 |  | |
 | ||
| | |
| ||
|
URL :
 |  |  |
 | November 2002SolutionsQualysGuard Intranet Scanner"Are we secure?" Since launching in 1999, Qualys has answered that question for enterprises through its Web-based QualysGuard Managed Vulnerability Assessment Service, which measures the security posture of Web-facing devices. Although effective, Qualys' outside-looking-in approach has been blind to what's happening behind the corporate firewall.  Qualys Qualys last month eliminated that blind spot by unveiling QualysGuard Intranet Scanner, a hybrid appliance- and Web-based approach that enables the vulnerability assessment service to analyze what's going on inside the network. The 1U hardened Linux box sits inside the corporate firewall. With its Inference-Based Scanning Engine, the appliance scans devices within a predefined range of IP addresses for known vulnerabilities and configuration errors. The results are reported via a secured connection to Qualys' security center, which crunches the data and generates Web-based reports on security problems and remedies, as well as an overall score of the network's security posture. Just as with the perimeter managed service offering, customers are able to manage the scans and access reports through a secure Web-browser connection. Admins can use the Qualys-hosted service to drill down into the assessment reports and get more details about security problems. And Qualys provides a quick reference lookup of its KnowledgeBase, a database of more than 2,000 security problems and remediation techniques. Admins can run scans on demand or on a schedule. Qualys says the QualysGuard appliance can scan up to 5,000 live IP addresses a day, meaning that one or two boxes have enough capacity for most large enterprises. Qualys recently added wireless security capabilities to QualysGuard, giving both its managed service and Intranet Scanner the ability to monitor networks for rogue wireless APs and to check the security of authorized wireless devices. The QualysGuard appliance will routinely dial out to Qualys for vulnerability signature updates and software upgrades. As with most vulnerability assessment services, Qualys gives enterprises an effective way to measure and improve their security. By tracking the scores of periodic scans, managers can see if their security programs are effective in addressing security problems. Qualys is especially effective in this regard, given the ever-growing number of entries in its vulnerability library. What QualysGuard lacks is a job-ticketing and remediation tracking tool, which some of its host-based competitors offer. Qualys offers APIs to hook into existing maintenance management systems--such as Tivoli and Remedy--which the company says is a more effective solution, since it doesn't require customers to reinvent their patch management system. Answering the "Are we secure?"
question is never easy, but with Intranet Scanner, Qualys has taken the best
logic step of expanding its vulnerability assessment service to both sides of
the firewall. ServGate EdgeForce With ServGate's new modular EdgeForce integrated firewall/VPN appliance, small- to medium-sized businesses (SMBs) can expand gateway security as they grow without having to replace their existing boxes. ServGate offers a range of security devices, from the recently released SG100 firewall/VPN for telecommuters and home office users to the high-end SG2000 firewall appliance, which provides up to 500 individually managed security domains, called "Virtual Gateways," for large enterprises or service providers. With EdgeForce, ServGate aims to pick up market share by offering a single, upgradeable device in a space in which competitors offer perhaps three boxes with different levels of capability.
ServGate The basic EdgeForce unit offers a firewall with 75 Mbps throughput, combined with a VPN that supports 20 Mbps. The Base Unit is an upgrade of the discontinued SG200. But what's really new is the FlexModule system, which enables SMBs to beef up their capacity without taking EdgeForce out of the rack, much less buying a new box. ServGate offers two Performance Modules, which can be enabled by purchasing license keys from one of ServGate's channel partners. The customer logs into ServGate's new Web portal, My.ServGate.com, to register and activate the FlexModule features. The modular approach works for both ServGate and its customers, says Scott Lukes, director of marketing. It simplifies the product line for ServGate, with a single appliance to serve a range of different-sized customers, and cuts costs for growing companies, which can increase capacity without having to purchase replacement hardware. In addition to Performance Modules, customers can add virus scanning and other features. The Professional Module is a hardware plug-in that includes a 20 GB hard drive and adds adaptive URL filtering, a Web caching server and local logging, for admins who want logs on the box for security purposes, rather than exported via syslog. The hard drive is also a prerequisite for the Virus Scanning Module, which uses the McAfee AV engine. The EdgeForce firewall features stateful inspection with integrated DoS attack protection, including SYN and ICMP flood attacks. The higher-end Performance Module 2 offers 150 Mbps performance and supports up to 50,000 sessions and 4,000 policies. The IPSec-compliant VPN encrypts traffic with DES or TripleDES, and uses MD5 or SHA-1 hashing for digital signatures. With the Performance 2 Module, EdgeForce VPN performs at 40 Mbps and supports up to 1,000 IPSec tunnels. The Base Unit includes class-based queuing for efficient traffic management; MAC-IP binding, which binds a user's MAC address to IP address to prevent some source address spoofing, and support for Websense software, which manages employee Internet employee activity. Both Performance Modules add a DMZ to the Base Unit package, and Performance
Module 2 includes high availability for failover. EdgeForce can be remotely managed through a GUI, secured via a
HTTPS Web connection or SSH-protected command-line interface. PowerBroker 3.0In the Unix/Linux universe, root is king. As any hacker knows, once you've identified a user with administrative privileges and gain access to his account, you can pretty much do anything. Symark, makers of Unix/Linux password management software, brings order to this chaos with PowerBroker, a password management and access control system that restricts individuals' privileges on admin accounts. Symark Sitting on top of the OS, PowerBroker requires users to enter a name and password to access the *nix command line. Credentials are matched against a policy and access control database, which restricts users' actions. Each command must be entered through PowerBroker, which either allows or rejects it based on the user's privileges. With PowerBroker in place, a hacker may not be able to run certain commands, even if he's broken an administrator account. PowerBroker also acts as a logging and auditing application, recording all commands directed at the OS. Admins can use the GUI-driven logging and auditing functions to review actions taken by account holders for quality assurance or forensics investigations. The access control and logging functions are transparent to users and cause about the same latency as a Telnet connection. Symark ships PowerBroker with a number of default security policies and scripts for generating access control policies and user privileges. Unfortunately, PowerBroker isn't able to import existing policies or access control lists. Organizations deploying PowerBroker can get the software installed fairly quickly, but it will likely take time to establish admin accounts, and create and fine-tune access privilege policies. Symark's largest competitor is Sudo, a freeware, open-source application that has most of the same functionality as PowerBroker. However, the company says PowerBroker is more robust for enterprise environments, and Sudo doesn't have the GUI-oriented auditing functions. As the adoption of *nix-based OSes continues to expand
in enterprise environments, it's only prudent to consider additional security
controls for admin accounts. Symark's PowerBroker is a good beginning for
delegating admin account privileges and restricting root access. InterScan WebProtect for ICAP 1.0E-mail remains one of the easiest ways for malicious code to infect networks, but last year one in five attacks were launched using Internet-based viruses, according to ICSA Labs' annual virus prevalence survey. To combat this expanding malware vector, Trend Micro has released InterScan WebProtect, an AV scanner for Internet Content Adaption Protocol (ICAP) 1.0-complaint Web-caching devices. Trend Micro Browser technology has grown to the point where embedded applets and scripts pose a threat, so AV vendors like Trend Micro now provide software that scan all incoming Web traffic and pass on clean content. InterScan works like an API that allows third-party applications to leverage this new caching protocol, which is designed to guide content between caches and network-based applications. But scanning Web traffic is performance intensive. InterScan streamlines the process by scanning only preselected elements on a page, as configured by a network admin. This way, when an end user requests a Web page, the caching server acts as a proxy, and if the Web page already has been scanned and stored, it's quickly retrieved. If it's a new download, InterScan uses ICAP to connect to the caching server and scan for explicit information. The scanner's ability to bypass cached content improves an enteprise's network performance needs. And this is where Trend Micro believes InterScan WebProtect proves its worth. "We're seeing performance improvements in the range of tenfold. We're talking 1,000 percent throughput compared to traditional solutions," says Robert Hansmann, Trend Micro's product manager for North America. "It's all because of ICAP. Trend can't take credit for it; all Trend can do is spotting the technology and phrasing it." InterScan WebProtect has
been available for a couple of months, but it depends on caching appliance
vendors incorporating ICAP 1.0 or upgrading from ICAP 0.9. Among the first to do
that are Network Appliances and Blue Coat Systems (previously called CacheFlow).
Entercept Database EditionEntercept Database Edition combines behavioral rules--and signature-based intrusion prevention to protect MS SQL Server 2000 databases. Building on Entercept's Standard Edition, which intercepts system calls to the OS kernel on the host server and summarily rejects unacceptable actions and known attacks, the Database Edition uses a technique called SQL Query Filtering to intercept application calls to the database. The SQL Interception Engine hooks into the database app to evaluate queries before the database engine processes them. Entercept Security Technologies Fortinet FortiGate 500 NPGWhat makes consolidated security appliances appealing are their multiple functions (firewalls, AV, VPN, IDS, etc.), ease of use and low cost. Many security vendors are developing such appliances, but only a few offer working models. Fortinet is joining that small, but growing club with FortiGate 500 NPG, a gateway appliance that's designed for enterprises and service providers. It includes 12 user-configurable 10/100 Ethernet ports in a single 1U unit that can handle 500 Mbps of firewall traffic. With the multizone capabilities, ports can be assigned to different security zones with unique policies--essentially offering varying protection levels for, say, HR, finance and product development. For instance, a special e-mail server can be placed in a dedicated confidential zone for sensitive mail, and access can be restricted to users in that zone. In addition to firewalling, the gateway includes real-time application-level functions such as virus scanning, content filtering, VPN, intrusion detection and bandwidth throttling. CRYPTOAdmin 5.32CRYPTOCard Smart card adoption in the United States still lags behind the rest of the world, but their multifunctional uses are beginning to make them attractive solutions for securing both physical and IT resources. CRYPTOAdmin 5.32, a new smart card management server recently rolled out by CRYPTOCard, is designed to reap smart cards' maximum potential. Through CRYPTOAdmin, enterprises can distribute smart cards for employees for two-factor authentication. With CRYPTOCard's new smart card and reader devices, enterprises can use the CRYPTOAdmin server to strengthen or replace Windows login routines to network resources. The server can also be used to establish VPN connections with Cisco Systems, Check Point Software Technologies and Nortel Networks clients. And, CRYPTOAdmin 5.32 has the ability to control physical access with its support of HID and Mifare systems. Through the centralized management console, CRYPTOAdmin allows enterprises to customize security policies for different levels of access based on user privilege or location. Recent ReleasesACCESS CONTROL eTrust Security Command Center An integrated solution for managing access control, identity management and malicious code threats. Cisco Secure Access Control Server 3.1 AxcessIT Resource Manager APPLIANCES SA-1000 SmartLSM Lucent VPN Firewall Brick 300 SecoScorpio Westbridge XML Message Server ANTIVIRUS Norman Virus Control E-MAIL SECURITY iMail SurfControl E-mail Filter 4.5 ENCRYPTION WorkSafe MegaCryption v5.2 ComputerWatermark INTRUSION DETECTION Symantec Host Intrusion Detection 4.0 PERIMETER/NETWORK SECURITY Global Technology Associates TowerView Security SecureNT Lite POLICY MANAGEMENT CiscoWorks VPN/Security Management Solution Security Manager 4.0, Security Reporting Center 2.0 and
Security Administration Suite 4.0 NetIQ Symantec ESM for HIPAA Attention Vendors: November 2002 Table of Contents Copyright 2002 TechTarget | |
 |  |  |
