Review: Teros-100 APS 2.1.1

 
 
By Timothy Dyck  |  Posted 2003-05-28 Email Print this article Print
 
 
 
 
 
 
 

Security-conscious organizations will find Teros-100 APS a powerful ally in the battle to prevent Web application and Web server bugs from leading to total security compromise.

EXECUTIVE SUMMARY
Teros-100 APS 2.1.1
Security-conscious organizations will find Teros-100 APS a powerful ally in the battle to prevent Web application and Web server bugs from leading to total security compromise. Like others in its class, this Web application firewall is still immature, but Teros-100 APS high-level content filtering features make it stand out and provide current users with a glimpse of what tomorrows security tools will look like. Teros-100 APS costs $25,000, or $30,000 for a model with hardware SSL acceleration.
KEY PERFORMANCE INDICATORS
USABILITY GOOD
CAPABILITY EXCELLENT
PERFORMANCE GOOD
INTEROPERABILITY GOOD
MANAGEABILITY GOOD
SCALABILITY GOOD
SECURITY EXCELLENT
  • PRO: Provides credit card, Social Security number, anti-defacement and other high-level content filtering features; offers comprehensive yet straightforward statistical analysis of actual site traffic for determining normal application behavior.

  • CON: Costs more than competitors; no protection for Web services.

  • EVALUATION SHORT LIST
    Kavados InterDo Sanctums AppShield 4.0
    Teros-100 APS is a 1u (1.75-inch) rack-mountable security appliance. The product has only been on the market since last May, and the Version 2.1.1 release we tested started shipping last month. Teros-100 APS costs $25,000 or $30,000 for a model with hardware SSL (Secure Sockets Layer) acceleration.

    Of the three products we tested, Teros-100 APS showed the most potential in terms of what a Web application firewall should be able to do. Its ability to recognize and control transmission of business objects, such as credit card numbers and Social Security numbers, is unique and provides instant value to organizations that need to quickly implement strong security and privacy controls for customer data.

    Teros-100 APS provides six high-level content protection features in addition to the HTML protocol-level checks that the product provides out of the box.

    Teros-100 APS credit-card-blocking features support real-time recognition of American Express, Diners Club, Discover, Japanese Credit Bureau, MasterCard and Visa credit card numbers, and we could use the product to configure a Web application to never be able to transmit a credit card number or limit each Web page to contain a single credit card number.

    Teros-100 APS actually calculates a credit card checksum to determine if a given string of digits is a valid credit card number and of what type. In testing this feature, a random string of 16 digits was let through, but a page containing a real Visa card number was terminated at the spot the number began.

    A module for blocking Social Security numbers provided similar protection, while a built-in dynamic password-complexity checker reported (but did not take any other action) the number of insecure passwords submitted by users, along with the total number of passwords seen.

    An anti-defacement page-watermarking feature prevented the Web server from displaying pages that were different from their approved versions. Teros plans to add in a late-summer release the ability to save watermarked pages and provide these saved pages in case of a defacement.

    All these functions are impressively innovative but have implementation flaws. Error handling was inconsistent in our tests—the content-protection features simply terminated connections. In other parts of the product, meanwhile, we could display a friendly, custom error message that looked as if it were part of our application.

    Also in This Feature:
  • Review: InterDo 3.0
  • Review: AppShield 4.0 West Coast Technical Director Timothy Dyck is at timothy_dyck@ziffdavis.com.

  •  
     
     
     
    Timothy Dyck is a Senior Analyst with eWEEK Labs. He has been testing and reviewing application server, database and middleware products and technologies for eWEEK since 1996. Prior to joining eWEEK, he worked at the LAN and WAN network operations center for a large telecommunications firm, in operating systems and development tools technical marketing for a large software company and in the IT department at a government agency. He has an honors bachelors degree of mathematics in computer science from the University of Waterloo in Waterloo, Ontario, Canada, and a masters of arts degree in journalism from the University of Western Ontario in London, Ontario, Canada.
     
     
     
     
     
     
     

    Submit a Comment

    Loading Comments...

     
    Manage your Newsletters: Login   Register My Newsletters























     
     
     
     
     
     
     
     
     
     
     
    Rocket Fuel