Securing the real application layer

Free Newsletters

Log-in | Register

Securing the real application layer Application firewalls take protection beyond network-level security
By Oliver Rist August 08, 2003			E-mail Printer Friendly Reprints Slashdot It!

A hot new trend in firewalls is the application-layer firewall, sometimes called an application shield. Although the attack sequences we used in this roundup could be described as “application layer” attacks, because they exploit weaknesses at the application protocol level, these types of attacks are not what application shields are meant to protect.

Free IT resource

TechNet: More ways to know it, share it, and keep it running.

Sponsored by InfoWorld

DOWNLOAD REPORT


Looking for this InfoWorld Special Report in one complete, printable format? Download it for free. >> Special Report: Firewalls

Survey the last few months of Microsoft security flaws and you’ll get a better idea of the impetus behind application-layer firewalls. Programmers, and not only those in Redmond, don’t always code with security foremost in mind. A clumsily coded application can often provide a loophole for hackers to exploit and gain access to confidential data. Witness Microsoft’s Internet Explorer Web browser, and even its Windows operating system, which have been exploited in this manner multiple times in the past, usually rendering the host system completely vulnerable at the root level.

Although companies such as Check Point Software Technologies are working to create wide-ranging application shields, including Check Point's SmartDefense software. Today these devices are usually very tightly integrated with a specific application resource -- usually at the server level. For example, you’d typically install an application shield dedicated to a specific database server platform, such as IBM DB2, or a specific e-mail server platform, such as Microsoft Exchange Server.

Because application firewalls are so closely tuned to the specific application they are protecting, they are usually able to offer not only an extra layer of user authentication, but traffic verification as well. This capability stems from the application firewall’s close knowledge of the host application and allows it to verify that traffic stemming from that application is safe to travel across your network.

In a layered security approach consisting of perimeter security, encryption, intrusion detection, and other solutions architected to provide an overall secure environment, application shields can play an important role as a final layer of protection. Designing an appropriate application-layer scheme means more than simply installing software, however. Your applications and the traffic patterns they generate will need to be prioritized.

Performance testing is crucial at this stage because you’re already facing a performance hit from your other security layers, so an additional traffic-inspection layer could cripple throughput if it’s not installed properly. This step is made even more important because application shields aren’t enough to protect your network by themselves. They’re simply powerful security layers aimed at very specific application servers. You’ll still need the other more traditional security layers in place for an application layer to have its desired effect.

E-mail

Printer Friendly

Reprints

Slashdot It!


	Oliver Rist is a senior contributing editor at InfoWorld. • More of Oliver Rist's column • Oliver Rist's Weblog Newsletter Check out all of our free newsletters! Enter e-mail address:

TOP NEWS:

» Four quick tips for choosing an IM security product
71 percent of businesses will invest in real-time messaging this year. If you're one of them, be sure to protect your enterprise

» Forrester analysts ID hot IT jobs
Research group finds 16 IT roles with a promising future

» Nvidia claims 10 hours of HD video on Tegra chip
The Tegra 600 and 650 can be used with hard disk drives and are designed partly for mobile Internet devices

» Database vendors add Google's MapReduce
Greenplum and Aster Data Systems will support Google's programming technique, developed for parallel processing of large data sets across commodity hardware

» Network management: Tips for managing costs
New technologies, changing requirements, and ongoing equipment maintenance and upgrades cost money, but there are ways to manage expenses

» EMC targets SMBs, branch offices with new low-end storage
Celerra NX4 highlights include thin provisioning, snapshot technology for data recovery and backups, and Web-based console for management of storage volumes

VIRTUAL MACHINES: SUN'S XVM VIRTUALIZATION PORTFOLIO
This Webinar discusses how software companies and IT organizations can leverage virtualization and management technologies from Sun and VMLogix to consolidate lab infrastructure and automate build and test processes so that software can be delivered more quickly, cost-effectively and reliably. Sponsored by Sun

» Click here to view this Webcast

Network Security Solutions Guide
Network security is comprised of so much more than protecting just one or two PCs. And network security management can be different based on your situation. Read this Solutions Guide to find the best ways to protect your entire network, from individual PCs to network-attached storage and more. Sponsored by ISC2

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

IDC Workbook: Assess the Value of Deduplication for your Storage Consolidation Initiatives - Enterprises are caught between the continued growth in the amount of data they create, store, and depend on, and the need...
Frost & Sullivan Competitive Ranking Report - In this paper, Frost & Sullivan has detailed leading mobile solution deployments, products in development and new product...
Good Mobile Messaging Product White Paper - Mobile Messaging-a standards-based, wireless messaging application and management system that connects mobile workers to...
The Enterprise Mobile Messaging Benchmark Report - In this report Aberdeen takes an in-depth look at how best-in-class organizations are using mobile messaging to improve ...
Choosing the Right CMDB: Smart Considerations for Strategic Decision Makers - Drawing on industry-leading research, this white paper discusses: -The strengths and limitations of CMDBs based on relational...
Increasing ROI and Reducing the Risks of Your Application Portfolio - APM solutions help IT executives evaluate the benefits, costs, and risks associated with each application while maximizing...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

FIND PRODUCTS AND COMPANIES

» COMPLETE PRODUCT GUIDE

TECHNOLOGY INDEX

• Applications
• Application Development
• Security
• Networking
• Wireless
• Platforms
• Hardware
• Data Management
• Storage
• Web Services
• Business
• Telecom
• Professional Services
• Standards

TECH WATCH

What's the 411 on GOOG-411?
Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...

Apple HTML source reveals 'iPhone Extreme'
"This one's a stretch..." reports AppleInsider. Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it. Now, that sounds like the product Apple should have released first, rather ...

COLUMNISTS

Unified under law

(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...

» MORE COLUMNISTS

MORE INFOWORLD BLOGS

Open Sources

Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...

Zero Day

Botnet herders tending smaller flocks
New research backs up the theory that botnet operators are keeping their networks smaller in a continued effort to keep ...

• Advice Line
• Database Underground
• The Deep End
• Enterprise Mac
• Geeks in Paradise
• Grid Meter
• The Gripe Line
• InfoWorld Daily
• Inside IT
• IT Troubleshooter
• ITXtreme
• Open Sources
• ProdBlog
• Real World SOA
• Reality Check
• Security Adviser
• SMB IT
• The Storage Network
• Tech Watch
• Virtualization Report
• Zero Day

RESOURCE CENTER	advertisement
Ads by techwords beta See your link here

GOVERNMENT IT & POLICY
•	'If you don't go after the network, you're never going to stop these guys. Never.'
•	From the State Department, All the News for Inquiring Minds
•	TechPresident, the Internet Citizenry's New Consensus Taker

Sponsored Technology Links
Oracle - Top 3 Ways to Cut Costs in 2009 with Oracle Content Management AMD - See the power of the new Quad-Core AMD Opteron(TM) processor ASG Software - Transform your IT Organization now! AT&T - The Top 10 Best Practices for Server Virtualization Planning ISC2 - Network Security Solutions Guide Infoblox - The Costs and Impacts of DNS and IP Address Management AMD - Learn how the new Quad-Core AMD Opteron(TM) processor improves performance Riverbed - Virtualization Solutions Guide Armstrong - Delivering Actionable Enterprise Architecture AT&T - AT&T Business Continuity Survey on Risk Management AT&T - New from AT&T: Discover Fixed-Mobile Convergence Now AT&T - AT&T Article: Reinventing the Telephone with VoIP HP - HP StorageWorks products-control, consolidation and confidence. Vision Solutions - Solving Downtime Challenges to Manufacturing and Supply Chain Operations Oracle - The Top Three Ways to Cut Costs in 2009 HP - Predict the future with HP Insight Power Manager Rackspace - The True Value of a Hosting Provider HP - Affordable technology-no compromise. HP server solutions. Motorola - The Enterprise Mobile Messaging Benchmark Report AT&T - Machines That Speak: The Machine-to-Machine Wireless Network Data Domain - IDC Workbook: Assess the Value of Deduplication for your Storage Consolidation Initiatives InterSystems - Development, integration, BPM, and BAM together in Ensemble AMD - The Future is Fusion. Only from AMD. Learn more. Vision Solutions - Real-Time, On-Demand Information for Business Intelligence and Data Integration (ISC)2 - I'm an SSCP Go-To Guy. See what I do. Click here! Villanova University - Increase Your Educational Bandwidth While Saving up to $945!		Zenprise - How to Manage BlackBerry on a Tight Budget Samsung Printing Solutions - control workflow, costs and operations Check Point - Check Point Endpoint Security White Paper Get to know - BlackBerry Professional Software-find out more Oracle - Oracle Universal Content Management Oracle - Information Workplace Platforms: Oracle vs. Microsoft Oracle - Performance Monitor: ERP at the Speed of Light Dell Equallogic - Comprehensive Data Protection and Disaster Recovery Sony - Discover the advantages of Sony LTO media at sony.com/lto. Sun - Virtual Machines: Sun's xVM Virtualization Portfolio Verisign - The Latest Advancements in SSL Technology CA - Plan IT better, Manage IT better. CA - Manage your IT more effectively. Intel - Processor-enabled Virtualization. That's IT as it should be. Microsoft - Get the virtualizing power of Windows Server 2008 with Hyper-V Microsoft - Microsoft SQL Server 2008. Read Case Studies & Try for Free Microsoft - Learn about the software-based VoIP solution from Microsoft. AT&T - Securing the Converged Enterprise I AT&T - Securing the Converged Enterprise II AT&T - An AT&T White Paper: Enterprise IPTV Solution AT&T - An AT&T Article: When Content is King AT&T - Maximizing Mobility in Communications AT&T - The Spirit of Innovation: 100 IT Leaders Speak Out Oracle - Nucleus Report: Who's ready for SMB? Adobe - Delivering On The Promise Of eLearning MKS - Get Power and Simplicity of UNIX while working in Windows Qwest - Learn how Qwest voice and data solutions can save you time.

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist