Testing So-Called 'Unified Threat Managers'

snydeq writes "The InfoWorld Test Center has released vulnerability testing results for four so-called 'unified threat managers' — single units that combine firewall, VPN, intrusion detection and prevention, anti-malware, anti-spam, and Web content filtering in lieu of a relay rack stuffed top to bottom with appliances. The lab threw nearly 600 exploits of known vulnerabilities in a wide range of popular OSes, applications, and protocols, and despite being designed to thwart such threats, the UTMs as a class allowed hundreds to pass through. Why did the UTMs miss so many exploits? A lack of horsepower to perform the necessary deep packet inspection under load is suspected, as the lab pushed the limits of each unit's throughput with legitimate traffic. 'The upshot is, although the vendors have packed these devices with additional gateway security functions, clearly many UTMs are still strictly firewalls at heart.'"

Re:Flawed by Design.

[0x537461746943]

But by putting a bunch of services on one box the avenues of exploitation of that device increases. If the Intrusion Detection and virus scanning were on another system then you reduce your chances of the firewall itself being compromised.