Remember the halcyon days of the dot-com boom, when analysts were insisting that no company worth its salt could continue in business unless they had a web presence? Their weighted words were sufficiently terrifying to ensure that businesses rushed to add that all-important 'e' to their trading, resulting in countless new web sites appearing.
But, such a speedy response came at a cost - security. Many network administrators overlooked the fact that their nice secure network, guarded by a firewall, was no longer sacrosanct. In setting up a web presence, many companies had inadvertently created a pathway from the internet directly into the corporate network, bypassing the firewall and leaving them open to attack.
This is the area that Teros, formerly known as Stratum8 Networks, has addressed with its APS device.
The Teros-100 APS shares a number of features in common with a standard firewall; however, it is designed to examine HTTP and HTTPS requests in both directions, and will usually sit between the firewall and the web site. According to your customized security policies, the Teros-100 APS will monitor HTTP/HTTPS traffic and prevent suspicious connections from being formed.
Installation of a product like this is obviously not going to be easy - much depends on the configuration of your network and web site, and Teros estimates an implementation period of several days. However, the company provides considerable pre- and post-sales support to make the process as painless as possible.
Obviously it isn't going to be feasible to fine-tune the product and the security policies with real customers from the very start. Teros recommends using a group of in-house users to hone the policies before applying them to the real customer. After a couple of days of monitoring, the policies can be rolled out into production; these can then be further fine-tuned without causing too much disruption. Teros also offers a complete risk assessment of your network, advising you of the best configuration for the Teros-100 APS.
Management of the Teros-100 APS is performed via the browser-based dashboard, which is an extremely easy-follow GUI. Con fig uration and setting policies is made extremely simple, and there are tab-limited reports that can be exported into the reporting tool of your choice.
Support and documentation (including extensive online contextual help) are both first class. After purchasing an APS, one of Teros' systems engineers will take you through the entire process and ensure that you deploy the configuration that is most suitable for your network.
The Teros-100 APS operates in one of two modes. In bridge mode, it is a Layer 3 device that connects two sections of your network. Acting transparently, it can be placed almost anywhere in the network; allowing you to configure it to ensure that there are no load implications. Still, since the Teros-100 APS has a throughput of between 38 and 40Mbit per second, this is unlikely to be a problem for all but the busiest of web sites. In this configuration, the Teros-100 APS can either block or permit connections (in both directions) according to a number of protocols, but only HTTP/HTTPS connections are actually filtered.
In proxy mode the device becomes a reverse proxy server, and should be placed immediately before the web servers. It will accept a connection, analyze it according to the policies, and then pass it on if the connection is permitted.
These are the simplest configurations; depending on the complexity of your network and the amount of traffic that passes through, you may need to deploy more than one APS to ensure correct load balancing across both the web servers and the APS's. The Teros-100 APS can handle multiple web servers depending on their load profiles.
The Teros-100 APS employs a filter engine to examine all HTTP/HTTPS traffic. There are five filters. Hyperlink inspection looks at the target URL and checks that it is valid for the user to access within that session. The cookie tampering filter looks at cookies returned by users and checks that they are both valid, and that they haven't been modified.
Form consistency filtering checks the data that is passed through with the request from any online forms, and validates that it is the correct type and value of data for the relevant field. Buffer overflow protection does exactly what it says on the can: it prevents this very popular and malicious hack from being effective.
Finally, input validation ensures that incoming form data is valid for each particular field - for example, a date field contains a date. There are also two filters used for outgoing traffic: server masquerading changes the server identification header to ensure that this information is not given out, while Stop and Go words ensure that a request is stopped if a specific word or phrase is present or not present.
This is a superb product, offering a degree of protection that virtually all firewalls lack. Given that a web site is an irresistible opportunity for most hackers, it ensures that you have both safe online trading and - more importantly - continuity of business.
A definite one to consider if you have a web presence.
