|
|
|
Review: Teros-100 APS 2.1.1
By: Timothy Dyck
2003-05-28
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
Security-conscious organizations will find Teros-100 APS a powerful ally in the battle to prevent Web application and Web server bugs from leading to total security compromise.
|
EXECUTIVE SUMMARY
|
|
Teros-100 APS 2.1.1
|
| Security-conscious organizations will find Teros-100 APS a powerful ally in the battle to prevent Web application and Web server bugs from leading to total security compromise. Like others in its class, this Web application firewall is still immature, but Teros-100 APS high-level content filtering features make it stand out and provide current users with a glimpse of what tomorrows security tools will look like. Teros-100 APS costs $25,000, or $30,000 for a model with hardware SSL acceleration.
|
| KEY PERFORMANCE INDICATORS |
| USABILITY |
GOOD |
| CAPABILITY |
EXCELLENT |
| PERFORMANCE |
GOOD |
| INTEROPERABILITY |
GOOD |
| MANAGEABILITY |
GOOD |
| SCALABILITY |
GOOD |
| SECURITY |
EXCELLENT |
|
PRO: Provides credit card, Social Security number, anti-defacement and other high-level content filtering features; offers comprehensive yet straightforward statistical analysis of actual site traffic for determining normal application behavior.
CON: Costs more than competitors; no protection for Web services.
|
EVALUATION SHORT LIST
• Kavados InterDo
• Sanctums AppShield 4.0
|
Teros-100 APS is a 1u (1.75-inch) rack-mountable security appliance. The product has only been on the market since last May, and the Version 2.1.1 release we tested started shipping last month. Teros-100 APS costs $25,000 or $30,000 for a model with hardware SSL (Secure Sockets Layer) acceleration.
Of the three products we tested, Teros-100 APS showed the most potential in terms of what a Web application firewall should be able to do. Its ability to recognize and control transmission of business objects, such as credit card numbers and Social Security numbers, is unique and provides instant value to organizations that need to quickly implement strong security and privacy controls for customer data.
Teros-100 APS provides six high-level content protection features in addition to the HTML protocol-level checks that the product provides out of the box.
Teros-100 APS credit-card-blocking features support real-time recognition of American Express, Diners Club, Discover, Japanese Credit Bureau, MasterCard and Visa credit card numbers, and we could use the product to configure a Web application to never be able to transmit a credit card number or limit each Web page to contain a single credit card number.
Teros-100 APS actually calculates a credit card checksum to determine if a given string of digits is a valid credit card number and of what type. In testing this feature, a random string of 16 digits was let through, but a page containing a real Visa card number was terminated at the spot the number began.
A module for blocking Social Security numbers provided similar protection, while a built-in dynamic password-complexity checker reported (but did not take any other action) the number of insecure passwords submitted by users, along with the total number of passwords seen.
An anti-defacement page-watermarking feature prevented the Web server from displaying pages that were different from their approved versions. Teros plans to add in a late-summer release the ability to save watermarked pages and provide these saved pages in case of a defacement.
All these functions are impressively innovative but have implementation flaws. Error handling was inconsistent in our tests—the content-protection features simply terminated connections. In other parts of the product, meanwhile, we could display a friendly, custom error message that looked as if it were part of our application.
Also in This Feature:
Review: InterDo 3.0
Review: AppShield 4.0
West Coast Technical Director Timothy Dyck is at timothy_dyck@ziffdavis.com.
|
|
�������x}ks㶲*�Q3CO#d[�Ķ|,8*-EB�c!)J
/=hɏ��6�Fh|Ggg�D]ݴ1p͙M5��5|zg`HRsgޅ�-34
@oRQP
Ġ�x�nwݶN`P'~ �C���᳙*,�Q ���H5��K&�O|gM$ƮlM1
dčű5m2�f
�E1;'��I�� ¹M���J��D��ERz�GEQ=-Dm:\'��*GUn�Spca_ʞ��y5"h4"j��;^��;�z~;B�08`T�K
<[��@Sա*"U�{Q5hw��/E� /B1r!f-{4�?L*-�D�FL$�E$�f�=��Qw^C]õ]��Z.R͌e�:o� tG
ob=u�ק&Y!
.�$g�>�N_FBԿRK�8VR=/y�
y�=@q�(r�_7P7nǾ;s�270Q(9a�&�ԃ �C(p}=\'�t( .�Eӝfؖq[th(�V*Z]Q�Kru_)�:?Wcm9��2+�[ѾRU5MQ/z� �`h-vtu]+i0��n{'ݏwyq �p,owDj�0QEVKi���-�D,{/B��oVqW-hZIAv��ina�[�E�4bEU}dN"?[ڗu&u}Y6f0Zi�C�A+WtW?#;ˠjqszr|qӹ�wIAұ,Oȯgs�`HםBm۲ܾ,BZKE�k�a(7fh�X@�?$eR2-L9��Z��u��t �+Py۬ M�Z!r)
uK_3Q8�n�ZK}0�[RFp&�\� Д��Q�Cלذ�1�"%��hJyO�Ջ�"�}Et"Aͩ8
(J�!bN3tɋ �BD4?CzC7=aB+Y,h."�W-}jY[6'jtamIi3_�e�ޡ:ip>!e.ڽ^}�8^%gk�,]ev"JB0qkꛛZϏRa�^TU���G��'&-d`q86acJݤ#}fE=�~A��A�ӧIz|JMk6m�uI=D�C#���mxq=Z.3+ԍE��Xn`NtcI�4�X�(}Zc�Og6�/|�\a��֔�^탉�i$�>6(Z\?�tM0I���3)к`��oa2aP�#[
�JC=�ˋ�F0���P6
=�� 2/?C!nH�}�P(��+�9=P��lmNl}h`1 >5g�%�tN\IQ�o�'��2)%%E29 E�EK�y3@� $h�-4`��z.��́m�bo$H�XVph�T6ݞ�H:w@T�*esRأXB�Y�X/E_R�23#Cdɬa���X�91{M�f�T`"[ᛥLKa�k`FX,CMۯ!M{�ڣeXc�}= 3̲M҂%�Ll;!9?f! s WQ�'�:� x�BoBCEs;J`|Ͱ"̴b֜�Eu4>�du �4��ƉeLH|��B3} H8M{lzΐ=϶Y$uu�K�\w;u`漇�d:Nk'hm7?>{@O-\n�GhIO3iy>grGֶ-o� �*� j�J=WsF���A|5
�i!sL&Ze�on<�Gy�5&㓫(\=PӔ�f�+b*q��(�t�P\O�&ō4�)�BЊO}�=?ٲJb-Yֽ(Uע�%fcPou�JiO_�%��9&ےx��A-ʘ�ŗZZG"��J�P0K+e�zlxy���D62�Ci�n
Py�\�1���=0�\ReeZ�pdҶ�Mj�٫ X3l�d �tA�qF�AÔ`�@E�Ll5T�W)թz@�4�}&�/H{{L'!�C��|�pd`/R=:¿uouj�)ՃI�,䧒ZQJ~&�[�b"�ud\6˰@e�ִ
&;rm۽'�zfdݙ(�yR+rf!9�I4U�$\���
ؕGQ/AY@�*#܊��k�
Bo` 12l�3u�/.zrwݱM% y�sn.}�O>xN¢ '-h'^+0ZN�
*J"2ByQ�ihw\rR2
S#<�~Ɋ0�
ClW��õX1�pW�P�V}85�'&
R9!GF�l��ʂu�!�MU���,np{]�0�X�AG5�h��!L`V8!�+
#mqJk�'4E��uκԲ)Z+�::�j�9f~�+ˣ����,ćφ�G�2�>L�k}�]P~Ws�boY
�چH��B&:GdHC��+`NT:Yw�<܁c:P?H(TZ�g7cMśH]ac6U�{z@nR)Z'�,Wvh\�JEWDIۛ�ўG|5� |l3HNqGL+ s0RsI�l
x@̬�}� w0m94c~��y�-0P>OiTXLb��T~��\�3�gbg]a+w]9�e6e'~����/�#U�IV:#ݸyɯ�ȫ"w�>sԳлMk�l�s��Gq3`S"象mBt�u_�+'&Gl�E6Xi�l=�;"c�3>S"K8?IUfSMOT%0=@"�#f.@C׳@g.lLQX��G�RUe@5yJ1k
%
=EZYı�)&%j�ĮOm�I�TY�)(q
g@Vf2U+WkU"m=,N
=X�Z=4~��
z�|�IcE�i\kxk�_(OU?2:i1RʵRM()CoE��잔4r�Ok,���ش,6"h -���z�[
ez⥺_-�,sK"hJgԋ_��r[rn)ty�4�ņ5ѣ(4CFup0�+�3{�Kqlϱ�kK{&�@�u��tS6neU�uZ]J֟E'�svٞE�A({KB�uṚo{{kC4�÷��,;L)~3�9�Ȕ�)xT-kZ��b[Ԫw�c"�iB�qC`
IZP+{)�,%~w9@`�|ZUj��rF2�2@BZA$d1~G:Ky�6P��
�`��bT1 _RF�MQ�=#�ijqř�π/PEQ�):�*9Q{Qkѷo5E߈>O1Ok7�tE�h[(k��x,�VbsZ;t�1?x�>6�Bz?$Y^:g_��{��"Tc�8L,ӤN)fTDіx�S!OVAkv,x\J�|[<,'�Mw[�v1CN'~.?@
6̯�>���H-Н�>��y{ho&})s'A���u�haJwfim6ELf0�7+��,v�7*ApC<-�L�?Gfc:��M"�IQU֭��UdU)I=Y)G�G8��Lz�tH_/lFǵ�4/
Z2fP:9�G[qe�cF0�[ov��E<��O�F�eۡ�܍)³��$`DI@R�i�g�6A� j(l��wpm�U0p>-7OIj��wl['/G'/-c|�p:i��p*9;_�����P�E?\=3q� DɛxQx7e\ڊ�]�aKn~�'Vv/wip8�q8t.��?m�h�٨\V+Q9�[M9�?=m^83X+@=dYhe?7Jj^�]8Sj0�^Y.1+xc��H{ri Eaa{�'ו��xL�,|�P� Y&�8gL��Xd�N;x=(}I�O(`BlAWAg `M R]n!1Z�i�2PI�<
;�)
�\;K]H��¼8H=zg[qfdV?ۧiMloT��D_p(|Gͪ?˵d_\IHSy%W�ޮ8䑺��W�Cy-��*,(�.y�zI$�f/�jM7F0�'<"s�YJ�E(�sEeEe,X'֓cŬSL��BF@m��9$b2]P;ZS*}j>@<,h;Ո�' ez6#&z>���?
j#NT-)Pj(
[�m5#EŴ�R0%�q^#�B>φ%r/t}�ү҅c�P�6K#FʚVWe!b��k%�үD�#�؞0�����6�gV4%W��"
luG]�|%Vߦ0L#9u�y)*E�S�#.(
�ڋ�TU*jm#.AQ<*N�:.�:ICtH�b45ٰt6LM\$%܃i�/�3(�$`&̵d=T5@d�]�$�~-V|J�Jb,r�$M wAIΖIs
h� �$Q��"o�YhmZ\ϴۯIJ_$l4'�P~)AK%oy�Ԑ0٬tc9x>RU9\A&�A2w��I8H�&@
F~�Dx
Oxi{^*Zx�ȁE?|�kͬ�0UX^i6�Ne2�5.f�5ى^uuLYø݀
$MqʊN�y,k
�p+S1"�b^˫/Q{>Za�R�3`szGm0Ԩ�Dqyf�@ ����B��@�m_ܸ"~n67�$"i�O�g�YOM˰BQzlVr(~BG�<[�WoG|Kj�Pµ3dH_H�\�o>o>o>o>SUm>D_k9ߕ+�?0mX%�qe춉9R�3%���xiU�x<٩~"a9ڗDLnq>^&6Wm��_
�-0�`�$j纍Z q�L4x�_ ϼ�br�/�eCN|1�/hsAO(<;$`&O[tY,˥�B�MJ���3�`x�S$�D�^�.��hnS{C.^)�@n>�
S�p�(m^̯QF�iZd
0X$E�,a킦�Pxs�qP&"�|{�QH�4)w濶װosXt��{*
��H1C% ԯi6#CD'6ګ�0q0o@�QAGɉ�M(UxO >I}^H
�!/NQ#OM(B�"�!=4�S2"��9LK{Ly`7777W2Uuvƻkdz��1�I"_�)&0;-bru��`�G��H�`�D>=:iO�VU�gzn"_f�ҝ'o0Ab'�z�`0� �C�@�PĹHհso6?3���s��##�|憎��
o|}Boq�u}i+cƽǮmx<#(%6YV�:N~D�ZK`dU�eH�&ʖhnW=ҧ邋KٔR�D��kTZG$]�q�b����J:O$Iiセp�~4j`,U8��T`,h�{�VR��G��0�uhg6�/F/My'Bsw���602S,(�ch7G���=&�/
j5sԢL1qaN�ͯ͝_~�A{\^oq,�;v�ʃVKr
]���R�ş
/�{��,F�E��D^;@�
=u<9-f[|��{m6MC
qX;6۬7oDSvjcm&+㵙v=mVx{�7i�s`�W۰::S�/35}`�Y�mZسO�]Y6%pc5�>Krb�lzCo�`lï^�JY�f-eĚ�fQ+i�錃ql
�X1�L4�+x�(�(iL7{|/$rpDKפ{�|:Ϡ)8weQOf|ׂxi/�^hc5nIVt0l�W�;eۋ@{71I�ُGP�ђ,#;Ћ�$Bd���Dtitq��^l��
`4��'rp�я"]zcO{
es�^;7>k_A'-gWYΞCm�%��<{��`fT�nCn$XG}K:i���^T��PAgXt��z�C�.�oJ^j$'p�
?}A6�ژy���iF4��RE}o M-ӴiLLRO�����ag\�NL�_��_�0��8 rF@Yf4G���,
7a�fL�Zsrپ靷u�=<���swB��wOuq14tS�C�a�ߩ1q>9 *y�l��0W�l�
�� [zqeL\�Wк�lŧtS�w|1[GB(W�9$#M{[Ѿ+%�cDRw.sOaH��p=S�["
eZ1ш�@Q>ɹ���cMN퓔px�XҚ0! ��YC)� t 6"))ĴF#1Cd˼�͈)i`��_�t/0#�+&(?,pD�
b��qSZ,�gsҾ҃Pbڿ�I�*K"x`Y�@��y#��LL�͂zĂB|~L�!~�R"t3a/xCD}S�N\<7��Y�ef��xp�Ƨ�x�}� 5t)Lpj�,EףΛ]-GAGG71`�p� ?vCc!us
x\fH֎B$Ѕ:x,@#!��9ω�KkS%c
7úޛXF m`��p���3�W�VjMDO"ӁRs]�)U:ί|n x7<42Qq�LSz%
%uW0`A i�2bg4t\K�
-C#�&a@}lFL�(uuuvI^ۤw|ݹw}3M
ܢֳ[s=tܽtڹl_]w.橅lj1 kyl2_T
Q�9l]28SΘksYx�9K��xu�<�/�8l�.(���.!j�b\թ2M�/~]c�urr|j%6�N#g5^L7#Ǯu���1�>r:`uL(8iz67axfh�P��b>^�Ȥo�u[9@/9Ao9P~�)By7�9�hp)?@���X_~)4:;'f$�eN9^K/�Z_~�sl��EN/�E�|E�}/>�9_�"?/?/r�e2�cN��S~��909{ s#?0~9�9wAtsO�K7G\�\�5u�9�]_�C�}yп9�C�(+��h&��Ku3�Ay+GZWpz~;29)�G9R{�W�KӜ}(gU�s�Vn�Va�{CjgN@^W~��su=I+ťfW�*7yKxM}%k{[Z1iu�tb�a/u��KHe^M&�#(���R^>Ȧc����˼_VRRw;]�Cڤ\��su5m�Rr-Xѧ�cZ?Ś/�Yy<�*
u�=�}٘*ω(c#h��cHO9?|\�-c�#]q�N8���(G@K�n
\��8����#r�75i q[~r^<^Ȭu�j�7�m!ϋ>Y݉7�xx.
o�2q*K�7ýEy�2�w8�0׀�[Nx���Z�n�am�z�ם'4�`/[烫6{̦�di�ʪ9�(Ѱ~HWEjorx�s�~�FC䮩-317ӯ�.h
;c���ö0A
l(U˚VVk[*j�>7�6##"2tU�!5ɪ"+uw9
8]�V*r
`"�
*�s>P�`24UF`
Ԋ�z!�J1
=4�`֭tK_c(w�L"O�ӱ7?;fCWe",dƋ&�æʗp^Wv"�H�@0�~Y8P&`!��؞.F^͆$�F�w�� `1ǤK�4l&�Klɜ]k'b�"'�mg&L;��,O�~�f+g�-��c�U�rߡQ��2���-#�[�P`t{^=F.̥YB΄[4�п�ls%(u5 @�:~ kf�:aKƘS�DM�KIn�_!�x@�Erby{�lg#�X)43GśYDxa�w���./ ]@NEЉ;���pc]M� m,_x
y�v�#+ma5��spR\�>��^�̆I
�e�۰̠O�=8Ï �CqzvwʱDŮl^vܙet�ZxR
��Hv2,)<;:a�I���c̈́U&]P�O"c
y7q�>+�W$oҫ@�Y��~l+97�3F(�K9��H%)^Ղ]#rF33��1#qyU�� p6�+=.�X&"�>6�LN�>�Ncc�? `�vwj9c�˖]XQYɶ��_��9�ud2- �kc'p�G!-X�0���n=ձ]w
�O`7G}L��4xצJu!A]�?_�vs[>/R`ǔK.)�tO�鋰��AVt3Nŗ�k,^��zX�ջb#>�n)ZF#,c-�ԭ<�P8��_C~c.v^%e�ܔ�uF.Dm�hT4X�%*l+�7�
��/�߉n^'me�#�X#+��v$ѿs�a�|X��l�p/>G1G[�0rczz�Y=W'�8KY'Ӿ}d.GD�e�Z']ZD!hXr���E"O
�q~ жX�3��"@a)5BLN7�S
3pRaL �� b[и�9-_0$a�1�+�=�c-�hw͙!�׆!0ѕDM1F(ͦ,1��f� �Ax��
�v�4%hw2b5����g�_yf��/0,#�N�|]鼽t1N�e_:m]t?�J{`�gg^vT�vQ��Ke
|
Network Security & Hardware 
