‘Y TESTCENTER
`Plastic Fantastic
`Smartcards and tokens
`‘
`‘
`arebecoming more
`ub1quitous.We examine
`
`.
`
`=
`
`: MARKETSURVEY
`V»
`j
`- Keeping IT clean
`I Preserving e—commerce . * -' "
`: sites is a major issue
`j *
`-
`today. We look at 15
`‘
`:
`
`*4 * fr A,‘
`
`“
`
`ft
`*
`
`’ "
`
`- 5
`A"
`"
`,5)? X “ *’~‘
`
`ten products which cover I solutions to preserve
`various applications.
`' your web site intact.
`PAGE 50
`PAGE 58
`
`
`
`_
`-_:u'_ '
`
`_.
`3; 3: _
`
`click here
`for online
`news
`
`.h_
`
`-
`
`..‘.‘-u.-,9-..':‘ "1'; "F '''‘r:''.
`
`'
`
`"
`
`i
`‘_-5
`
`.
`
`I
`
`-
`
`I7
`
`?
`
`VOLUME 12 0 No. 3
`
` Radware Exhibit 1016
`
`Page 1
`
`

`
`gig:-_'_r‘.-"
`
`3-I.’"'9.T'_.‘l.'W';:-r‘r‘..~__r_1;.__
`
`
`
`
`
`
`
`
`Every day, more otyour company reiies on tecimoiogy for information. comrnuni'cation and management. And every day.
`that tecirnoiogy needs more protection. Symaotec“ Enterprise Security provides it. Our best—ot-breed tecimoiogy deiiv—
`ers inaximorn security witir minimai impact on performance. We ottera comprehensive range of services to design and
`impiement soiutions. And you can reiy on our giobai response network to distribute fixes to the latest dangers.
`in team
`more about the wortds #1 security software company; or to get a copy of our iatest White Paper. ‘Tundamentais of
`Secure information ieciinoiogy. " visit www.symantec.com/ses3 or ceit 8titi—745-5054 promo code 91123.
`
`id
`
`Page 2
`
`

`
`
`
`PRODUCTS
`42
`First Looks
`
`File Protector makes it easy to
`
`‘
`"
`
`if H keep yourfiles andfolders really
`private, with a range of
`
`'
`
`‘invisibility’ options.
`
`
`With IP address cloaking and
`AVprotection, GateLock
`X200 will keep you safe on
`
`the Internet.
`
`Eovggm ;_3TORY
`28 Biometrics Technolo
`Making Moves in the Security Game
`Biometric technology seems to offer an ideal
`-.
`solution for secure identification, based on who you
`"
`are. lllena Armstrong looks at some ofthe problems
`and possibilities.
`
`
`
`'
`
`Plastic Fantastic
`
`The use of smartcards and tokens forvarious forms of security is
`
`becoming an everyday occurrence. Jay Bellamy examines 10 products
`covering a range of applications.
`
`
`
`Thestrrrdycornbinatiorr lockand
`cable ofNotebook Guardian
`C0mboLock are a good way
`to deter thievesfi'0m stealing your laptop.
`
`44 Product Reviews
`Blade IDS Informer
`
`[MARE-4iiET'i‘ sunvev
`58 Keeping IT Clean
`
`In today's complex networking environment, preserving e
`commerce sites is a major issue. Berni Dwan looks at 15
`solutions to help keep yourweb site intact.
`
`l_SECCtNt"r FEATURE
`
`
`
`_
`
`; '2 - 1;; A unique product to ensure
`that your IDS is working as
`
`it should be.
`
`i
`
`46
`
`Product News
`
`Four of the latest hard— and software
`products looked at.
`
`uiished 12 tirrnas a
`so iitagazii-15'“ lrsshl No. 1095-?9?41 is
`year on _a monthly basis try west coast ubllshin im:.. in
`Worceeier Road. Suite 201. Fran-ii
`gn1.M.fl D1 01 |J.S.A.:
`phone (503: 373-9?92:
`In:
`|. GB} 8-79-2?55: Elrrall
`rue-youIigE'we§n:oa5t.cotl1. Fartoillcain pr.-Eta
`Ffanrirryram. MA 033132 and nridiiianm mulling
`M.:!5IEi'-t: Send address changes to SC Magazine“. P.O Box
`101.\Mncnes~f.ar.MA01B9(}01U1.Com.1lghlD 2002 by west
`Coast Puhlishinfl Inc. All rights reserved. Reproduction in
`viriroie or part. or storage In B-reti'iE_val si_rS'LI'.|rI1. or transnfi-salon
`In any [gun wimour. me rmar uurmixsinn ol the publishers in
`writing is prohibited.
`so M‘
`e"' is uisrrlboreri wimnm cnaége tn zauairrreu reader:
`in the
`.5. and Canada. Rnliual subacrimiuns In others: U.S..
`8-BO; Cmma and Mexico, $?5: other foreign d|5lI'ibu1J-on, $160
`(air-service}. Single-cow price: LF.5.. Canada and Mexico. 38:
`other iomigrr. 516. Fitness 2:-rciosa check or money oiaiur. oar
`3}; ';;f;_f}Efig§L1gP}'{;'}j*g.
`"‘°-,-*“"" i'°"'°""="”-$- *’°"a'=
`
`Pa e #
`9
`21
`49
`24
`
`Advertiser
`Computer Associates
`www.ca.com/elrust
`CyberGuard
`www.cyberguard.com
`Ecora Corporation
`WHIW.eCGta.0Us'I|’WOS9C
`9'DMZ Security ,
`EVIVVW-9:)’f'zf9CU"Ti’-00m
`7°".
`3'9
`“"“*’~'”'*!"’95'"%:59e’-Com’
`“Sammy Inc
`Mmjsea-Mm;’C_mm
`Fmuresoft
`WWW dc,-fine, mwsc
`GI“ . T h‘
`I
`'
`55
`Mn?‘ ",5: c?,‘,),,°g'es
`GI
`T i
`A
`23
`M35213?:gl,':°'°gy 55°C‘
`'
`.
`'
`'"°- 19
`
`51
`39
`
`55
`17
`
`Pa e #
`9
`8
`73
`45
`
`Advertiser
`lntemet Security arstems
`www.iss.net/ad/sc
`IDUG
`wvvw.idug org
`NFR Security
`wvvw.nfr.com
`PassGo
`www.passgo.com
`Pentasafe
`vvwvv.penlasafe.com
`Pest Patrol
`www.PestPatrol.com/promo/sc03
`Pricewaterhousecoopers
`www.pwcIgiobai.conr/secunty
`Sanctum, Inc.
`www. Sanctumlnc.com
`Sandstonn Enterprises, Inc.
`wwwsandslorm net
`§.$.°.r“.§°e£’rf.'.??‘..".‘i$'.i.-.i"f.‘.’.»I.l’.;..
`
`71
`
`11
`
`47
`33
`
`63
`22
`4‘
`
`Page#
`
`Advertiser
`Silent Runner
`www.sr'Ientrunner.com
`Sonicwall
`wwvrr.soni’cwall.corrWpncenler
`SSH Communications Sec.
`www.ssh.com
`Stonesoft
`www.sronesoft.com
`Sunsarrl Availability Services
`Mmsungmiconfsvaiiabrily
`Surfcontrol
`wvwv.surfconlro/.com
`sybarl S-ofprrrare
`wvwr.sytIai1.cwrVaal9$c03
`armantec
`wvvwsymanteccorrr/ses3
`Tivoli
`www.tivoli.com/safe
`-
`‘r’.‘r’r".‘r??.~?.'2"v§2§:.’!'.;-’.‘rf‘.‘;'..?§s°£""
`
`page #
`53
`31
`43
`
`Smartcards and Tokens
`Marching Onwards
`As smartcards and tokens finallyfind their place in today's cyber and
`5;] physical security infrastructure, lllena Armstrong asks a number of experts
`fortheir insight into where the technology is today.
`M 0 R E -9-»
`
`
`
`rd
`-"2.
`
`D
`
`_
`
`-
`
`-
`
`_
`
`'7
`
`Advertise;
`14».
`
`symp‘
`Aiariurn Knnwladne Wm,‘
`mm_9,-m3ddm_mWSc
`Appeam
`wrm.appgai’e.mm
`Blndview
`75
`MiMr.nr.rm::rw_com
`Bloscrypi
`37
`:11-\rv.broscryrrlcom
`omrn
`rr_...v;ir.?r’3rE5.$1.‘.i.“...‘.’.."?‘.l'.‘.t‘.';.._..,...... 2*‘
`
`
`March 2002 SC MAGAZINE E Pae 3
`
`
`Page 3
`
`

`
`_WEBS_I_'I'E
`
`
`
`.scmagazine.com
`
`EDITORIAL ADVISORY BOARD
`Peter Browne Senior V'u2Presidenl’
`Information Security Division
`First Union Corp.
`Barln'aG.GI.fi(Jrir_i’
`Security and Integrity Branch
`Social Security .-\drninjstra1ion
`IIermtIIJ.G.lIIerV'rcePrm'denr
`Infonnation Security Institute
`P&(Iru:
`Dir-mar offrrfornrntiorl Scruriz)-. Atomic Tangerine
`and Cyllr-rdrmr at Info rruatiort Security University
`Dt.I1ch!aoatad'ryProgrwr:Mur:r:ger
`National INFOSEC Education and
`Training Program
`National Secu rity Agency
`Ihllrlllhhw
`htfornrrtrian System Security Consultant
`Deloitte fir Touche LLP
`”
`%I'¢il'.FhrItzr
`Ernst 8: Young LLP
`lefls.Johnaon
`Infornrrttinrr Protection Manager
`Cartgill. Inc.
`Ra'Ii$liN.Sra'mII:Ge:u:mIDire¢wr
`In form;tt-ion Systems Security
`General Motors Corp.
`corny D. Sdiou Prafzaxor and Cirrrfrnrnn
`Computer Information Systems
`
`5l'€Ih"ll]‘ Btmm-$5 Security Manager
`SEC Services. 111:.
`
`SC Magazine" is circulated to key information ‘security
`personnel throughout all sagrnerrts of
`uammant and the
`financial. Insurance,-servrl-lie and menu at.-turlng Industries.
`Articles. product releases. nan-9, upcoming awards and other
`editorial carry are selected to provide a moadtrasad under-
`standing or information security Issues.
`services. products and their applications. west Coast Pub
`lishlng inc. reserves the right to refuseeny material that
`does not oonterm [0 its policies. West Coast Furnishing inn.
`is not responsible for the more nt. tBDrE.',i-|bl'I'l£Iti_OfIS or opin-
`luns in submitted material and interviews. la-nth editorial and
`atlvertisenterrts. or for transcription and reproduction emors.
`not can they be held legally responsible for any injuryand/or
`damage to persons or property from any use or operation of
`any rneIhod.s_. products. Instruction or ideas contained In the
`Ioularlai published herein. All trademarks are acknowledged
`as U123 om-96111 of their respective owns re.
`
`15
`
`16
`
`Commentary
`lllena Armstrong The Body Slam Invaders of Privacy
`
`or Not?
`
`Executive Security Digest
`Stratum8 Scores $10 Million/lTSecurity Start-Up Secures $5 Million/Redsiren and
`Central Command Team Up/l/endors Help Australian Companies/Zone Labs and iPass
`Work Together/Joint Order for Datakeyand Rainbow/Websense and SonicWALL Partner/
`RSA, Waveset Team/CyberGuard Expands Presence in Europe/Impento Opens HK and
`London Offices/New Security Research Company/Fmally Software Opens U.S. Offlce/
`Caradas Adds New Executives/Kroll Hires New Director, D. C. Manager/NAI Expands
`European Team/Bush Appoints Microsoft CS0 to CIP Board
`
`20
`
`News
`
`U.S. and global security issues.
`
`72
`
`Industry Watch
`‘Good’ Viruses Crucial to Self-Healing Internet by Cyrus Peikari.
`
`72
`
`Events 2002
`
`Conferences and Exhibitions for the next three months.
`
`74
`
`The Last Word
`
`Looking Out vs. Looking In by Harold Kester.
`
`
`
`9 Advertisers’
`
`Index
`
`MORE ->-D
`
`Vfl
`
`You want the latest
`information security news?
`
`says it all!
`
`The name
`
`www.scmagazlne.com
`
`
`
`Searching for Onlin
`
`Both individuals and companies have legitimate fears
`that private data held digitally may be unlawfully
`accessed. lllena Armstrong explores some of the
`dangers and solutions.
`
`48 SC 2002 Awards
`
`
`
`»
`
`.
`
`I
`‘W
`
`
`' ’ I
`
`I M if. Your chance to influence the selection of winners in this year's Awards.
`
`Page 4
`
`

`
`
`
`LE;
`
`
`
`real—time access is the whole point of the exercise. In
`u
`It’s all a question of trust, and secure,
`es usually deploy web applications somewhat hur-
`fact, it is probably true to say that cornparu
`riedly, anxious to make new features available to customers. Testing for security holes there
`fore is usually way down the list of priorities, not to mention the fact that the specialized
`expertise and financial resources required for such a task is not readily available.
`
`Doubtless, many web server deployments
`are done on a wing and a prayer, but this could
`hardly have been the case with the 13.5. De«
`partment of Justice web site where-Janet" Reno's
`picture was replaced with one ofAdolph Hit-
`ler. It's a fact of life that network topologies
`are becoming ridiculously complex and that
`the roller coaster progression of e-commerce
`as the de facto standard of conducting busi~
`ness is doing nothing to appease this situa-
`tion. Do we trust the concoction of computer
`technology that enables us to engage in e-busi-
`ness? If the -answer is yes, then we will not
`require any of the network security, web server
`security. intrusion detection and vulnerability
`testing, fl1'l.ll.“Vl.|'|.l§, firewall or virtual private
`network WPN) products currently available.
`If the answer is no, then we must embark on
`a fact-finding mission to ascertain the correct
`mix of products to protect our e—assets. The
`hardware, software, systems and applications
`that make today’s business possible have also
`transformed our previously safe environment
`into a veritable minefield, and by merely en-
`gaging in e-business we have become risk tak-
`ers extraordinaire.
`
`SC MAGAZINE March 2002
`
`Protecting applications raises the goalpost.
`presenting businesses with new challenges un-
`like those associalcdwith protecting the network.
`Traditional security products targeted the biggest
`threats that emerged as computer networking,
`email and web applications were adopted by cor-
`porations. These. were perimeter protection
`{firewalls}, network protection (network-based
`intrusiondetection) and filc- based security (anti:
`virus), and corporations purchased the products
`to solve these security issues. But these technolo-
`gies do not addrem new attacks that circumvent
`existing protocols to attack applications, or new
`content-based attacks that attack wstcms be.-
`fore vendors are able to release and distribute
`signatures and other counter-measures. as pointed
`out in OKBNA. l.r1c.'s Technology Best Practices
`forlmrusiou Preverrtfon (www.okena.com).
`Herésjust a taste of what you are up against:
`changes to information in hidden fields. _e-shop-
`lilting. tampering with CGI parameters, modifi-
`cation of data in uneucrypted cookies, planting
`malicious code in text fields, and use of debug
`options or backdoors left in applications. And
`you thoughtyou onlyhad to worry about debas-
`ing the site. and information theft! Changing
`
`hidden fields is a good example we can all relate
`to if we have merely tjnkered with HTML. Of»
`ten included in web pages to maintain session
`information such as price, hidden fields are just
`that, and the t‘eg'u_lar user is oblivious to them
`However, ifthe user-opens the page in an HTMl
`editor, which is easy to do, the hidden fields art‘
`revealed and can be altered (if the user is mali-
`cio us), enabling problems such as e-shoplifting.
`No two applications are alike, and applica-
`tions that are alike are used differently by each
`organization. This rnoveahle feast then. need»
`something more than traditional network secu-
`rity ro capture all its foibles. These foibles. av-
`outlincd by 'KaVaDo on th eir web site-
`(www.kavado.corrI!thrcats.htm}. include IT in
`frastructure vulnerabilities and misc-
`onfigurutions, third party andcustomized soil ~
`warevulnerabilities, and database manipulatiu n
`and vulnerabilities. With software bugs legion.
`it’s a battle of the patches out there.
`Exploiting
`-IT
`infrastructure
`vulnerabilities is probably the casi.est.wa'y to
`attack an application, as there are literally
`thousands of known vulnerabilities in the
`basic components commonly used to set up
`
`www.scmagazIne.com
`
`Page 5
`
`

`
`
`
`Version: 4.0
`Supplier: Sanctum Inc.
`Price: on application
`contact: (408) 8559500
`sanctumsaIes@sanctuminc.oom
`www.sanctumInc.oom
`
`FOR There is even an option to hide sensitive data like
`passwords and credit card numbers in logfilesl It's easy
`to do and itworks.
`AGAINST None.
`VERDICT This is a massive product, and I haven't even
`scratched the surface. It is sophisticated with an
`incredible range of services.
`
`Features
`Ease of use
`Perfomtanoe
`Documentation
`§uppoi't
`valuefurrmnay
`Overall Ratlng
`
`‘k‘k*‘k‘k
`Vktittfi
`**1\'**
`it-A"k'i'rir
`'k_1--A-~A_'~k
`_
`I_'l@-
`***.fl
`
`Most products in the business ofweb server
`protection do the regulation blocking, log-
`ging and alerting of the illicit activity. but
`rip,-i3lu'eld goes a step further by actually
`sending a warning to the possible perpetra-
`tor that the questionable behavior has been
`detected and recorded. Appsliicld is a 2427
`automated web application firewall secur-
`ing both your site and applications even if
`your site generates content dyuzirnically or
`you continually develop andlaunch new ap-
`plications. Employing Sanctunfs patented
`Policy Recognition engine, Appshfelrl cre-
`ates, automatically and on the fly, rules for
`legitimate behavior based on the HTML code
`within the page. It is then able to check that
`every request conforms to the specific policy
`for that user session and page. It is also worth
`noting that r‘IppSlI.le‘lrl is the first security
`product to achieve certification for web ap-
`plication policy enforcement (WAPEJ from
`ICSA Labs.
`The current dichotomy of e-commerce
`lies in the fact that at one end of the spec-
`trum you have economic success, while at
`the other end you have an explosion of new
`software code to keep abreast of dynamic
`web applications, which need constant
`patching and updating to remain secure.
`Really a web application flrewa||.AppS.lrield'
`secures the web site by blocking any type of
`online application manipulation.
`I always warru to a system that gives you an
`escape route if you mess up, and AppS}Ir'eld
`has some handy escape features. For example,
`each time you modify therlp_oSlu'rld configu-
`
`Revert Configuration command and try again.
`There are four configuration modes available
`that should cover the majority of network
`topologies. Tasks like certificate installation
`that could prove tedious if you have lots of
`web servers can be dramatically simplified
`using the copy procedure. You only need to
`install a certificate on one web server and
`merely edit the IP address and port on all
`subsequent servers.
`/ippSln'cld employs URL mapping, and
`this could be avital feature for readers with
`higher than average security requirements.
`An embedded reverse proxy feature, it ena-
`bles you to map a route for requests received
`through »lppSlIieItl, from the requested URL
`to a different URL. This is completely trans-
`parent to the client and its implementation
`is extremely advantageous, the most obvious
`being that true path information and direc-
`tory structures are hidden.
`You can define the level of security you
`want Appfihield to perform on your site or
`customize your own level. There are three
`predefined levels available: strict, intermedi-
`ate and basic. These are designed by Sanctum
`to hit the optimal balance between ease of
`configuration and the level of security desired.
`Whichever one you choose. you can select an
`enforcement mode of active or passive de-
`pending upon whcther you want active pro-
`tection or merelylogging ofsecurity alerts.
`
`
`
`Verslon: 2.0
`
`Supplier: Entercept Security Technologies
`Price: on application
`contact: (800) 599-3200
`saIes@enteroept.com
`vNvw.entetoept.oom
`
`FOR Instant update feature opens a secure connection
`to Entercept Security Technologies to automatically
`dovmload updates.
`AGAINST None.
`VERDICT Easy to configure and use, providing
`excellent application and system protection for
`web sewers.
`
`Features
`Ease of use
`Performance
`Documentation
`Support
`VaIueforn'ion§y_
`Overall Ratlng
`
`A host—based, real—time intrusion prevention
`and security enforcement system, Entercept
`
`March 2002 SC MAGAZINE E Page6
`
` .-an integrated Internet environment. This
`
`. [fives service providers with the pernianent
`ongcli ng task of up_gra'ding and patching
`their systems to prevent those vulnerabilities
`from compromising-the‘-security ofthe whole
`_g[[_\fi moment. But attackers, keeping them-
`selves up to date with new vulnerabilities,
`find it extremelyeasy to penetrate the serv-
`ice provider environment.
`Third party and cu.storniz_ecl software
`vulnembillt_ies_provide attackers with endless.
`pppttrtunltles to penetrate systems. as creating
`and maintaining a-sejcuife htlp-based'applica-
`tion is a burdensome task requiring constant
`quality assurance and_secun‘t'yao"a_lysis.Custom.-
`-icing software'de'vE1oped bythird-partyvendors
`exposesyou both to errors made by the software
`vendor and to vulnerabilities created during the
`customization process.
`The databa'se,'bciI:tg the heart of most sys-
`tems, is them_os_t lucrative_tar-g,-etto attack. While
`the database itself is usually secured, it is still
`open tothe application usingil.
`inmost
`cases applications. need to perform both read
`‘and write operations. 'tiI_Ie.a_t>t'J1lcation is usually
`aul ltorized to interact freely with the database
`While that problem can be addressed by care-
`fully defining access ‘rights in a modestsystem,
`approach becomes insurmountable in more
`complex systems. The multitude of difierent
`inrerfaeesaod maintenance applicationsaooess-
`ing the same database militates against design-
`ing 3 fail-safe system.
`So what are we to do in the face ofthese new
`vulnerabilities eloquentlydescribedl:)‘KaVnDo2
`Wt-11. Okena have listed ten best practices that
`can he-"appreciated by anyreader,
`of
`their productloyalties. They advise host-based
`protection. enforcing security at the desktops
`and servers, where the actualworkis performed
`and the potential for damage" is grea'tesL ‘.‘As
`technologies such as high-speed networks-,
`switching, and end.-to,-end encryption are more
`widelyadopted, providingdesiredsecurity atfl-re
`network level becomes a major challenge!’ Re-
`gnrd'mgreal«tir'n'eprevention decisions theysogs
`gest that application ‘cells must be intercepted
`at ihekemellevel. Recognizing that attacks have
`nmltiple phases, they advocate a defense in
`depth, where each phase ofan attack-gets it re-
`sponse.-byintercepting all-major points ofcom»
`niuuication between applications and the
`Underlyiogs-ystem.
`survey address
`The products in this
`above. and a lotmore
`all theproblems
`besides. I worry sometimes though, when I see
`product literature dcsclibing eve1ypossible-vul-
`Uilrability inrgreat-detail. and how they occur. Is
`this fodder for the malicious user, or did they
`kn ow all ofthis already anyway?
`
`
`
`Page 6
`
`

`
`Security Manager
`with ESM for Webservers
`
`..
`
`E § i
`
`ss
`
`Version: 5.5 and 1.0
`Supplier: Symantec
`Price: on application
`contact: (408) 253-9600
`FAX (408) 253-3968
`www.syrrmtec.corn
`
`FOR With Live Updatecapabilitiesand secure remote
`update functionality, adrninistrators can safelydeploythe
`latestsecurityoheckagentsworldwideviathe Internet
`AGAINST None.
`VERDlcTProvidesaoomprehensive$ourityartalysisof
`
`Featues
`Easeof_use
`Pertommoe
`Doctmentation
`Sigyxt
`Y3’-'*l°*‘""!H__
`Overall Rating
`
`Enterprise Security Manager is a comprehensive,
`policy-hasetl security assessment and tnanagc-
`ment tool, which intelligently assesses network
`vulnerabilities with over 1,500 security checks,
`on Windows NT 4.0, 2000, XP, Solaris, HP—UX,
`AIX, Linux, IRIX, Digital UNIX, NetWare,
`Scquent a nd VMS. ESM security checks provide
`protection in three key areas — user accounts and
`-.mthorizatinns, network and server settings, file
`systems and directories. It takes the approach of
`managing security through vulnerability assess-
`ment and policy compliance, from a central con-
`sole and/ or delegate control over sections to
`different individuals, even over the Internet.
`Like some other vulnerability checking prod-
`ucts in this market survey ESM checks multiple
`systems simttltaneousiy for deviations from se-
`curity policies. such as missing O5 patches, inap-
`propriate user password settings, unauthorized
`privileges, incorrect file access, changes to secu-
`rity settings. and incorrect system configurations.
`Vo!J1et'abil ity checking and policy compliance is
`an automated all"-ai r for all systems across the
`enterprise from a single location. This means
`atttomatically measuring security on servers.
`workstations, routers, hubs, applications, and
`even databases.
`While ESM focuses on network resources
`
`and the policies applied to protect those resources.
`ESMf0I'WCi1S€rl*tir5, a module that sits on top of
`ESM, uses it nctwork—based assesstnent approach
`to actively examine web sewers in an enterprise.
`It then reports the W l ner-abilities it finds on the
`ESM Enterprise Console. Each of the 270+ se-
`
`www.scmagazine.colfiage 7
`
`I
`
`work-wide intelligent agents on workstations
`and servers to enforce appropriate behaviors
`is clever. Stormwatch takes a layered approach ,
`that responds to each stage of an attack
`lifecycle. While it proactively defends against
`attacks at the host level, it goes on to pre-
`vent network damage if its host protection is
`defeated. The Stormwatch policy rules as-
`signed to each server and workstation are ap-
`plication-centric access control rules and are
`not based on users or IDs.
`-
`Best Buy goes to MFX's
`- WebSiteLock for its novel object
`code technology (OCT). OCT does a
`byte-by-byte comparison between a
`working copy of a file and a master
`copy of the same file, and if any
`byte difference is detected, the working file is
`corrected at the byte level ratherthan replacing
`the entire file. Employing this rather than the
`more commonly used checksum method ensures
`file integrity. Furthermore, WebSiteLock|iterallyl
`locks the contents of your web site, and protects
`the files available to public users from any form
`of tampering. As well as being an intrusion detec-
`tion system through its immediate reporting of
`any attack to the system administrator,
`WebSiteLockfacilltates an immediate and au-,
`tomatic rebuild of any damaged or deleted files
`with the original files.
`
`
`
`M.=\GA2'.[h."E
`
`
`
`1 Not wishing to sound like a schoolteacherjudging
`‘ the class projects, I have honestly to say that it
`3 gets increasingly difficult to extract the best buy
`‘ and recommended products from the list. Any prod-
`‘ uct attempting to tackle the needs of a complex.
`l enterprise ecommerce environment has given it-
`, self a tall order anyway, and a brave one to whit.
`PentaSafe's WgilEnt Security/tgent
`for Web Servers gets a Recommended
`Award, reducing the trauma of a ca-
`tastrophe as it does by providing one
`click restoration of corrupted files, as
`well as being able to automatically
`restore a corrupted web site to its desired state.
`Proactively protecting your servers by auditing them
`; against security best practices and automating the
`management of security, VSA for Web Servers pro
`vides stepby-step instructions on how to fix identi-
`fied vulnerabilities. VSA for Web Servers also scans
`, systems to determine if the script mapping running
`: on the web server makes it vulnerable to Code Red,
`‘. Code Red It and Nimda. as well as scanning your
`i system to identify inadequate patch levels and flag-
`ging you if they are not up to date.
`~
`Okena's intrusion prevention
`Stormwatch, with its patent-pend-
`ing INCORE technology, also gets
`a Recommended Award. its ap-
`proach of protecting against uni-
`dentified threats by applying net-
`
`
`
`Web Server Edition is designed to protect
`both OS resources and web server applica-
`tions. It does so using three components —
`agents, console and a database of signatures
`and behavioral rules — while the server is the
`conduit of communication between these
`components.
`Agents are installed on each host you
`want to protect, forming a protective layer
`around the host operating system, provid-
`ing application—specific protection and
`monitoring the http data stream. Like most
`similar products, any requests to the operat-
`ing system are matched against the database
`of known security breaches and malicious
`behavior. Legitimate ones are passed on for
`processing, while suspected malicious re-
`quests are handled ztccordirtg to user—defined
`security policies.
`There is a distinct advantage though to the
`way the agent shields the configuration and
`resources of specified applications. Having
`scanned the host to find the applications it is
`designed to protect, the agent creates a set of
`rules for each application. Once a set of rules
`is created, it becomes part of the agent’s data-
`base and functions just like a signature. The
`most important advantage of this system is
`that applications are protected from unknown
`as well as known attacks, making them more
`difficult to subvert.
`Seven areas of application activity are moni-
`tored and these are worth listing because they
`show the impressive level ofprotection at the
`application level. Program files are protected
`from being modified, deleted, or in some cases
`
`m SC MAGAZINE March2002
`
`viewed, and any service related to an applica-
`tion is protected from being stopped, modi-
`fied or deleted. Only certain processes are given
`access to data files, while an applications reg-
`istry settings are protected from modification
`at the process level. User settings defined by
`an application cannot be changed or deleted,
`and any vulnerability in an application that
`might allow remote access to the system is
`blocked. Finally, protected applications are
`prevented from being misused to make unau-
`thorized changes to the system.
`You are free to configure four aspects of
`the Enterceptsystem: signatures, security poli-
`cies, exceptions and notifications. Four secu-
`rity levels categorize signatures, and while they
`come as defattll you can change them to suit
`your particular environment. info indicates
`changes to the systcni configttration that usu-
`ally occur during normal system activity, but
`thcmetically could create a ht-ttigtt security hole.
`Low indicates a modification that may be in-
`dicative of suspicious behavior that might cre-
`ate a more serious security hole. Medium
`indicates a known attack or highly suspicious
`behavior with low to medium risk, while High
`indicates a known attack or malicious behavior
`posing a serious threat to the system.
`Agents will respond to security events
`based upon their security policy, and there
`are four possible responses — ignore, log,
`prevent or terminate. Of course, some seem-
`ingly serious security alerts may be just some-
`body doing a routine task, and you can invoke
`the exception function to override a secu-
`rity policy in this instance.
`
`Page 7
`
`

`
`ofweh server security — CGI script vulnerabilities,
`frp utilities vulnerabilities. and bastion host serv-
`ices vulnerabilities. In short, the ESM for
`'lA"'¢‘l.l,\‘t'-'F‘lv"{.'l'$ module extends Enterprise Security
`Mnmager’s security policy compliance and vul-
`nerability assessment capabilities, providing ad-
`ditional valuable infonrtation about the web
`servers in your enterprise network.
`it is important to understand that it is purely
`an additional module and does not replace any
`of the ESM features or perform operating sys-
`te in security checks. An ESM Agent installed on
`a web server will cater for about 80 percent of all
`necessarysecurity checks relating to the web serv-
`er‘s operatutg system and patch levels, while an
`installation of ESM for Welisrrvers [ills the gap,
`providing additional security checks specifically
`pertaining to web server vulnerabilities.
`ESM for Welrsrrvers need only be in-
`stalled on a single host that is already run-
`ni ng an Enterprise Sectrrily Manager Agent,
`and that Agent then conducts assessments
`over the network. A license will be needed
`for each web server to be scanned. This
`Agent will still communicate with the ESM
`l\-‘lanager, but it is not necessary for them to
`be installed on the same system. So, the
`bottom line is that ESM for Wet"iservers is
`installed on the E-‘SM Windows NT Agent.
`but it can also access web servers running
`on Windows 2000, UNIX and Linux plat-
`forms. Utilizing both Enterprise Security
`
`eserver Secure
`
`
`
`Version: 2.1
`
`supplier: Turillion Software Technologies
`Price: on application
`Contact: (800) 604-3228
`sales@turiIIion.com
`www.turillion.oom
`
`malicious weh—hased attacks by monitoring web
`requests directed at protected sewers and scan-
`ning for malicious patterns. it detects, logs. and
`controls I 18 web server requests based on at user-
`defined security policy. Somewhat similar to
`Vigilfitit Security Agent for Web Servers. cserver
`Secure provides protection and control access
`without requiring you to install frequent vendor
`sccttrity hot fixes and patches. Security, adminis-
`trative and activity lugging are provided. as well
`as remote log viewing, remote administration,
`and email—alert notification. The main benefit
`ofthis type ofsystem is that it reduces the main-
`tenance costs and considerable downtime asso-
`ciated with system patching and testing.
`Easy to navigate. with an intuitive GUI,
`the statistics tab displays information on a wide
`array of security activity, allowing administ ra-
`tors to view server activity statistics and verify
`security conliguratiotts in real time, as well as
`the current status of the server itself. You can
`clearly see the most recent attempted attacks,
`including date. time, source ll’ and attack sig-
`nature. When malicious activity is detected.
`cserver Secure can respond in either of two
`ways — deity the malicious request and close
`the connection. or deny the malicious request
`and redirect it. The recent audit events view
`lists the most recent aclmittistrator user activ-
`ity, including changes to the security policy,
`user logins. etc.. while the recent system events
`
`
`FOR Reduces the maintenance costs and considerable
`downtime associated with system patching and testing.
`AGAltts'_r None.
`Ifyou t""Hlt'!3_at1'e-
`in
`secui'ityintricacies,theneServerSecure is perfectforyou.
`
`_
`
`Features _
`_Ease_of use
`'
`_
`'
`Performance
`D0ct_lf£lTl3ll0n_ _ _
`
`Valu<=L'_;fQI'.I'i'|IlI_l'E.'tt.-.'
`overall Rating
`
`***~k~k
`‘_I_r_*~k'kirj
`*-**3'It*-‘it
`-~k-.-~k'*it
`3;‘.t'_='t"-'k.1tr.!£
`hffi
`*k‘k:_1_r_'.~kI
`
`_
`
`.
`
`e'DMZ Security offers the strongest
`combination of security and availability at
`the best cost. Based on experience gained in
`the financial services sector, our solutions
`have a proven record for stability and scale.
`Using our highly automated approach, we
`can deliver world class service at prices well
`below the industry average.This is the result
`of experience meeting ingenuity.
`
`NOW 0 F F E RING :
`YE; Managed Firewall Service
`Q Managed Unix Security Service
`Professional Security Services
`
`To find out more,
`Call us at 302-793-4984
`Go to our Web Site: www.e—dmzsecurity.com
`Or eMail us at contact@e—dmzsecurity.com
`
`SECURITY
`
`Your _
`Iniormatlon
`Securlttl
`
`AL LY
`
`Page 8
`
`

`
`security, theAdminStealth utility conceals the
`administrator GUI from non—admin staff.
`
`Again, like VigilEnt Security Agent for
`Web Servers, eSer1/er Secure is designed to
`counteract the damage done to IIS servers
`by the likes of Nimda and Code Red, and in
`fact it gives instant, out-of-the—b0x protec-
`tion from these. Web—based remote admin-
`istration capabilities eliminate the need for
`additional workstation software to admin-
`
`ister the eServer Secure application. Author-
`ized and unauthorized administration
`activities, including specific changes to the
`active security policy, are logged, while the
`DynamicAlerts feature reduces the number of
`alert emails you receive during Internet—wide
`web server attacks automatically. This is made
`possible through thresholds configurable alerts,
`ensuring that you only receive email alerts that
`are valid and absolutely necessary.
`Email alerting is obviously a vital component
`in a product like this, but ifyou have networki