|
`
`
`
`VOLUME 12 « No. 3
`Radware Exhibit 1016 Wd
`
`‘
`
`*¥*
`" at
`- Keeping IT Clean
`‘
`_ Preserving e-commerce . —
`' sites is a major issue
`* ™
`y
`-
`today. We look at 15 ‘> Aue =
`: solutions to preserve
`é
`‘ your website intact.
`’ PAGE 58
`
`
`=
`
`click here
`for online
`
`
`Bara ie eas
`“ar
`——
`
`f
`ut
`
` 7,0
`
`]SECURITY:
`\GAZINE
`
`Plastic Fantastic
`Smartcards and tokens
`are becoming more
`ubiquitous. We examine
`ten products which cover
`variousapplications.
`PAGE 50
`
`
`
`Page 1
`
`

`

`a ‘
`
`OPYRIGHT OFLS
`
`74a<
`a> -
`
`Ae,
`
`aaawet
`
`os
`
`
`
`vata)
`
`aaahieta
`
`Every day, more ofyour companyrelies on technology for information, communication and management. And every day,
`that technology needs more protection. Symantec”Enterprise TATATMT eeeCe
`ers maximum security with minimal impact on performance. We offer a comprehensive range of services to design and
`implementsolutions. And you canrely on our global response POLEA CHOIRSATTNCRIN CMUGey CTee OL
`NIETOaM OTRaedMOTRCLICRU1DAI Ce)a ECMCHATAULL
`COATTen TOELEMeUNLE14A TELLSLLLLASCCL FLeeWel MULLSeA
`
`
`
`Page 2
`
`

`

`
`
`
`lreST CENTER
`
`
`
`Plastic Fantastic
`
`The use of smartcards and tokens for various forms of security is
`becoming an everyday occurrence. Jay Bellamy examines 10 products
`covering a rangeof applications.
`
`MARKEY SURVEY
`58 Keeping IT Clean
`
`Intoday's complex networking environment, preserving ¢-
`commercesites is a major issue. Berni Dwan looksat 15
`solutions to help keep your website intact.
`
`Four of the latest hard- and software products looked at.
`
`46
`
`Product News
`
`PRODUCTS
`42
`First Looks
`
`File Protector makesit easyto
`keep yourfiles andfolders really
`Z|
`
`ueae Pee ovinemaneter
`EN invisibility’ options
`enta
`
`With IP address cloaking and
`AVprotection, GateLock
`oa
`i) X200 will keep you safe on
`the Internet.
`
`
`
`Thesturdy combinationlock and
`cable ofNotebook Guardian
`ComboLock are a good way
`to deter thievesfromstealing your laptop.
`
`44 Product Reviews
`former
`A unique product to ensure
`that your IDS is working as
`it shouldbe.
`
`|COVERSTORY
`98 Biometrics Technolog?
`Making Moves in the Security Game’ oh
`.
`.
`.
`Biometric technology seems to offer an ideal
`oe
`solution for secureidentification, based on who you
`"aye
`are. Illena Armstrong looks at some of the problems
`and possibilities.
`
`
` WWW. ecora.cominfosec
`
`v3
`ISECC Nby FEATURE
`IAS
`
`published 12 times 8
`SC Magazine™ (ISSN No, 1096-7974) is
`Worcester Road, Suite 201, Framingham, MAOL1701 U.S.A;
`Publishing
`yearon a monthly basis by West Coast
`phone (508) 872-9792:
`fax (508) 879-2755; Emall
`rdeyoung@westcosst.com. Periodicals postage
`
`Framingham, MA 01702 and additional mailing
`MASTER: Sand address changes to SC Magazine™, P.O Box
`101, Winchester, MA 01890-0101. Copyright © 2002 by West
`Ceast Publishing Inc: All tights resenied, Reproduction in
`Whole of part, of-storage In a-retrieval systom, ortransmirssion
`in any form withoutthe prior permission ofthe publishers in
` Marching Onwards
`ee ig Cee meee
`a
`inteUS,andGaneda hanasubsengonstoars:8,
`¢| As smartcards and tokensfinallyfind their placein today’s cyber and
`)
`Cann
`nd
`Mexico,
`7
`it
`fon
`(aibecvlasi:Single-copypricesU.S.,CanadaandMenico, $8;
`i physical security infrastructure, Illena Armstrong asks a numberofexperts
`other foreign, $16, Pisase enclose check or moneyorder, pay:
`ee
`|
`for their insight into where the technology is today. MORE eeeeeeeann aberrantaeees
`ie
`
`mar car S a I }
`
`O ens
`
`i
`
`i)
`
`.
`
`-—_
`
`a
`
`[)
`
`.
`
`Advertiser
`Computer Associates
`www.ca.convetrust
`CyberGuard
`
`www.cyberguard.com
`Ecora Corporation
`
`Page #
`21
`49
`
`24
`
`Advertiser
`Internet Security Systems
`www.iss.neVad/sc
`IDUG
`
`Page #
`
`Advertiser
`Silent Runner
`www,silentrunner.com
`Sonicwall
`
`Page #
`8
`13
`
`45
`
`14
`
`www.sonicwall.comvpncenter
`www.idug.org
`SSHCommunications Sec.
`NFRSecurity
`www.ssh.com
`www.nir.com
`Stonesoft
`PassGo
`61
`e-DMZ Security
`www.stonesoft.com
`www.passgo.com
`a
`Page # heapra
`Advertiser
`Avail
`ft
`Iron
`are
`4
`eeeetekg
`awtoaeetacon
`53
`www.infemetmanager.conY
`WaceooteanSymp.
`
`
`Aladin Knowledge Sytems, 47|SurfControl31 ao Pest Patrol
`
`WweAladdin.com/SC
`aauy Naca
`www.PestPatral.conypromo/sc03
`www.surtcontrol.com
`;
`55
`pGate
`43
`Fut . Soft
`:
`PriceWaterhouseCoopers
`Sybari Software
`{7
`33
`WWapngate.com
`wwcotter
`com!
`www.pwogiobal.cor/security
`wwwsyhar.com/ads!sc03
`
`Bindview 63|Symantec76. Lene eesclecs Sanctum,Inc.
`
`
`
`
`Beecon
`ear
`www.Sanctuminc.com
`65
`piereyrauconvses3
`ine
`37
`Global Technology Assoc.
`Sandstorm Enterprises,Inc.
`3
`22
`Tivoli
`www.sandstorm.net
`www.tivoli.com/safe
`CenunOscrypt com
`www.gta.com
`Unication Devices
`i
`Secure Computing
`Corp.
`Vanguard Enterprise Security
`26
`44
`Minioutofbandmanagement.com
`Seeanima Ing.
`19
`www,sobaadonputngcam
`www.Go2Vanguard,con/sci
`
`Scmagazine.com March 2002 SC MAGAZINE (2 Page 3
`
`Www,
`
`*,
`
`Page 3
`
`

`

`_ WEBSITE
`
`
`Searching for Onlin
`
`Both individuals and companieshavelegitimate fears
`that private data held digitally may be unlawfully
`accessed. Illena Armstrong explores someof the
`dangers and solutions.
`
`
`
`|
`
`
`
`saysit allt
`
`
`mae AS SC 2002 Awards
`www.scmagazine.com
`Bo aeatem Yourchanceto influencetheselection ofwinners inthis year’s Awards.
`EDITORIAL ADVISORY BOARD
`FirstUnionCorp.
`Barbara G. Cuffie Chief
`Security and tntegrity Branch
`Social Security Administration
`WeretciteVicePrien
`15 Commentary
`;
`InformationSecurity
`Institute
`Illena Armstrong The Body Slam InvadersofPrivacy ... or Not?
`ES
`PabicisGirrore
`Director ofInformation Security, Atomic Tangerine
`16 Executive Security Digest
`peteoe
`a be
`;
`+
`s
`+
`StratumScores $10Million/ITSecurityStart-Up Secures $5Million/RedSiren and ean
`CentralCommandTeam Up/Vendors HelpAustralian Companies/ZoneLabsandiPass
`eat tieeo
`WorkTogether/JointOrderforDatakeyandRainbow/WebsenseandSonicWALLPartner/
`InfpainSieSeerConsultant
`
`RSA, Waveset Team/CyberGuard ExpandsPresencein Europe/Imperito Opens HKand SayRadArter
`London Offices/NewSecurityResearch Company/FinallySoftware Opens U.S. Office/ a
`CaradasAdds NewExecutives/Kroll Hires NewDirector, D.C. Manager/NAl Expands
`CerimeeotectionManager
`European Team/Bush Appoints Microsoft CSO to CIPBoard
`RandolphN.SanovieGerwralDirector
`Information Systems Security
`20 N
`GeneralMotorsCorp.
`ews
`CoreyD. Schou ProfessorandChairman
`aa
`Computer Information Systems
`U.S. and global security issues.
`MLSTick
`Security Business Security Manager
`Industry Watch
`SBCServices,Inc.
`‘Good’ Viruses Crucial to Self-Healing Internet by Cyrus Peikari.
`SatebeasePaespoe foKonjnforenationseen
`Heeeseesrows, Upoomingeverisanstr
`*
`re}
`, EES, Uy
`72 Events 2002
`editorialcopyareselectedtoprovideaPacodtianadnee
`sane Seeeen See, technologie
`ee
`Services,
`ucts
`a
`eit applications, West Coast
`Conferences and Exhibitions for the next three months.
`lishing Ing. raserves the right o refuseeny material that
`does not conform toits policies. West Coast Publishing inc,
`isnot responsible for the content, representations or opin
`jons in
`submitted material and interviews, both editorial and
`74 The Last Word
`Beeman, orfortranscriptionandFaprodutionerrors,
`nor can they be held jegally responsible for any Injuryand/or
`Looking Out vs. Looking In by Harold Kester.
`ieeoiyhad-pelgeenhcnaLeehabishendta
`astliepropertyoftheirrespectiveowners, 9 Advertisers’ Index MORE == VWBPA
`
`You wantthelatest
`information security news?
`
`|
`
`
`
`
`
`
`Peter Browne Senior VicePresident
`InformationSecurity Division
`
`e
`
`es
`
`e
`
`
`
`dati
`
`>
`
`SEC
`
`i
`
`material published herein.All trademarks are acknowledged
`
`
`
`72
`
`|
`
`The name
`
`AR An, een RAL ANNY
`
`www.scmagazine.com
`
`Page 4
`
`

`

` A
`
`
`
`
`
`real-time accessis the whole pointof the exercise.In
`It’s all a questionoftrust, and secure,
`.
`es usually deploy web applications somewhat hur-
`fact, it is probablytrue to say that compani
`riedly, anxious to make newfeaturesavailable to customers. Testing for securityholes there-
`fore is usually way down thelist of priorities, not to mentionthe fact that the specialized
`expertise andfinancial resources required for suchatask is notreadily available.
`
`
`
`Doubtless, many web server deployments
`are done ona winganda prayer,butthis could
`hardly have been the case with the U.S. De-
`partmentofJustice web site whereJanet Reno's
`picture was replaced with one ofAdolph Hit-
`ler. It’s a fact oflife that network topologies
`are becomingridiculously complex and that
`the roller coaster progression of e-commerce
`as the de facto standard of conducting busi-
`ness is doing nothing to appeasethis situa-
`tion. Do wetrust the concoction of computer
`technology that enables us to engage in e-busi-
`ness? If the answeris yes, then we will not
`require anyof the networksecurity, web server
`security, intrusion detection and vulnerability
`testing, anti-virus,firewall or virtual private
`network (VPN) products currently available.
`If the answeris no, then we must embark on
`a fact-finding mission to ascertain the correct
`mix of products to protect our e-assets. The
`hardware, software, systems and applications
`that make today’s business possible have also
`transformedourpreviously safe environment
`into a veritable minefield, and by merely en-
`gagingin e-business we have becomerisk tak-
`ers extraordinaire.
`
`SC MAGAZINE March 2002
`
`Protecting applications raises the goalpost,
`presenting businesses with new challenges un-
`like those associatedwith protecting the network.
`Traditional securityproducts targeted the biggest
`threats that emerged as computer networking,
`email and web applications were adopted bycor-
`porations. These were perimeter protection
`(firewalls), network protection (network-based
`intrusiondetection)andfile-based security (anti-
`virus), and corporations purchased the products
`to solvethese security issues. But these technolo-
`gies do not address new attacks that circumvent
`existing protocolsto attack applications, or new
`content-based attacks that attack systems be-
`fore vendorsare able to release and distribute
`signaturesand other countermeasures, as pointed
`out in OKENA,Inc’s Technology Best Practices
`forIntrusion Prevention (www.okena.com).
`Here'sjust a taste ofwhat you are up against:
`changes to information in hiddenfields, e-shop-
`lifting, tampering with CGI parameters, modifi-
`cation ofdata in unencrypted cookies, planting
`malicious codein text fields, and use of debug
`options or backdoors left in applications. And
`you thoughtyou onlyhad to worry aboutdebas-
`ing the site and information theft! Changing
`
`hiddenfieldsis a good example wecan all relate
`to ifwe have merely tinkered with HTML. Of-
`ten included in web pages to maintain session
`information suchas price, hiddenfields arejust
`that, and the regular user is oblivious to them
`However,ifthe useropens the page in an HTMI
`editor, whichis easy to do, the hidden fields art
`revealed and can bealtered(if the user is mali-
`cious), enablingproblems such ase-shoplifting.
`Notwo applications are alike, and applice-
`tions that are alike are used differently by each
`organization. This moveablefeast then, needs
`something morethan traditional network secu-
`rity to captureall its foibles. These foibles, as
`outlined by KaVaDo on their web site
`(www.kavado.com/threats.htm), include ITin
`frastructure vulnerabilities and misc-
`onfigurations, third party andcustomized solt-
`warevulnerabilities, and database manipulation
`and vulnerabilities. With software bugslegion,
`it’s a battle of the patches out there.
`Exploiting
`IT
`infrastructure
`vulnerabilities is probably the easiestway to
`attack an application, as there are literally
`thousands of known vulnerabilities in the
`basic components commonlyused to set up
`
`www.scmagazine.com
`
`Page 5
`
`

`

`
`
`
`
`Version: 4.0
`Supplier: Sanctum Inc.
`Price: onapplication
`Contact: (408) 855-9500
`sanctumsales@sanctuminc.com
`www.sanctuminc.com
`
`FORThereis even an optionto hide sensitive datalike
`passwords andcredit card numbers in logfiles! It's easy
`to do andit works.
`AGAINST None.
`VERDICTThis is a massive product, and | haven't even
`scratched the surface.Itis sophisticated with an
`incredible range of services.
`
`Revert Configuration command andtry again.
`There are four configuration modesavailable
`that should cover the majority of network
`topologies. Tasks like certificate installation
`that could prove tedious if you have lots of
`web servers can be dramatically simplified
`using the copy procedure. You only need to
`install a certificate on one web server and
`merely edit the IP address andport on all
`an integrated Internet environment, This
`eaves service providers with the permanent
`subsequentservers.
`AppShield employs URL mapping, and
`ongoing task of upgrading and patching
`this could be a vital feature for readers with
`their systems to preventthose vulnerabilities
`higher than average security requirements.
`from compromisingthesecurity ofthe whole
`An embeddedreverse proxy feature, it ena-
`environment. But attackers, keeping them-
`bles you to map a route for requests received
`selves up to date with new vulnerabilities;
`through AppShield, from the requested URL
`find it extremelyeasy to penetrate the serv-
`to a different URL.This is completely trans-
`ice provider environment.
`parent to the client andits implementation
`Third party and customized software
`is extremely advantageous, the most obvious
`vulnerabilities provide attackers with endless
`being that true path information and direc-
`opportunities to penetrate systems,as creating
`tory structures are hidden.
`and maintaining asecure http-based applica-
`You can define the level of security you
`tion is a burdensometask requiring constant
`want AppShield to perform on yoursite or
`quality assurance andsecurityanalysis. Custom-
`customize your ownlevel. There are three
`izing softwaredevelopedbythird-partyvendors
`
`Features
`kkk
`predefined levels available:strict, intermedi-
`
`exposesyou both to errors madeby thesoftware
`Ease of use
`KKK
`ate and basic. These are designed by Sanctum
`
`vendorand to vulnerabilitiescreated during the
`Performance
`wk kkk
`to hit the optimal balance between ease of
`
`Documentation
`kkkkk
`customization process.
`configuration andthelevelof security desired.
`
`‘The database,being the heart of mostsys-
`Suppo
`TRI
`Whichever one you choose, you canselect an
`
`tems, is themostlucrativetargetto attack. While
`Valuefor money
`na
`enforcement modeof active or passive de-
`
`Overall Rating KK IK
`the databaseitself is usually secured,it is still
`pending upon whether you want active pro-
`open tothe application usingit. Because inmost
`tection or merely logging of securityalerts.
`cases applicationsneed to perform both read
`Mostproductsin the business of web server
`and write operations, theapplication is usually
`protection do the regulation blocking, log-
`authorized to interact freely with the database.
`ging and alertingoftheillicit activity, but
`While that problem can be addressed by care-
`AppShield goes a step further by actually
`fully defining access rights in a modestsystem,
`sending a warningto the possible perpetra-
`this approach becomes insurmountable in more
`tor that the questionable behavior has been
`complex systems. The multitude ofdifferent
`detected and recorded. AppShield is a 24/7
`interfacesand maintenance applicationsaccess-
`automated web application firewall secur-
`ing the same database militates against design-
`ing both your site and applications even if
`your site generates content dynamically or
`ingafail-safe system.
`So whatare weto doin theface ofthese new
`you continually develop and launch newap-
`vulnerabilities eloquentlydescribedbyKaVaDo?
`plications, Employing Sanctum’s patented
`Well, Okena have listed ten bestpractices that
`Policy Recognition engine, AppShield cre-
`can beappreciated by anyreader, regardless of
`ates, automatically and on thefly, rules for
`their productloyalties, They advise host-based
`legitimate behavior based on the HTML code
`protection, enforcingsecurity atthe desktops
`within the page.It is then able to check that
`and servers, wherethe actualworkis performed
`every request conformsto the specific policy
`and the potential for damageis greatest. “As
`for that user session andpage.It is also worth
`technologies such ashigh-speed networks,
`noting that AppShield is the first security
`product to achievecertification for web ap-
`switching, and end-to-endencryption aremore
`widelyadopted, providingdesiredsecurity atthe
`plication policy enforcement (WAPE) from
`networklevel becomes a major challenge.” Re-
`ICSALabs.
`gardingreal-timeprevention decisions theysug-
`The current dichotomy of e-commerce
`gest that application calls must be intercepted
`lies in the fact that at one end of the spec-
`at thekernellevel. Recognizingthat attacks have
`trum you have economic success, while at
`multiple phases, they advocate a defense in
`the other end you have an explosion of new
`
`Features
`depth, where each phase ofan attackgets a re-
`software code to keep abreast of dynamic
`
`Ease of use
`sponse,byintercepting allmajor points ofcom-
`web applications, which need constant
`
`Performance
`munication between applications and the
`patching and updating to remain secure.
`Documentation
`
`Really a web application firewall, AppShield
`underlyingsystem.
`
`Support
`Theproducts in this marketsurvey address
`secures the website by blocking anytype of
`
`Value formoney_na
`all theproblems discussed above, anda lotmore
`online application manipulation.
`
`Overall Rating Kaka
`besides. I worry sometimes though, whenI see
`L always warmto a systemthatgives you an
`product literature describing everypossibleval-
`escape route if you mess up, and AppShield
`nerability ingreatdetail,and howthey occur. Is
`has some handy escapefeatures. For example,
`this fodder for the malicioususer, or did they
`eachtime you modify theAppShield configu-
`know all ofthis already anyway?
`
`
`
`Version: 2.0
`Supplier: Entercept Security Technologies
`Price: on application
`Contact: (800) 599-3200
`sales@entercept.com
`www.entercept.com
`
`FORInstant update feature opens a secure connection
`to Entercept Security Technologies to automatically
`download updates.
`AGAINST None.
`VERDICT Easy to configure and use, providing
`excellent application and system protectionfor
`web servers.
`
`
`
`A host-based,real-time intrusion prevention
`and security enforcement system,Entercept
`
`March 2002 SC MAGAZINE Ey Page 6
`
`Page 6
`
`

`

`
`
`
`
`
`
`
`
`
`
`
`
`
`cy SC MAGAZINE March 2002
`
`www.scmagazine.com@d@ 7q
`
`Security Manager
`with ESM for Webservers
`
`=3=
`
`3:a
`
`Version: 5.5 and 1.0
`Supplier: Symantec
`Price: on application
`Contact: (408) 253-9600
`Fax (408) 253-3968
`Www.symantec.com
`
`FORWith Live Update capabilities and secure remote
`update functionality, administrators can safely deploythe
`latest security check agents wortdwide via the Intemet.
`AGAINST None.
`VERDICT Provides a comprehensive security analysis of
`
`|
`
`
`
`work-wide intelligent agents on workstations
`| Not wishing to soundlike a schoolteacherjudging
`and servers to enforce appropriate behaviors
`'the class projects, | have honestly to say thatit
`is clever. StormWatch takesa layered approach|
`' gets increasinglydifficult to extract the best buy
`that responds to each stage of an attack
`_ and recommended productsfrom thelist. Any prod-
`lifecycle. While it proactively defends against
`‘uct attempting to tackle the needs of a complex,
`attacks at the hostlevel, it goes on to pre-
`| enterprise e-commerce environmenthasgivenit
`vent network damageif its host protectionis
`| self a tall order anyway, and a brave oneto whit.
`defeated. The StormWatchpolicy rules as-
`=
`PentaSafe's VigilEnt SecurityAgent
`signed to each server and workstationare ap-
`for Web Servers gets a Recommended
`plication-centric access control rules and are
`Award, reducing the trauma ofa ca-
`not based on usersor IDs.
`tastropheasit doesbyproviding one-
`Best Buy goes to MFX's
`click restoration of corruptedfiles, as
`WebSiteLock for its novel object
`well as being able to automatically
`code technology (OCT). OCT does a
`_ restore a corrupted website to its desired state.
`byte-by-byte comparison between a
`Proactively protecting yourservers by auditingthem
`working copy ofa file and a master
`against security bestpractices and automating the
`copy of the samefile, and if any
`managementof security, VSA for Web Servers pro-
`byte difference is detected, the workingfile is
`vides step-by-step instructions on howtofix identt-
`corrected at the byte level rather than replacing
`| fied vulnerabilities. VSA for Web Serversalso scans
`the entire file. Employing this rather than the
`_ systemsto determineifthe script mapping running
`more commonly used checksum method ensures
`onthe web server makesit vulnerable to Code Red,
`file integrity. Furthermore, WebSitel.ockliterally.
`| Code RedII and Nimda, as well as scanning your
`locks the contents of your website, and protects
`system to identify inadequate patch levels and flag-
`the files available to public users from any form
`ging youif they are not upto date.
`of tampering. As well as being an intrusion detec-
`Okena’s intrusion prevention
`
`tion system through its immediate reporting of
`StormWatch, with its patent-pend-
`Features
`
`any attack to the system administrator,
`ing INCORE technology, also gets
`Easeofuse
`
`WebSiteLock facilitates an immediate and au-
`a Recommended Award. Its ap-
`Performance
`
`tomatic rebuild of any damagedordeletedfiles
`proach ofprotecting againstuni-
`Documentation
`
`with the original files.
`dentified threats by applying net-
`Support
`
`Valveformoney_1
`Overall Rating KKK
`
`viewed, andanyservice related to an applica-
`Web Server Edition is designed to protect
`tion is protected from being stopped, modi-
`both OS resources and webserver applica-
`Enterprise Security Manageris a comprehensive,
`fied or deleted. Only certain processes are given
`tions. It does so using three components —
`policy-based security assessment and manage-
`access to datafiles, while an application’s reg-
`agents, console and a database of signatures
`ment toel, which intelligently assesses network
`istry settings are protected from modification
`and behavioral rules—while the server is the
`vulnerabilities with over 1,500 security checks,
`at the process level. User settings defined by
`conduit of communication between these
`on WindowsNT4.0, 2000, XP, Solaris, HP-UX,
`an application cannotbe changed ordeleted,
`components.
`AIX, Linux, IRIX, Digital UNIX, NetWare,
`and any vulnerability in an application that
`Agents are installed on each host you
`Sequent and VMS. ESMsecurity checks provide
`might allow remote access to the system is
`wantto protect, forming a protective layer
`protectioninthree key areas —user accounts and
`blocked. Finally, protected applications are
`around the host operating system, provid-
`authorizations, networkandserversettings,file
`prevented from being misused to make unau-
`ing application-specific protection and
`systems anddirectories.It takes the approach of
`thorized changesto the system.
`monitoring the http data stream. Like most
`managingsecurity through vulnerability assess-
`You are free to configure four aspects of
`similar products, any requests to the operat-
`mentandpolicy compliance, from a central con-
`the Entercept system:signatures,security poli-
`ing system are matchedagainst the database
`sole and/or delegate control over sections to
`cies, exceptions and notifications. Four secu-
`of knownsecurity breaches and malicious
`different individuals, even over the Internet.
`rity levels categorize signatures, and while they
`behavior. Legitimate ones are passed on for
`Like someother vulnerability checking prod-
`comeas default you can change them to suit
`processing, while suspected malicious re-
`ucts in this market survey ESM checks multiple
`your particular environment. Info indicates
`quests are handled according to user-defined
`systems simultaneously for deviations fromse-
`changes to the system configurationthat usu-
`security policies.
`curitypolicies, such as missing OSpatches, inap-
`ally occur during normal systemactivity, but
`Thereis a distinct advantage thoughto the
`propriate user passwordsettings, unauthorized
`theoretically could create a benignsecurity hole.
`way the agentshields the configuration and
`privileges, incorrectfile access, changesto secu-
`Lowindicates a modification that may be in-
`resources of specified applications. Having
`rity settings, and incorrect systemconfigurations.
`dicative ofsuspicious behaviorthat mightcre-
`scannedthe hostto find the applicationsit is
`Vulnerability checking and policy complianceis
`ate a more serious security hole. Medium
`designedto protect, the agentcreatesa set of
`an automatedaffair forall systems across the
`indicates a knownattack or highly suspicious
`rules for each application. Onceaset of rules
`enterprise from a single location. This means
`behavior with low to mediumrisk, while High
`is created,it becomespart of the agent’s data-
`automatically measuring security on servers,
`indicates a knownattack or malicious behavior
`base and functionsjustlike a signature. The
`workstations, routers, hubs, applications, and
`posing a serious threat to the system.
`most important advantage of this system is
`even databases.
`Agents will respond to security events
`that applications are protected from unknown
`While ESM focuses on network resources
`based upontheirsecurity policy, and there
`as well as knownattacks, making them more
`and the policies appliedto protect those resources,
`are four possible responses — ignore, log,
`difficult to subvert.
`ESMforWebservers, a modulethat sits ontop of
`prevent or terminate. Of course, some seem-
`Sevenareasofapplicationactivity are moni-
`ESM,uses a network-based assessmentapproach
`ingly serious security alerts may be just some-
`tored and these are worthlisting because they
`to actively examine webservers in an enterprise.
`body doing a routinetask, and you can invoke
`showthe impressivelevel of protection at the
`Itthen reports the vulnerabilities it finds on the
`the exception function to override a secu-
`application level. Programfiles are protected
`ESM Enterprise Console. Each of the 270+ se-
`rity policy in this instance.
`from being modified, deleted, or in some cases
`
`Page 7
`
`

`

`
`
`eServer Secure
`
`
`
`Version: 2.1
`Suppiler: Turillion Software Technologies
`Price: onapplication
`Contact: (800) 604-3228
`sales@turillion.com
`www.turillion.com
`
`FOR Reducesthe maintenance costs and considerable
`downtime associated with system patching and testing.
`AGAINST None.
`‘VERDICT Ifyou wanttoconcentrate onrunningan&
`
`security intricacies,then eServerSecures perfectforyou.
`
`ofweb server security— CGIscript vulnerabilities,
`malicious web-based attacks by monitoring web
`ftp utilities vulnerabilities, andbastion hostserv-
`requests directedat protected servers and scan-
`ices vulnerabilities. In short, the ESM for
`ning for maliciouspatterns.It detects, logs, and
`Webservers module extends Enterprise Security
`controls IIS webserver requests based on a user-
`Manager's security policy compliance and vul-
`defined security policy. Somewhatsimilar to
`nerability assessmentcapabilities, providing ad-
`VigilEnt Security Agent for Web Servers, eServer
`ditional valuable information about the web
`Secure provides protection and control access
`withoutrequiring youto install frequent vendor
`servers in your enterprise network.
`[tisimportant to understandthatit is purely
`security hotfixes and patches. Security, adminis-
`an additional module and does not replace any
`trative andactivitylogging are provided,as well
`as remote log viewing, remotead ministration,
`of the ESM features or perform operating sys-
`temsecurity checks. An ESM Agent installed on
`and email-alert notification. The main benefit
`4 webserverwill cater for about80 percent ofall
`ofthis type ofsystem is that it reduces the main-
`necessarysecurity checksrelatingto thewebserv-
`tenance costs and considerable downtime asso-
`er’s operating system and patch levels, while an
`ciated with systempatching andtesting,
`Easy to navigate, with an intuitive GUI,
`installation of ESM for Webserversfills the gap,
`providingadditional security checksspecifically
`thestatistics tab displays information on a wide
`pertaining to web servervulnerabilities.
`array of security activity, allowing administra-
`ESM for Webservers need only be in-
`tors to view serveractivity statistics and verify
`security configurationsin real time,as well as
`stalled ona single host thatis already run-
`ning an Enterprise Security Manager Agent,
`the currentstatus of the serveritself. You can
`clearly sce the most recent attempted attacks,
`and that Agent then conducts assessments
`over the network. A license will be needed
`includingdate, time, source IP and attack sig-
`nature. When maliciousactivity is detected,
`for each web server to be scanned. This
`Features
`ss
`kkkkk
`
`Agentwill still communicate with the ESM
`eServer Secure can respond ineither of two
`Easeofuse
`KKKKK
`
`ways — deny the malicious request and close
`Manager, but it is not mecessary for themto
`Perfomance
`i kek
`
`be installed on the same system. So, the
`the connection, or deny the malicious request
`Documentation
`KKKIK
`
`bottom line is that ESM for Webservers is
`and redirect it, The recent audit events view
`Suppor_
`KRKKK
`
`lists the most recent administratoruser activ-
`installed on the ESM Windows NTAgent,
`Valueformoney.
`n/a
`:
`
`ity, including changes to the security policy,
`but it can also access web servers running
`
`Overall Rating KKK
`on Windows 2000, UNIX and Linuxplat-
`userlogins, etc., while the recent system events
`forms. Utilizing both Enterprise Security
`
`
`Or eMail us at contact@e-dmzsecurity.com
`
`oe a a a
`(a
`Information
`Security
`WAAG
`
`e-DMZ
`
`@-DMZ Security offers the strongest
`combination of security and availability at
`the best cost. Based on experience gained in
`the financial services sector, our solutions
`have a proven record for stability and scale.
`Using our highly automated approach, we
`can deliver world class service at prices well
`below the industry average. This is the result
`of experience meeting ingenuity.
`
`NOW OFFERING:
`‘we Managed Firewall Service
`tj) Managed Unix Security Service
`ts) Professional Security Services
`
`To find out more,
`Call us at 302-793-4984
`Go to our WebSite: www.e-dmzsecurity.com
`
`
`
`Page 8
`
`

`

`
`
`security, the AdminStealth utility conceals the
`administrator GUI from non-adminstaff.
`Again, like VigilEnt Security Agent for
`Web Servers, eServer Secure is designed to
`counteract the damage donetoIIS servers
`by the likes of Nimda and Code Red,and in
`fact it gives instant, out-of-the-box protec-
`tion from these. Web-based remote admin-
`istration capabilities eliminate the need for
`additional workstation software to admin-
`ister the eServer Secure application. Author-
`ized and unauthorized administration
`activities, including specific changes to the
`active security policy, are logged, while the
`DynamicAlerts feature reduces the numberof
`alert emails you receive during Internet-wide
`webserver attacks automatically. This is made
`possible through thresholds configurablealerts,
`ensuring that youonly receive email alerts that
`are valid and absolutely necessary.
`Email alerting is obviously a vital component
`in a productlike this, but ifyou have networking
`problemsall is notlost. Mail queuedelivery will
`tell eNotify whether or not to temporarily store
`alerts to file if the mail server is unreachable.
`Whendisabled, eNotify will continue reading
`the eventlog, but will dropalertsif it can’t send
`them to the mail server. When enabled, eNotify
`will save alerts to disk and send them all in a
`single consolidated message whenthe mail server
`resumes operation.
`
`iChain
`
`
`
`
`
`
`
`Windows NT/2000
`
`
`Version: 2.1
`Supplier: KaVaDo,Inc.
`Price:
`from $15,000
`Contact: (800) 239-3203
`sales@kavado.com
`www.kavado.com
`
`FOR/nterDois easyto install, highly scalable,flexible,
`and can support numerousapplications simultaneously
`without any modifications to the applications
`themselves.
`AGAINST None.
`VERDICT /nterDo delivers comprehensive and
`adaptable applicatiomayer security, and its open
`architecture is designed to meet the unforeseen security
`needsofthe future.
`
`Features
`Ease of use
`Performance
`Documentation
`Support
`Value for money
`Overall Rating
`
`"
`
`suppliers. The bigger youare, the more applica-
`tions, systems, networks and platformsyou will
`have.It’s a jungle outthere, but it’s a revenue-
`generating one and you wantto keepit that way,
`so you need an all-encompassing gatekeeper to
`guard youronlineassets andtransactions. iChain
`is one productthat is suitable for a complex,
`enterprise e-commerce environment, allowing
`you to secure your web-based activities, control
`user access, and provide usersingle sign-on to
`virtually all web-basedapplications and content.
`Its proxy serverreplaces the regular web server as
`the public interface to a customer’s website, con-
`sequently adding an extra layer of security to
`yournetwork.
`As a key componentof Novell’s access man-
`agementsecurity solutions, {Chain can tamethe
`complex enterprise beast by creating a security
`infra