Networks connected to the Internet need to be protected against malicious threats by various types of security scanners
services can be implemented as software running on PC servers
enterprise networks are more likely to use purpose-built Internet security appliances
range of security functions performed by these appliances includes the following:
Firewalls
allow or block traffic based on a network access control list specifying source and destination IP addresses and application ports
Intrusion detection systems (IDS)
programmed with scripts that can identify known malicious traffic patterns
can raise an alert when a match is made
intrusion prevention system (IPS) can additionally take some action to block the source of the malicious packets
Antivirus/antimalware solutions
scan files being transferred over the network to detect any matches for known malware signatures in binary data
Spam gateways
use SPF, DKIM, and DMARC to verify the authenticity of mail servers and are configured with filters that can identify spoofed, misleading, malicious, or otherwise unwanted messages
installed as a network server to filter out these messages before it is delivered to the user’s inbox
Content filters
used to block outgoing access to unauthorized websites and services
Data leak/loss prevention (DLP) systems
scan outgoing traffic for information that is marked as confidential or personal
can verify whether the transfer is authorized and block it if it is not
could be deployed as separate appliances or server applications, each with its own configuration and logging/reporting system
A unified threat management (UTM) appliance is one that enforces a variety of security policies and controls, combining the work of multiple security functions
centralizes the threat management service, providing simpler configuration and reporting compared to isolated applications spread across several servers or devices.