Teros-100 APS 2.0 Offers New Ideas in Web App Protection

 
 
By Timothy Dyck  |  Posted 2003-02-21 Email Print this article Print
 
 
 
 
 
 
 

New products in the web application firewall space may offer the best approach to protecting Web applications from attack.

There are now three significant players in the Web application firewall space, a field that I think offers the best approach to protecting Web applications from attack. Teros (former Stratum8 Networks) separates its Teros-100 Application Protection System offering from Sanctums AppShield and KaVaDos InterDo, by shipping it as a 1U rack appliance for ease of installation, security hardening and overall reliability, key for an in-line network device. Teros-100 APS also provides SSL acceleration in hardware, something that less expensive software-only options, such as AppShield and InterDo, dont have.
All three products have the same core approach: They turn HTTP from a stateless protocol to a statefull one, inspecting each connected clients session to determine if a URL and parameters being submitted are a valid response, given pages the client has already seen. This approach stops worms cold because they use canned attack HTTP requests that dont lie within the set of allowable initial session URLs.
I spoke with Teros CTO and co-founder Abhishek Chauhan and VP of Marketing Tom Bennett about the Feb. 18 launch of the companys 2.0 appliance. The most interesting thing they mentioned was a new set of business policy modules that go much deeper into HTML pages to look for specific types of data. For example, the Teros-100 APS 2.0 box uses a pattern recognition algorithm to look for credit-card-number-like strings, and will block pages that have more than one credit card number in them or only allow the last four digits of the credit card number through.
Another option looks for password pages and automatically checks user passwords to see if they meet complexity requirements. This is done in real time and without any changes to the source application—the box will dynamically redirect users to a custom error page if it needs to break into the data stream. It also offers defacement prevention: Certain pages can be digitally signed to ensure their content doesnt change or pages can be blocked based on stopwords (e.g. "hax0r") or blocked if they lack approved works (such as a copyright banner). Positive page filtering is a good way of stopping application server or database error messages from accidentally getting through to clients. In other areas, Teros-100 APS 2.0 has a new ability to set different security rules and delegate administrator functions on an application-by-application basis—a major increase in flexibility, but also something that InterDo already provides. Generated security rules are also now generalized into classes to make them easier to manage, and the box offers automatic hot failover to a backup Teros-100 APS when used in a redundant pair. Deep page-scanning techniques, combined with pattern recognition algorithms, allow for whole new classes of protection rules to come into force, and its an approach that will pay off. How do you protect your Web applications? Let me know at timothy_dyck@ziffdavis.com.
 
 
 
 
Timothy Dyck is a Senior Analyst with eWEEK Labs. He has been testing and reviewing application server, database and middleware products and technologies for eWEEK since 1996. Prior to joining eWEEK, he worked at the LAN and WAN network operations center for a large telecommunications firm, in operating systems and development tools technical marketing for a large software company and in the IT department at a government agency. He has an honors bachelors degree of mathematics in computer science from the University of Waterloo in Waterloo, Ontario, Canada, and a masters of arts degree in journalism from the University of Western Ontario in London, Ontario, Canada.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel