Product Information

G-Server

Vendor:

Gilian Technologies

  • SC Magazine Best Buy

Price:

$25,000

Quick Read

Strengths:

Does not allow defaced content to be exposed to the outside world, even for a few seconds.

Weaknesses:

Cost.

Verdict:

A most complete and effective way of protecting your corporate web presence.

Rating Breakdown

SC Lab Reviews

Reviews from our expert team

Features:
Documentation:
Value for Money:
Performance:
Support:
Ease of Use:
5/5

Summary

The G-Server is the only hardware in this Group Test - all the other products consist of software. It is designed to be installed inline between the DMZ port on your firewall and a public web server. It is completely transparent and requires no changes to any network settings on other network equipment. It has no IP address visible to the outside world, so is undetectable by hackers. Even the MAC addresses of its NICs reflect those of the real web server to make the G-Server even more transparent. Two G-Servers may be configured for high availability.

Additionally a piece of 'agent' software called G-Agent has to be installed on the web server itself. G-Agent supports Microsoft IIS 4.0/5.0 (on WindowsNT/2000), Apache 1.3.x and 2.x (on SPARC Solaris, Linux and Windows), Netscape Enterprise Server 3.5.1 (on SPARC Solaris and Windows) and iPlanet Web Server 4.x - 6.x (on SPARC Solaris and Windows), as well as other web servers; G-Agents can also be developed at the customer's request.

The G-Server works together with the G-Agent, using public-key-based digital signature technology, to sign and later verify all web-server content. The G-Server monitors all traffic going to and from the web server and can intervene immediately if the digital signatures are not correct or incoming HTTP requests contain potential buffer overflow or protocol exploits. In this way it can stop most attacks before they reach the web server.

Even if the web server suffers unauthorized modification, none of the modified content will be allowed to pass through the G-Server to the outside world because the digital signatures will not be valid.

Static content is effectively 'cached' in the G-Server, but the contents of the 'cache' are not used unless the real response from the web server proves to be compromised (fails signature verification). In this way, there is no interruption in service even if the web server is successfully hacked.

The G-Server protects even dynamic web content that is generated by web applications (usually scripts) in response to user requests. It does this by digitally signing the application executables themselves and the resources they use - and then using the G-Agent to verify them. Obviously, it cannot 'cache' dynamic content, so it displays a configurable error page to the user should dynamic content be compromised. Email alerts and log files are used to notify administrators of all hacking attempts.