Join Lisa Bock for an in-depth discussion in this video Implementing SCM and UTM, part of IT Security Foundations: Network Security.
- Unified threat management is also referred to as a next generation firewall. Unified threat management devices provide firewall, intrusion prevention, antivirus, data loss prevention, content filtering, and protects the network from threats while reducing complexity. Unified threat management expands on this by protecting the internal wired network, wireless access points, endpoints, and servers.
Administration is generally managed through a single management console or digital dashboard. Secure content management focuses mainly on filtering email and web-based traffic. The Health Insurance Portability and Accountability Act became law in the United States in 1996, with the goal to protect the confidentiality and security of an individual's health information. Other laws in the United States are put in place to protect privacy, such as Family Educational Rights and Privacy Act, or FERPA.
Organizations seek to enact strong policy to support these laws, provide guidelines along with education to make employees aware of the reason behind the constraints and liabilities that could result from irresponsible internet behavior. Education can prevent data leakage, such as instructing a unit clerk at a hospital not to give away personal information about a patient's status. But what about accidental or intentionally leaking information via email? We'll use this example.
Someone might email someone at the hospital claiming that they are the son of someone who was admitted, and would like to know the status. The person responding might simply say, Dear Mr. Smith, your mother had to have gallbladder surgery and is recovering nicely. Now this may not have been intentional or malicious, but it's leaking confidential information. Secure content management helps prevent data loss from employees from sending confidential information via email or some other method such as social media sites.
Working like a beefed-up packet sniffer, content management devices scoop up and analyze potential risk of data leakage and also include monitoring for spyware, spam, and phishing attempts. I'm going to go to this Wireshark wiki, and I'm going to go to SampleCaptures. I'm going to download the sample capture smtp.pcap. I brought this up in Wireshark. This is a free protocol analyzer tool, and will give you an example of what content monitoring can do.
If we take a look at this, and I'm going to look at packet number 10, I'm going to simply right-click, and I'm going to say Follow the TCP Stream. Here we can see the contents of the email, and as you can see there was nothing bad, there was no data leakage. But this is the type of activity that takes place with content monitoring. If there were for example, social security number or user ID and password, this email would not be allowed to go through.
Note: This training maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). See https://www.microsoft.com/learning/en-us/exam-98-367.aspx for more information.
- Implementing secure content management (SCM)
- Implementing unified threat management (UTM)
- Introducing VLANs
- NAT addressing
- Network sniffing
- Understanding common attack methods, such as password attacks
- Protecting clients with antivirus software
- Implementing physical security