Unified Threat Management Device Roundup

• How We Tested
• Astaro Security Gateway 110
• Check Point Safe@Office 1000N
• Netgear ProSecure UTM 50
• SonicWall NSA240
• WatchGuard XTM 810
• Testing Results
• Test Analysis

Cyber-attacks are constantly evolving and the attack methods used are constantly adapting. In a similar way, the traditional layers of defence have grown increasingly complex and interrelated. The convergence of security technologies to a single appliance; the Unified Threat Management (UTM) device is a logical approach and can go a long way towards managing security in most organisations.

A typical UTM device offers far more than just firewall functionality. A good UTM device is extremely valuable on many levels. They can help prevent end-users from accessing inappropriate web sites, by using inbuilt URL filters. UTMs can aid employee productivity by limiting internet access and enforcing the business’s usage policy. They can help prevent malware outbreaks by scanning and blocking suspicious content at the gateway. They can help stop spam email from reaching end users. They can provide a Virtual Private Network (VPN) tunnel for secure communications between separate business sites, and can enable secure connections to trusted third parties such as out-of-office employees, customers and partners.

A properly configured UTM device helps ensure the inadvertent actions of their employees or deliberate activities of attackers is controlled. In the on-going game of cat and mouse between cyber-attacker and corporate defender, UTM devices are a powerful weapon.

In this review we’ll be providing an overview of the features and functionality of five commercially available UTM devices. We’ll put each device through its paces, testing the firewall components and taking a close look at their security configurations.

How We Tested

This review concentrates on the core functionality offered by each device. We tested five devices that are marketed towards small-to-medium enterprises.

• Astaro Security Gateway 110
• Check Point Safe@Office 1000N
• Netgear ProSecure UTM 50
• SonicWall NSA240
• WatchGuard XTM 810

Firstly, each UTM device was deployed in typical way, by connecting each device simultaneously to the internet and a protected internal network. Client and server machines were set up on the newly protected network, they were given free rein to access the public internet. Our main aim was to accurately represent a (basic) real-world environment.

Secondly, each UTM device was examined in detail - inside and out. We performed a thorough TCP network scan (covering all ports; 0 to 65535 inclusive) over the internet to get a realistic attacker perspective. We then conducted a full TCP port scan on the protected internal interface to discover which ports were open or detectable from the LAN. It should be noted that evasion, stealth, and UDP scanning techniques were considered out of scope in this review due to time limitations and to avoid any false positive results.

Finally, we applied custom outbound firewall rules to test the accuracy of the devices’ outbound security policies.

• Tweet