases of
known bad messages and spam server addresses[2].
Content filtering. These devices block traffic to and/or from a network by IP address, domain
name/URL, type of content (for example, adult content or file sharing), or payload. They maintain a
whitelist of trusted sites and a blacklist of forbidden sites to prevent users from violating acceptable use
policies or being exposed to malicious content. [3]
VPN. A Virtual Private Network (VPN) uses special protocols to move packets of information across the
Internet securely. In general, VPN protocols encrypt traffic going from sender to receiver. This makes
such traffic appear completely garbled to anyone that might intercept and examine those packets while
theyre on the Internet. VPNs use encryption to protect the traffic they carry from unauthorized access.
Because the VPN packets wrap the encrypted data inside a new protocol envelope a technique
known as encapsulation a VPN creates a private, encrypted tunnel through the Internet. [3]

UTM Distributed Enterprise Advanced Features

Enterprise customers may have access to more advanced features, such as identity-based access
control, load balancing, intrusion prevention (IPS), Quality of Service (QoS), SSL/SSH inspection, and
application awareness[1].
Access (Application) control. Application control can identify and control applications, software
programs, network services, and protocols. In order to protect networks against the latest web-based
threats, application control should be able to detect and control Web 2.0 apps like YouTube, Facebook,
and Twitter. Enterprise-class app control provides granular policy control, letting you allow or block
apps based on vendor, app behavior, and type of technology. For example, you can block specific sites,
block only your users ability to follow links or download files from sites, or block games but allow chat.
Another feature of application control is the ability to enforce identity-based policies on users. The UTM
system tracks user names, IP addresses, and Active Directory user groups. When a user logs on and tries
to access network resources, UTM applies a firewall policy based on the requested application or
destination. Access is allowed only if the user belongs to one of the permitted user groups.

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

Load balancing. Load balancing distributes traffic and routes content across multiple web servers. This
load balancing increases application performance, improves resource utilization and application stability
while reducing server response times. With data compression and independent SSL encryption
processor, this capability increases further transaction throughput and reduce processing requirements
from web servers, providing additional acceleration for web application traffic.
Intrusion Prevention System (IPS). An IPS acts as a networks watchdog, looking for patterns of network
traffic and activity, and records events that may affect security. An IPS issues alarms or alerts for
administrators, and is able to block unwanted traffic. IPS also routinely log information as events occur,
so they can provide information to better handle threats in the future, or provide evidence for possible
legal action[3]. IPS is the best way to detect threats trying to exploit network vulnerabilities.
Quality of Service (QoS). QoS refers to a networks ability to achieve maximum bandwidth and deal with
other network performance elements like latency, error rate and uptime. Quality of service also involves
controlling and managing network resources by setting priorities for specific types of data (video, audio,
files) on the network. QoS is exclusively applied to network traffic generated for video on demand, IPTV,
VoIP, streaming media, videoconferencing and online gaming. [4]
SSL/SSH inspection. This provides the ability to inspect content encrypted by applications using Secure
Socket Layer (SSL) cryptologic technique, in which it performs a man-in-the-middle takeover of the SSL
traffic. This allows other inspections to be applied such as DLP, web filtering, and antivirus/malware.
Some popular SSL protocols are HTTPS, FTPS, and mail protocols SMTPS, POP3S, and IMAPS.[2]
Application awareness. Web Application Security solutions provide specialized, layered application
threat protection for medium and large enterprises, application service providers, and SaaS providers.
FortiWeb application firewalls protect your web-based applications and internet-facing data. Automated
protection and layered security protects web applications from layer 7 DDoS and more sophisticated
attacks such as SQL Injection, Cross Site Scripting attacks, and data loss. The Web Vulnerability
Assessment module adds scanning capabilities to provide a comprehensive solution to meet your PCI
DSS section 6.6 requirements.
Tradeoffs. The main advantage to UTM is reducing operational complexity. In particular, reducing
operational complexity for network administrators increases the likelihood that they will use the
available protection features to optimize network security. However, while simplification presents the
advantage of security optimization by administrator, the main drawback may be positioning UTM as a
single point of failure (SPOF) in a system or network.

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

Extended UTM Features

One of the key factors that enables specialized UTM products to achieve the highest levels of
performance and boost network throughput is incorporating custom application-specific integrated
circuits (ASICs) into UTM hardware components. As discussed previously in the lesson Data Center
Firewall, using custom-designed ASICs presents a more challenging design process, but the tradeoff is
achieving the highest levels of system performance by having tailored the ASICs to the device
capabilities and intended functions. Even with high-performance ASICs, however, as more UTM
capabilities are activated performance will decrease. As with most highly efficient technologies, planning
and configuration are critical in achieving optimum performance and control when systems and
networks are brought online.
Expanding on the foundation of an integrated firewall, UTM builds additional capabilities to enhance
network security management. With ever-increasing capabilities for data transfers between remote
users, integration of capabilities not resident in NGFW include Data Leak Prevention (DLP) (sometimes
referred to as Data Loss Prevention), helps prevent unauthorized transfer of information to someone
outside an organization by protecting the contents of email, web pages, and transferred files. DLP
provides a strong authentication appliance to control data by methods such as inbound/outbound
filtering and fingerprinting.
DLP filtering scans inbound and outbound files, searching for text string and patterns that, when
compared against the DLP database, determine whether the content will be allowed, blocked, or
archived.
Fingerprinting consists of a method by which each document file is encoded with a unique
fingerprintbased on the fingerprint, DLP determines whether the document is a sensitive or
restricted file that should be blocked or if the file is allowed to be shared beyond the network.
DLP has the ability to scan and identify data patterns using supported scanable protocolsfor example,
FortiGate systems are capable of detecting HTTP, FTP, SMTP, POP3, IMAP, and instant messaging
protocols for Yahoo, MSN, AOL, and ICQ messaging services[2]. A limitation of DLP, however, is that it is
affected by the same limitations as antivirus scanningmaximum file size, data fragmentation (but not
necessarily packet fragmentation), and encryptionall of which may limit effective data leak detection
and subsequent prevention.

Evolving UTM Features

As mentioned previously, UTM is a user-simplified, protection-complex, integrated concept with the
ability to evolve as technologies, user trends, and threats evolve. With this focus on being flexible and
future-ready, additional technologies are increasingly being integrated to UTM devices. Among these
capabilitiessuited to various size networksare switching, Wireless Local Area Network (WLAN)
control, and Power-over-Ethernet (POE).

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

Switching. By integrating Switching into UTM, the capability to manage switching is added to single
control console security management. This again reduces the number of physical hardware devices and
control monitors necessary to manage the UTM system. From this integrated control panel, individual
ports can be switched on or off to physically isolate network traffic. This is important, because some
applications attempt to use port 80 to avoid detection from traditional port-based firewall security
systems. Port 80 is the primary port used by the Worldwide Web (WWW) and is how web servers
listen for incoming unsecure (HTTP) connections from web browsers. This is a primary port through
which malicious code tries to sneak through via Internet applications. Conversely, secure WWW
connections are monitored through port 443 (HTTPS) using TLS/SSL security protocols.

Figure 3. LAN control.

Wireless LAN (WLAN). Integrating the WLAN into UTM provides more than added economy of
hardware. Integrating WLAN into UTM provides a simplified method to ensure each network on the full
infrastructurephysical, WLAN, and VPNmay be controlled together to maintain consistent security
policies and controls across all networks on the control interface. This approach also detects and
eliminates potential blind spots and better prevents unauthorized or rogue wireless access to the
combined network. WLAN is also important for SMB networks where secure wireless coverage must
take the place of non-existent cable-based network connectivity, such as rented small office spaces.

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

With continued increases in mobile computing and BYOD operations, many people in todays
technologically-empowered workforce expect the ability to replicate their office environment wherever
they happen to be conducting business. Because of the many variables involved in such an endeavor
variations in available Internet speeds, availability of secured versus open networks, volume of users on
remote networks, the cost of high-speed links, and so fortha technique needs to be available to
enable effective remote communication for authorized network users. In this situation, a process called
WAN Optimization (WANOpt) is such a technique for use with UTM-empowered network infrastructures
(Figure 3).
WANOpt provides improved application and network performance to authorized remote users through
five primary methods [3]:
Protocol optimization. Improves efficiency of FTP, HTTP, TCP, and other protocols to accelerate
network performance.
Byte caching. Caches files and data to reduce amount of data necessary to be sent across WAN.
Web caching. Stores/caches web pages to serve on request to avoid reloading over the WAN to
reduce latency and delays between servers.
SSL offloading. Offloads SSL decryption/encryption onto SSL acceleration hardware to boost
web server performance.
Secure tunneling. Secures traffic crossing the WAN.
Power over Ethernet (PoE). PoE allows UTM to provide power to external devices, much like legacy
systems such as Universal Serial Bus (USB). With PoE, power can be supplied over Ethernet data cables
along extensive cable lengths, either on the same conductors as data or on a dedicated conductor in the
same cable (Figure 4). USB data + power capabilities are designed for up to 5m (16ft), compared to PoE
capability up to 100m (330ft) or even more with new PoE-plus developments.

Figure 4. Typical Power over Ethernet (PoE) cable configuration

UTM applications utilizing PoE enables connection of Wireless Access Points, 3G/4G Extenders, Voice
over Internet Protocol (VoIP) handsets, and IP cameras to the network security platform while keeping
the devices away from system main power supplies. Depending on how it is applied, some advantages of
POE over other technologies include: lower cost because of combined cabling for power and data, ability
to remotely cycle appliance power, and fast data rates.

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

3G/4G. 3G/4G extenders integrate with UTM to provide a secure WAN connection for SMB and
distributed enterprise locations, with ability to serve as a secondary failover connection to the wired
WAN link for business continuity or, if desired, as a primary WAN link.

UTM Functions
UTM provides a number of integrated functions beyond
the scope of NGFW. Two of these important functions
focus on threats inherent in platform capabilities used
daily by users in systems and networks of all sizes, from
personal computers, to smartphones and phablets, to
networks and data center operations and automated
business functions. In particular, these common threats
which continue also to evolve with technology and more
widespread integration of technology components into
common devicesinclude email and Surfing the Web.
You may have heard on many different commercialsboth online and on other mediathe phrase we
have an app for that! Fortunately, UTM has appsor solutionsto help protect your networks from
these continually evolving threats.
Antispam. One of most widely used buttons on email applications is the
one that allows users to designate messages from a particular sender as
spam, thereby delegating it to be routed to a folder for which the user
receives no alert when the message arrives and the message is often
automatically deleted at a programmed periodicity. UTM has an integrated
Anti-Spam function as well, acting as a filter to block threats like botsmany
of which arrive in user email boxes. The multiple anti-spam capabilities
integrated into UTM may detect threats using a variety of methods,
including:
Blocking known spam IP addresses to prevent receipt.
Blocking messages with any URL in the message body associated with known spam addresses.
Comparing message hashes against those for known spam messages. Those that match may
be blocked without knowledge of actual message content.
Comparing the client IP address and sender email address to stored whitelist/blacklist profiles.
Whitelist matches get through; blacklist matches get blocked.
Conducting a DNS lookup on the domain name to see if the domain exists or is blacklisted.
Blocking email based on matching message keywords or key phrases in a banned word/phrase
filter list. [3]

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

Intrusion Prevention Systems (IPS). IPS performs a dual protection function. In the UTM environment,
IPS protects the internal network from attacks that originate from outside the network perimeter as well
as those that originate from within the network itself. IPS is also discussed as a component of NGFWin
a UTM solutions environment, the IPS component provides a range of security tools to both detect and
block malicious activity, including:
Predefined signatures. A database of malicious attack signatures is included, which is updated
regularly to keep pace with newly identified threats.
Custom signatures. Customizable entries that add to the standard threat signature library to add
protection against new, little known, or unknown attacks.
Out-of-band mode. Alternately referred to as one-arm IPS mode, the component may be
programmed to operate as only an Intrusion Detection System (IDS), detecting but not acting
upon identified threats and attacks. In this configuration, such identified threats/attacks would
be analyzed on a separate switch port.
Packet logging. This feature provides the option to save network packets that match identified
IPS signatures and analyze the log files with analysis tools.[3]

Where UTM Fits In

As network magnitude and function complexity grow, so also must the capabilities of the security
apparatus. One of the considerations for both SMB and smaller, remote offices tied to a corporate
headquarters or central database is consideration of implementing UTM security as an all-in-one
solution that provides flexible, future-ready security that is user-friendly and threat-complex. Figure 5
illustrates how UTM may be deployed to support satellite branches in a distributed enterprise network,
while NGFW and Advanced Threat Protection (ATP) technology is maintained at the central office where
increased staff and capability exists to monitor and manage security parameters at all network locations.
Home Office / Headquarters. Next Generation Firewall (NGFW)
Application Visibility & Control. Identify and control applications on a network regardless of the
port, protocol, or IP address used.
Advanced Threat Protection (ATP). Sophisticated on-device and cloud-based detection and
mitigation techniques block Advanced Persistent Threats (APTs) that target specific people or
functions within an organization, and use extensive evasion techniques to remain stealthy for
long periods before exfiltrating data.
Remote / Branch Offices. Unified Threat Management (UTM)
Content Security & Web filtering. Combines sophisticated filtering capabilities together with a
powerful policy engine and cloud-based model to create a high performance and flexible web
content filtering solution.
Antispam. Real-time email protection against spam.
IPS/IDS. Intrusion Detection and Prevention Systems monitor, log, identify and block malicious
network activity.

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

Figure 5. UTM scalability

UTM: Scalable Deployment

Because UTM may be configured to provide network security tailored to specific environments, UTM is
designed for deployment across a broad range of organizational needs. The integrated hardware and
software features of UTM make it ideal for SMB networks, while simultaneous control of wired, VPN,
and wireless infrastructure components provide the means for distributed enterprise and select large
enterprise deployment (Figure 5). Across these various deployment environments, UTM provides
enhanced and cost-effective network security options.
SMB networks. Simple controls and multiple scalable options. Provides option for control and scalable
security for businesses with limited physical space and IT staff, or branch offices where IT policy and
control is managed from a central location (Figure 5).
Distributed enterprise networks. Simultaneous control of wired, VPN, and wireless infrastructure
components, with centralized control with advanced features to effectively run operations up to a global
scale.

10

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

Like many other sectors of the technology industry, UTM deployment may be accomplished in various
ways. A common method for vendorsfollowing traditional hardware procurement paradigmswas to
license UTM infrastructure based on the amount of devices included in the deployment package. In
other words, the standard was an a la carte menu of options.

Figure 6. Fortinets concept of Connected UTM

However, in an effort to provide a better option for organizations wanting to upgrade to the UTM
security model, leading UTM companies developed a new licensing model that more closely reflects the
bundle model offered by cable and DSL companies (Figure 6). Fortinet, recognized by Gartner as a
leader in UTM development and implementation along with CheckPoint, offers a bundle concept that
includes the purchased hardware, software updates, security feature updates for all included security
components, and system support[2]. This not only provides simplified licensing and reduced costs, but
also enables better future budget planning for UTM system customers.

11

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

Summary

NGFW improved on the basic gatekeeping security of Edge Firewalls by introducing such features as IPS,
Deep Packet Scanning, Network Application Identification and Control, and Access Enforcement.
However, beyond those capabilities, additional security functions meant additional appliances and
software configurations, increasing operational complexity for the network administrator.
Because increased operational complexity often results in bypassing of processes in the interest of time
or administrator overload, development was needed for a new dynamic vision of a flexible, future-ready
security solution to meet the needs of todays network environments and keep paceor think ahead
ofadvanced threats of the future. This dynamic, integrated network security conceptUnified Threat
Management (UTM)is in place today and ready for tomorrows evolving challenges.
Overcoming the difficulties of patching together legacy systems with newer, state of the art systems,
UTM brings flexibility, vision, power, and control to networks from SMB to large enterprises that have
international reach. Combining user-simple interfaces with threat-complex protections, as well as cost
effective procurement, operations, and support, UTM provides an optimum system to best ensure
continued network operations in a secure environment.

12

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

Key Acronyms
AAA

Authentication, Authorization, and

Accounting

AD

Active Directory

ADC

Application Delivery Controller

ADN

Application Delivery Network

ADOM Administrative Domain

GUI

Graphical User Interface

HTML Hypertext Markup Language

HTTP

Hypertext Transfer Protocol

HTTPS Hypertext Transfer Protocol Secure

IaaS

Infrastructure as a Service

ICMP

Internet Control Message Protocol

ICSA

International Computer Security

Association

AM

Antimalware

API

Application Programming Interface

APT

Advanced Persistent Threat

ID

Identification

ASIC

Application-Specific Integrated Circuit

IDC

International Data Corporation

ASP

Analog Signal Processing

IDS

Intrusion Detection System

ATP

Advanced Threat Protection

IM

Instant Messaging

AV

Antivirus

IMAP

Internet Message Access Protocol

AV/AM Antivirus/Antimalware
BYOD Bring Your Own Device
CPU

Central Processing Unit

DDoS

Distributed Denial of Service

DLP

Data Leak Prevention

DNS

Domain Name System

DoS

Denial of Service

DPI

Deep Packet Inspection

DSL

Digital Subscriber Line

FTP

File Transfer Protocol

FW

Firewall

GB

Gigabyte

GbE

Gigabit Ethernet

Gbps

Gigabits per second

GSLB

Global Server Load Balancing

13

IMAPS Internet Message Access Protocol

Secure
IoT

Internet of Things

IP

Internet Protocol

IPS

Intrusion Prevention System

IPSec

Internet Protocol Security

IPTV

Internet Protocol Television

IT

Information Technology

J2EE

Java Platform Enterprise Edition

LAN

Local Area Network

LDAP

Lightweight Directory Access Protocol

LLB

Link Load Balancing

LOIC

Low Orbit Ion Cannon

MSP

Managed Service Provider

MSSP Managed Security Service Provider

NGFW Next Generation Firewall

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

NSS

NSS Labs

SNMP Simple Network Management Protocol

OSI

Open Systems Infrastructure

SPoF

Single Point of Failure

OTS

Off the Shelf

SQL

Structured Query Language

PaaS

Platform as a Service

SSL

Secure Socket Layer

PC

Personal Computer

SWG

Secure Web Gateway

SYN

Synchronization packet in TCP

PCI DSS Payment Card Industry Data Security

Standard
PHP

PHP Hypertext Protocol

Syslog Standard acronym for Computer

Message Logging

POE

Power over Ethernet

TCP

POP3

Post Office Protocol (v3)

TCP/IP Transmission Control Protocol/Internet

Protocol (Basic Internet Protocol)

POP3S Post Office Protocol (v3) Secure

QoS

Quality of Service

Radius Protocol server for UNIX systems

RDP

Remote Desktop Protocol

SaaS

TLS

Transmission Control Protocol

Transport Layer Security

TLS/SSL Transport Layer Security/Secure Socket

Layer Authentication
UDP

User Datagram Protocol

Software as a Service

URL

Uniform Resource Locator

SDN

Software-Defined Network

USB

Universal Serial Bus

SEG

Secure Email Gateway

UTM

Unified Threat Management

SFP

Small Form-Factor Pluggable

VDOM Virtual Domain

SFTP

Secure File Transfer Protocol

VM

Virtual Machine

SIEM

Security Information and Event

Management

VoIP

Voice over Internet Protocol

SLA

Service Level Agreement

VPN

Virtual Private Network

SM

Security Management

WAF

Web Application Firewall

SMB

Small & Medium Business

SMS

Simple Messaging System

SMTP Simple Mail Transfer Protocol

SMTPS Simple Mail Transfer Protocol Secure

14

WANOpt Wide Area Network Optimization

WLAN Wireless Local Area Network
WAN

Wide Area Network

XSS

Cross-site Scripting

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

Glossary

AV/AM. Anti-virus/Anti-malware provides protection against virus, spyware, and other types of
malware attacks in web, email, and file transfer traffic. Responsible for detecting, removing, and
reporting on malicious code. By intercepting and inspecting application-based traffic and content,
antivirus protection ensures that malicious threats hidden within legitimate application content are
identified and removed from data streams before they can cause damage. Using AV/AM protection at
client servers/devices adds an additional layer of security.

NGFW. Next Generation Firewall provides multi-layered capabilities in a single firewall appliance instead
of a basic firewall and numerous add-on appliances. NGFW integrates the capabilities of a traditional
firewall with advanced features including:

Intrusion Prevention (IPS)

Access Enforcement

Third Party Management

Compatibility

Deep Packet Inspection (DPI)

Distributed Enterprise
Capability
VPN

Network App ID & Control

Extra Firewall Intelligence

Application Awareness

IPS. Intrusion Prevention System (IPS) protects networks from threats by blocking attacks that might
otherwise take advantage of network vulnerabilities and unpatched systems. IPS may include a wide
range of features that can be used to monitor and block malicious network activity including out-ofband mode (or one-arm IPS mode, similar to IDS). IPS can be installed at the edge of your network or
within the network core to protect critical business applications from both external and internal attacks.
Spam. Spam is usually considered to be electronic junk mail or junk newsgroup postings. Some people
define spam even more generally as any unsolicited email. Spam is generally email advertising for some
product sent to a mailing list or newsgroup.
UTM. Unified Threat Management (UTM) provides administrators the ability to monitor and manage
multiple, complex security-related applications and infrastructure components through a single
management console. The advantage to UTM is that it goes beyond the NGFW focus of high
performance protection of data centers by incorporating a broader range of security capabilities as
either cloud services or network appliances, integrating:

Intrusion Prevention (IPS)

Anti-Malware
Anti-Spam
Identity-based Access Control

Content Filtering
VPN Capabilities
Load Balancing

Quality of Service (QoS)

SSL/SSH Inspection
Application Awareness

VPN. Virtual Private Network (VPN) is a network that is constructed by using public wires usually the
Internet to connect to a private network, such as a company's internal network. VPNs use
encryption and other security mechanisms to ensure that only authorized users can access the network
and that the data cannot be intercepted.

15

Study Guide for NSE 1: Unified Threat Management 2016

(UTM)

References
1.

Rouse, M. Unified Threat Management Devices: Understanding UTM and its Vendors. Essential
Guide, 2014.

2.

Tam, K., et al., UTM Security with Fortinet: Mastering FortiOS. 2013, Waltham, MA: Elsevier.

3.

Tittel, E., Unified Threat Management for Dummies. 2012, Hoboken, NJ: John Wiley & Sons.

4.

Janssen, C., Quality of Service (QoS), in Techopedia.com. n.d.

16