Netgear UTM50-100NAS User Manual
ProSecure Unified Threat Management (UTM) Appliance Reference Manual
1-4
Introduction
v1.0, January 2010
A Powerful, True Firewall
Unlike simple Internet sharing NAT routers, the UTM is a true firewall, using stateful packet
inspection (SPI) to defend against hacker attacks. Its firewall features have the following
capabilities:
inspection (SPI) to defend against hacker attacks. Its firewall features have the following
capabilities:
•
DoS protection. Automatically detects and thwarts denial of service (DoS) attacks such as
Ping of Death and SYN Flood.
Ping of Death and SYN Flood.
•
Secure firewall. Blocks unwanted traffic from the Internet to your LAN.
•
Schedule policies. Permits scheduling of firewall policies by day and time.
•
Logs security incidents. Logs security events such as blocked incoming traffic, port scans,
attacks, and administrator logins. You can configure the firewall to email the log to you at
specified intervals. You can also configure the firewall to send immediate alert messages to
your email address or email pager whenever a significant event occurs.
attacks, and administrator logins. You can configure the firewall to email the log to you at
specified intervals. You can also configure the firewall to send immediate alert messages to
your email address or email pager whenever a significant event occurs.
Stream Scanning for Content Filtering
Stream Scanning is based on the simple observation that network traffic travels in streams. The
UTM scan engine starts receiving and analyzing traffic as the stream enters the network. As soon
as a number of bytes are available, scanning starts. The scan engine continues to scan more bytes
as they become available, while at the same time another thread starts to deliver the bytes that have
been scanned.
UTM scan engine starts receiving and analyzing traffic as the stream enters the network. As soon
as a number of bytes are available, scanning starts. The scan engine continues to scan more bytes
as they become available, while at the same time another thread starts to deliver the bytes that have
been scanned.
This multithreaded approach, in which the receiving, scanning, and delivering processes occur
concurrently, ensures that network performance remains unimpeded. The result is file scanning is
up to five times faster than with traditional antivirus solutions—a performance advantage that you
will notice.
concurrently, ensures that network performance remains unimpeded. The result is file scanning is
up to five times faster than with traditional antivirus solutions—a performance advantage that you
will notice.
Stream Scanning also enables organizations to withstand massive spikes in traffic, as in the event
of a malware outbreak. The scan engine has the following capabilities:
of a malware outbreak. The scan engine has the following capabilities:
•
Real-time protection. The patent-pending Stream Scanning technology enables scanning of
previously undefended real-time protocols, such as HTTP. Network activities susceptible to
latency (for example, Web browsing) are no longer brought to a standstill.
previously undefended real-time protocols, such as HTTP. Network activities susceptible to
latency (for example, Web browsing) are no longer brought to a standstill.
•
Comprehensive protection. Provides both Web and e-mail security, covering six major
network protocols: HTTP, HTTPS, FTP, SMTP, POP3, and IMAP. The UTM uses enterprise-
class scan engines employing both signature-based and Distributed Spam Analysis to stop
both known and unknown threats. The malware database contains hundreds of thousands of
signatures of spyware, viruses, and other malware.
network protocols: HTTP, HTTPS, FTP, SMTP, POP3, and IMAP. The UTM uses enterprise-
class scan engines employing both signature-based and Distributed Spam Analysis to stop
both known and unknown threats. The malware database contains hundreds of thousands of
signatures of spyware, viruses, and other malware.