KaVaDo secures Web services

Security software bundle protects at the application layer

Most network administrators are well aware of the dangers of having a system exposed to the Internet. As such, they use firewalls, virus scanners, and other solutions to protect such systems, which include Web servers, e-mail servers, FTP servers, and others.

Most managers may think malicious hackers penetrate a system by exploiting a weakness in the operating system to gain a password. But it is equally feasible for that hacker to use a standard HTTP, SOAP, or XML request, or an intentionally altered HTML document, to retrieve private data, to add or delete files on the server, or to take other equally unwanted actions by attacking via a published Web service. Protecting servers at the application layer is the only way to address these security issues.

KaVaDo has three products that operate to protect any Web application, be it a site, service, or server: InterDo, ScanDo, and AutoPolicy. InterDo functions as a firewall, with either two NICs routing traffic between a trusted and a public network or with one NIC operating as a proxy server. The application parses HTTP, WebDAV, WSDL, SOAP, and XML requests, looking for and denying requests that are malformed or that ask for data that shouldn’t be accessed. InterDo comes in two flavors: Enterprise Edition, which protects any number of servers or applications in an enterprise, and Business Edition, which protects one Web server or application server.

ScanDo scans existing applications and servers, looks for vulnerabilities, and recommends protective settings in InterDo. AutoPolicy uses the vulnerability report from ScanDo to configure InterDo automatically.

Installing the products is simple, requiring only inserting the CD. Installation begins automatically, and the default settings are all that are required to install the programs. The Java runtime environment and Adobe Acrobat are installed if necessary, and once the system is rebooted, the applications are available.

In keeping with the security theme, the login name and password for the InterDo application have strong security requirements: The login name must include at least six characters plus at least one number, and the password must include both numbers and symbols. If SSL is in use, configuring certificates is nicely documented and straightforward.

Configuring InterDo is not quite as simple, particularly for an administrator who is not a security specialist. Figuring out which protective modes or "pipes" are needed is not a simple matter, although configuring the pipes is not difficult once you determine which ones you need. For a security specialist, however, the interface is approachable and easy to use, with a comprehensive set of tools for protecting Web applications and services.

ScanDo simplifies setup: When you launch the software, it scans your systems, looking at Web servers, database servers, XML, SOAP and WSDL applications, and so forth, using a database of published vulnerabilities and reports on security issues, holes, and potential exploits. (KaVaDo updates its database regularly as new exploits are uncovered by operating system vendors, application vendors and others.) ScanDo can parse VB scripts, JScript, Perl scripts, Flash objects, and so forth, and can automatically fill in fields on forms in a Web server database as necessary. APIs are available, enabling the administrator to write custom test scripts as well.

There are three parts to the ScanDo scan: the scan itself, which identifies the Web application and structure, including back-end databases, XML/SOAP, and more; assessment and attack, which probes the applications looking for vulnerabilities; and the report, which summarizes the found and potential vulnerabilities, and allows the user to drill down, as necessary, for details. 

ScanDo finds and InterDo protects against numerous threats including: unauthorized SQL commands; invalid application parameters; invalid or altered cookies; exploits of known vulnerabilities in Web servers, database products, or operating systems; altered SOAP or Web services messages; invalid characters in messages; HTTP exploits; unauthorized file uploads; modified application or network protocols; buffer overflow attacks; and requests that use unauthorized data encoding.

InterDo offers a variety of topologies, from a single server/single firewall model to a load-balancing cluster of firewalls supporting a Web farm. It supports all major Web servers, browsers, application servers, and standard firewalls.

Scanning a number of live Web sites to find their vulnerabilities would have been interesting, but when the ScanDo license key is installed, it is only configured for your domain, ensuring that the unscrupulous cannot use it to find and attack vulnerable systems. We tested the local Web server on our network and found no outstanding vulnerabilities, although ScanDo did note a couple of OS and Apache patches that were needed.

InterDo is a powerful application security firewall, protecting against a wide variety of attacks. In combination with ScanDo and AutoPolicy, it can provide security even when deployed by a relatively inexperienced administrator. Although it might cost more than the server it’s protecting, the potential for loss in down time and of data is potentially so high that any organization providing Web services should deploy this product. The only other product we’ve seen with similar functionality is the APS from Stratum8, which costs about twice as much.

InfoWorld Scorecard
Ease of use (0.0%)
Scalability (0.0%)
Interoperability (0.0%)
Support (0.0%)
Security (0.0%)
Suitability (0.0%)
Innovation (0.0%)
Implementation (0.0%)
Overall Score (100%)
KaVaDo ScanDo, InterDo, and AutoPolicy 9.0 10.0 9.0 9.0 10.0 10.0 10.0 8.0 9.3
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies