Heading Off Hack Attacks | eWeek

Heading Off Hack Attacks

Verfasst von
Dennis Fisher
Dennis Fisher
Feb 12, 2001
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

While many security products such as intrusion detection and anti-virus technology concentrate on identifying and alerting administrators to attacks after theyve taken place, several companies are beginning to focus on preventing the conditions that invite such attacks.

Two companies in particular, WatchGuard Technologies Inc. and Entercept Security Technologies, have taken novel yet different approaches to the problem.

WatchGuard, a Seattle startup, this week will announce its Windows NT-based ServerLock technology, which defines two modes for each server: operational and administrative.

When the server is in operational mode—that is, transmitting and receiving traffic—all the machines administrative features and functions are unavailable.

“This goes a long way toward making sure that nothing gets touched on your Web site,” said Chip Moore, a security analyst at DataSafe Inc., of Boston, which has been testing ServerLock for three months. “Its much more effective than simple intrusion detection.”

To perform tasks such as updating or reinstalling software or changing configuration settings or user preferences, the administrator must enter a password and change to administrative mode.

This change effectively takes the server offline and enables the administrator to perform maintenance without exposing the machine.

Not only does this protect servers from outside attacks, it also prevents administrative errors—such as the one that brought down Microsoft Corp.s Domain Name System servers a few weeks ago—from crippling a companys network.

“This is designed to protect the core of the network against people with administrative privileges doing bad things,” said Jack Danahy, vice president and general manager of WatchGuard. “We assume a hacker will be able to get root privileges, and then we go from there.”

Entercepts Entercept 2.0 sits at the kernel level and intercepts operating-system-level calls, compares them with a database of known attack signatures and then prevents the execution of the operation if it is found to be suspect.

Entercept can also protect servers against unknown attacks through much the same method. For example, if an attacker tries a new type of buffer overflow against a machine running Entercept, the software will look for a series of individual calls that make up all buffer overflow attacks, regardless of the actual hole they exploit.

“The idea is to stop whole classes of attacks, not just react to each individual exploit,” said Robin Matlock, senior vice president at Entercept, in San Jose, Calif.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.