Most network administrators are well aware of the dangers of having a system exposed to the Internet. As such, they use firewalls,
virus scanners, and other solutions to protect such systems, which include Web servers, e-mail servers, FTP servers, and others.
KaVaDo ScanDo, InterDo, and AutoPolicy
KaVaDo, kavado.com/
|
 Deploy 9.3 |
|
| criteria |
score |
| Ease-of-use |
9 |
 |
| Implementation |
8 |
|
| Innovation |
10 |
|
| Interoperability |
9 |
|
| Scalability |
10 |
|
| Security |
10 |
|
| Suitability |
10 |
|
| Support |
9 |
|
| Training |
9 |
|
| Value |
9 |
|
|
|
Business Case:
Any organization providing any sort of interactive Web services is vulnerable to application-layer exploits and hacks. KaVaDo’s
suite of applications can find and protect against these vulnerabilities. Given the potential costs associated with not only
down time, but loss of proprietary data, customer data, site defacement, or malicious alteration of data, any organization
should be investigating application-layer protection.
Technology Case:
InterDo intercepts HTTP, SOAP, WSDL, and WebDAV traffic and looks for unauthorized attempts to attack the applications using
the data. ScanDo finds existing vulnerabilities in your Web site, making it simpler to set up InterDo.
Pros:
+ +Provides thorough protection against application-layer attacks.+Guards against exploits of back end databases, application
server attacks, and Web server hacks.+ScanDo and InterDo work well together to provide a complete security model.+AutoPolicy
automates implementing the protections suggested by ScanDo in InterDo.
Cons:
- -Fairly expensive.-ScanDo license is good for only one domain.
Cost:
Entire suite costs $25,000; applications also can be purchased individually
Platforms:
Windows 2000; supports all major Web servers and browsers
Bottom Line:
The KaVaDo suite guards against attacks on Web servers, Web app servers, and databases, working to scan and intercept malformed
or unauthorized HTTP, WebDAV, and Web services requests, and to impose security policies on the use of Web applications.
|
|
About our Reviews and Scoring Methodology
|
|
|
|
Most managers may think malicious hackers penetrate a system by exploiting a weakness in the operating system to gain a password.
But it is equally feasible for that hacker to use a standard HTTP, SOAP, or XML request, or an intentionally altered HTML
document, to retrieve private data, to add or delete files on the server, or to take other equally unwanted actions by attacking
via a published Web service. Protecting servers at the application layer is the only way to address these security issues.
KaVaDo has three products that operate to protect any Web application, be it a site, service, or server: InterDo, ScanDo, and AutoPolicy. InterDo functions as a firewall, with either two NICs routing traffic between a trusted and a public network or with one NIC operating as a proxy server. The application parses
HTTP, WebDAV, WSDL, SOAP, and XML requests, looking for and denying requests that are malformed or that ask for data that shouldn’t be accessed.
InterDo
comes in two flavors: Enterprise Edition, which protects any number of servers or applications in an enterprise, and Business
Edition, which protects one Web server or application server.
ScanDo scans existing applications and servers, looks for vulnerabilities, and recommends protective settings in InterDo. AutoPolicy uses the vulnerability report from ScanDo to configure InterDo automatically.
Installing the products is simple, requiring only inserting the CD. Installation begins automatically, and the default settings
are all that are required to install the programs. The Java runtime environment and Adobe Acrobat are installed if necessary,
and once the system is rebooted, the applications are available.
In keeping with the security theme, the login name and password for the InterDo application have strong security requirements: The login name must include at least six characters plus at least one number,
and the password must include both numbers and symbols. If SSL is in use, configuring certificates is nicely documented and
straightforward.
Configuring InterDo is not quite as simple, particularly for an administrator who is not a security specialist. Figuring out which protective
modes or "pipes" are needed is not a simple matter, although configuring the pipes is not difficult once you determine which
ones you need. For a security specialist, however, the interface is approachable and easy to use, with a comprehensive set
of tools for protecting Web applications and services.
ScanDo simplifies setup: When you launch the software, it scans your systems, looking at Web servers, database servers, XML, SOAP
and WSDL applications, and so forth, using a database of published vulnerabilities and reports on security issues, holes,
and potential exploits. (KaVaDo updates its database regularly as new exploits are uncovered by operating system vendors, application vendors and others.)
ScanDo can parse VB scripts, JScript, Perl scripts, Flash objects, and so forth, and can automatically fill in fields on forms in a Web server database as necessary.
APIs are available, enabling the administrator to write custom test scripts as well.
There are three parts to the ScanDo scan: the scan itself, which identifies the Web application and structure, including back-end databases, XML/SOAP, and more;
assessment and attack, which probes the applications looking for vulnerabilities; and the report, which summarizes the found
and potential vulnerabilities, and allows the user to drill down, as necessary, for details.
ScanDo finds and InterDo protects against numerous threats including: unauthorized SQL commands; invalid application parameters; invalid or altered
cookies; exploits of known vulnerabilities in Web servers, database products, or operating systems; altered SOAP or Web services
messages; invalid characters in messages; HTTP exploits; unauthorized file uploads; modified application or network protocols;
buffer overflow attacks; and requests that use unauthorized data encoding.
InterDo offers a variety of topologies, from a single server/single firewall model to a load-balancing cluster of firewalls supporting
a Web farm. It supports all major Web servers, browsers, application servers, and standard firewalls.
Scanning a number of live Web sites to find their vulnerabilities would have been interesting, but when the ScanDo license key is installed, it is only configured for your domain, ensuring that the unscrupulous cannot use it to find and
attack vulnerable systems. We tested the local Web server on our network and found no outstanding vulnerabilities, although
ScanDo did note a couple of OS and Apache patches that were needed.
InterDo is a powerful application security firewall, protecting against a wide variety of attacks. In combination with ScanDo and AutoPolicy, it can provide security even when deployed by a relatively inexperienced administrator. Although it might cost more than
the server it’s protecting, the potential for loss in down time and of data is potentially so high that any organization providing
Web services should deploy this product. The only other product we’ve seen with similar functionality is the APS from Stratum8,
which costs about twice as much.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
