Imperva and Sentryware pad layer 7 security
Hive and SecureSphere deliver enhanced protection to Web applications
Vulnerabilities in Web-based applications are a big problem, compounded by the fact that most apps are not well behaved and are usually overly complex. Solutions such as IPSes (intrusion protection systems) and application firewalls help lock down your app servers, but they have not been the security panacea many have expected them to be. (See our special report on Web application firewalls.)
Two companies have joined the security fray, offering products that aim to provide an even greater measure of security than what is found in traditional application firewalls. The two solutions — Hive from Sentryware and SecureSphere from Imperva — vary, however, in approach.
The Hive appliance sits transparently in front of application and Web servers and uses encrypted tokens to lock down the applications, preventing unauthorized access.
SecureSphere, available as a software package or as an appliance, is a server-based system that uses SecureSphere Gateways to unobtrusively log network traffic, analyzing the packets in real time and comparing the patterns to previously profiled traffic stored in a SQL database.
Although their methodologies differ, both systems can stop attempts to hack or otherwise disrupt application or database servers.
Hive is a proactive security device, unlike most IPSes, which are reactive. Instead of using set policies or rules to protect your Web applications, Hive embeds AES (Advanced Encryption Standard)-encrypted tokens in the HTML stream on the fly.
These tokens are specific and unique to each HTML page and each object on the page. When a user accesses the home page of an application, Hive actually takes the HTML while it’s in transit and rewrites it to include the token information, a long hex key. Token creation and HTML rewriting take place at near wire speed and are completely transparent to the application.
When a user chooses a Hive-secured object, the associated token is presented to Hive. If the token is valid, Hive sends the request to the Web server. If a request is made for a page that doesn’t have a token associated with it or some part of the URL is modified, Hive rejects the request and, depending on configuration, redirects the user to a different page or displays an error message.
One common attack is to tamper with the URL string. If a user were to modify the URL, Hive would deny the connection attempt, even if it matched that of a valid page, because the user would not have made the page request via the secured objects. Furthermore, because tokens are created for each session, an attacker cannot reuse a token to circumvent Hive’s security.
The approach is indeed effective. I tested Hive in my lab against a live e-commerce Web site, and no matter how I tried to get around the tokens, I was stopped at every turn.
Installation is straightforward and Hive’s Web-based management interface is easy to use. Implementing the solution requires a little planning and understanding of the Web site layout. You will want to define entry pages for the application and to identify forms and objects to ensure that everything is protected. Sentryware says the next major release of Hive will automatically identify these objects.