Home Computer Network Security Securing Web-Bound Traffic

Securing Web-Bound Traffic

Written by Larry S. Wiggins    Monday, 09 March 2009

NC-1000 OFFERS WEB, NETWORK FIREWALLS NETCONTINUUM INC. IS introducing the next version of its Web security gateway, which will include a full stateful inspection firewall and a new method for managing the Web firewall. The NC-1000 Web Security Gateway 4.0 is the first of the crop of Web application firewalls to include a traditional network firewall. The box's application-specific integrated circuit-based architecture made it straightforward for engineers to add the stateful inspection functionality, company officials said. Because the system already inspects Web applications, the addition of network firewall functionality gives it the ability to secure all traffic bound for the Web. The NC-1000 has a new interface for the management of both the Web and network firewalls. The user interface looks identical to that of a typical network firewall and gives administrators the ability to set rules and access control lists and policies with a few clicks. There are separate tabs for access control lists, NAT (network address translation), routes and other features. On the Web application firewall, NetContinuum has included a new feature that can cloak internal Web servers and domains, much the way that NAT works on a network firewall. The technology, known as Web address translation, takes a sensitive internal server name, such as hr.company.com, and translates it into a generic URL. The company has submitted the technology to the Internet Engineering Task Force for consideration as a standard. "This isn't just one way of going about this," said Wes Wasson, chief strategy officer at NetContinuum, based in Santa Clara, Calif. "This is the way it should be done. You have to be able to hide these names." Both the network and Web firewalls can now run in passive mode on a per-rule basis. This feature lets administrators set up a security rule on a given application and log the results of the rule without blocking traffic or behaviors. The administrator can then comb the logs to see if the rule caused problems before letting it run in active mode. Version 4.0 of the appliance includes a new feature that can generate detailed reports showing the number and type of attack attempts on each application. The document shows whether the application requires authentication, how many successful and failed log-on attempts there were, and the top 10 attack sources. The reports can give security personnel a way to show executives what's happening on the network without bogging them down with details they likely don't understand or care about.

Last Updated ( Monday, 09 March 2009 )