RE: How to review and report an utm box

[Byte <byte2binary () live com>]

UTM Box is a Hoax, It is just a firewall with some additional feature sets.
Anyway since you need to evaluate the UTM box, You have not mentioned your
use case. Do you intend to use it primary for packet filtering, NAT
Implementation, as a Perimeter firewall or as an Application level firewall.


I guess your answer will be all of the above. In this situation here are
couple of recommendations that would get most out of your evaluation:

1. Check What is the HW and Software 'inside' the box.
2. Develop the following use cases:
        a) Send yourself some massive traffic through WAN simulators and
Packet generators and monitor the performance.
        b) Send Malicious traffic to your UTM device including but not
limited to:
                i) Malware (Viruses, Trojans etc.)
                ii) Spam
                iii) Check and view the performance against reconnaissance
attacks such as NMAP scans, etc.
        c) Evaluate the TCP Error rate that it might generate. More errors
means more dropped packets which translates to crappy performance.
        d) Check and See if it has the capacity to detect probes and respond
to them by either dropping connections or delaying the attack. It also needs
to log those                    attempts.
        e) Honestly fire up your imagination and see more use cases that you
can develop. I don't think you will get a toolkit or anything like that to
evaluate the UTM.
3. Check the reporting capability of the UTM. See if it can send SNMP3
Alerts, Syslogs etc. in an orderly manner. And they need to be accurate.
Check the logging engines       that it supports.
4. Check and verify the support that the UTM vendor provides you. This often
becomes most critical when you have to troubleshoot it at midnight and
nobody is home.         Symantec and McAfee don't really believe in customer
is the king :)

Have fun,

Byte

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of a bv
Sent: Wednesday, August 01, 2012 6:52 PM
To: security-basics () securityfocus com
Subject: How to review and report an utm box

Hi,

I would like to evaluate , review and report a small utm box. I would like
to evaluate it and report it to the management. I need recommandations for
this .


Regards

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate.  We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------