Zentyal Unified Threat Manager¶

The UTM (Unified Threat Manager) is a more advanced concept of the firewall, that doesn’t only define a policy based on source or destination, ports or protocols, but that gives the necessary tools to secure your network. These tools allow you to interconnect different subnets safely, define advanced browsing policies, detect attacks on your network from Internet or from hosts in the internal network, among other options.

By using VPN (Virtual Private Network), you will be able to interconnect different private subnets via Internet totally safely. A typical example of this feature are the communications between two or more offices of the same company or organization. You can also use VPN to allow users to connect remotely and securely to the corporate network.

Another feature included is the definition of advanced browsing features based on, not only on the content of the pages, but also on the different profiles per subnet, user, group and time, including malware analysis.

Since the e-mail became popular, it has suffered from unwanted mail, sent in bulk, often to deceive the recipient in order to fraudulently obtain money from him/her or simply with unwanted advertising. You will also see how to filter incoming and outgoing e-mail in your network to avoid both the reception of these e-mails and to block outgoing mail from any potentially compromised computer of your network.

Finally you will learn about, perhaps the most important feature of the UTM, the IDS (Intrusion Detection System). This element analyzes the network traffic searching for signs of attacks and alerting the administrator so that necessary measures can be taken. Unlike firewall that imposes static rules predefined by the administrator, an IDS analyzes each real-time connection. Although this feature allows you to go one step further in maintaining the security of your network and be immediately aware of what is going on, it is inevitably affected by false positives, security alerts on harmless events and also by false negatives, not identified potentially dangerous events. You can lessen these drawbacks by keeping the recognition rules and patterns updated. By using the Advanced Security Updates of Zentyal [1] you can automatically update the IDS rules, a wide range of rules and patters pre-selected by the security experts of the Zentyal Development Team.