Find a weak point; build a firewall. Its an ad hoc approach, but its the one corporate IT is following as it gropes its way to more secure Web computing. This week, eWEEK Labs West Coast Technical Director Tim Dyck reviews three Web application firewalls designed to protect an extremely weak link in the Web infrastructure. And application holes are often exploited. Tim says the vendors tell him that customers come calling when theyve failed a penetration test. The products he reviews are for critical servers and take a Draconian approach to security, eliminating access except by specifically allowed, or white-listed, entities. Tested were Sanctums AppShield 4.0, Teros Teros-100 APS 2.1.1 and Kavados InterDo 3.0. Teros won Tims Analysts Choice award.
Tim notes that we already have conventional firewalls, of course, and two of these can be used to create a demilitarized zone around a particularly sensitive server. Then you can add a Web application firewall and maybe a database firewall. The result is a firewall infrastructure thats ripe for consolidation. Tim predicts this will happen, with such larger players as Check Point Software Technologies leading the way.
Ah, security. We just cant get enough. And if you listen to Richard Clarke, were not about to get enough of it from the Department of Homeland Security. Now that he has left the government, Clarke is very active on the speaking circuit. Dennis Fisher interviewed Clarke when he came to Boston last week and heard Clarke reiterate his call for a National Cybersecurity Center with direct access to the president.
But if you look at the organizational chart, the NCC appears buried beneath levels of bureaucracy. Clarke has a point. For whatever reason, Clarke feels he was slighted when the DHS structure was created, so its hard to tell whether his critiques of the structure are objective or merely sour grapes.
Finally, some good news: Microsoft has listened to customers. As Peter Galli reports, customers have told Microsoft that waiting three years for a major product upgrade is too long. So Redmond plans to deliver new technologies as incremental add-ons, "out of band" from the regular upgrade cycle. The first candidates, as Peter reports, are likely to be Network Attached Storage 3.0, Small Business Server 2003 and a version of Windows Server 2003 for AMDs processors. Customers get to enhance the products at a pace of their own choosing. Whats not to like?
Till next eWEEK, send your comments to firstname.lastname@example.org.