Security
- We provide hardware & software base enterprise solutions for complete content management and application blocking solution designed to enforce acceptable Internet usage policies.
- These can be extended to provide cutting edge anti spam & firewall solutions.
- We also provide gateway, server, mailing, desktop antivirus solutions & endpoint security.
Application firewall
E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online 2007 study conducted by Forrester Research and Shop.org. While e-commerce continues to mature as a sales channel, it is met with a similar rise in cost due in part to Web site hacks and data leakage incidents. Identity theft cost U.S. businesses and consumers $56.5 billion in 2005 as reported by the 2006 Identity Fraud Survey Report published by Javelin Strategy & Research. In response to the increase in identity theft and security breaches, major credit card companies collaborated to create the Payment Card Industry Data Security Standard (PCI DSS) for merchants, processors and point-of-sale providers handling and storing sensitive account information. The current PCI DSS Version 1.1 outlines 12 procedures and system requirements to securely store and access Primary Account Number (PAN) information. While there are no penalties levied by the PCI Security Standards Council responsible for managing the equirements, credit card issuers and financial institutions can enforce PCI DSS compliance byoffering incentives and issuing fines.
Web Application Controllers protect networks against unauthorized access, data leakage, site defacement and other malicious attacks by hackers that compromise both the privacy and integrity of vital data. By installing a Web Application Controller, businesses that store, process and/or transmit credit card numbers can protect their Web applications and sensitive data and achieve PCI DSS compliance in one easy step.
The most significant set of requirements is PCI DSS Section 6.5 as it highlights the greatest security risks -- the industry-accepted top 10 application vulnerabilities. The top 10 application vulnerabilities compiled by Open Web Application Security Project (OWASP), address ways hackers exploit vulnerabilities in bad application code. Barracuda Web Application Controllers directly address each of the requirements in This Section.
Unvalidated Input
Explanation and Examples: Tampers with an HTTP request to bypass a site’s security mechanisms, also known as forceful browsing, command insertion, cross-site scripting, buffer overflows, SQL injection, cookie poisoning and hidden field manipulation.
Web Application Controller solution: Learns accepted application logic to validate incoming and outgoing session content for legitimate application behavior, then classifies any inappropriate content as malicious
Broken Access Control
Explanation and Examples: Exploits inconsistent code across Web applications to gain unauthorized access to other users’ accounts, view sensitive files or use authorized functions
Web Application Controller solution: Sets up and enforces authorization and access control policies to authenticate user access requests via integrated LDAP, RADIUS, CA SiteMinder and RSA Access Manager interfaces.
Broken Authentication and Session Management
Explanation and Examples: Leverages security weaknesses in authentication and session state to tamper with cookies, form fields or tampering with other authentication tokens, and hijack sessions
Web Application Controller solution: Fully terminates and proxies every connection gaining visibility into each unique user session, then automatically encrypts session cookies and assigns unique session-IDs to ensure secure user sessions
Cross-Site Scripting (XSS) Attacks
Explanation and Examples: Injects malicious code within a script from a trusted source intent on accessing cookies, session tokens, attack a local system, gain access to sensitive information stored by a browser or spoof content to confuse the user
Web Application Controller solution: Validates user input by terminating session and inspecting incoming requests before forwarding it to the backend servers, blocking it prior to executing within a browser
Buffer Overflows
Explanation and Examples: Floods the memory capacity of one buffer to execute a malicious program on the adjacent “overflow” buffer to steal passwords or confidential information, alter system configuration, install backdoors or launch other attacks
Web Application Controller solution: Rejects any file from in invalid Web page, and limits total Web request length across applications
Injection Flaws
Explanation and Examples: Relays malicious code through a Web application to another system, such as the operating system, database or an external program
Barracuda Web Application Controller solution: Inspects each request from a Web application to the backend systems for malicious code and blocks any malicious request prior to reaching the application server
Improper Error Handling
Explanation and Examples: Exploits error messages that reveal detailed information about the OS and server versions, directories, patch levels, internal addresses and known platform vulnerabilities
Web Application Controller solution: Cloaks details of Web application infrastructure and blocks error messages being displayed on the Web
Insecure Storage
Explanation and Examples: Leverages the difficulty to properly code encryption for the storage of credit card numbers, account records or proprietary information
Web Application Controller solution: Filters and intercepts outbound traffic to prevent the transmission of sensitive information. Also blocks or masks attempts to access credit card numbers, Social Security numbers, client records or any other specified data type.
Application Denial of Service (DoS)
Explanation and Examples: Attempts to degrade application performance or crash an application by generating excessive session traffic to specific URLs affecting server performance
Web Application Controller solution: Monitors and controls the amount of queries to the same URL from a single user and queues the requests while allowing legitimate Web site access
Insecure Configuration Management
Explanation and Examples: Exploits common configuration problems, such as unpatched holes in operating systems, unnecessary default accounts and unnecessary services enabled
Web Application Controller solution: Acts as the DMZ to proxy inbound and outbound Web traffic to neutralize any configuration vulnerabilities
Anti Spam
The Spam Firewall is compatible with all email servers and can fit into nearly any corporate or small business environment. It is used by small organizations with as few as 10 employees and large organizations with as many as 200,000 employees. A single Spam Firewall handles up to 30,000 active email users. Multiple units can be clustered together for even greater capacity and high availability.
The Spam Firewall protects your email server with twelve defense layers:
- Network Denial of Service Protection
- Rate Control
- IP Reputation Analysis
- Sender Authentication
- Recipient Verification
- Virus Scanning
- Policy (User-specified rules)
- Spam Fingerprint Check
- Intent Analysis
- Image Analysis
- Bayesian Analysis
- Rule-based Scoring
The Spam Firewall architecture optimizes the processing of each email to maximize performance and process millions of messages per day. Unlike software solutions, the Spam Firewall reduces the load placed on the email server by off-loading both spam and virus filtering. In addition, all Spam Firewall models include essential outbound filtering techniques including attachment scanning, virus filtering, rate controls and encryption. These features help organizations to ensure that all outgoing email is legitimate and virus-free.
Web Filter
The Web Filter combines preventative, reactive, and proactive measures to form a complete Web filtering solution. The Web Filter:
- Blocks access to Web sites based on domain, URL pattern, or content category
- Blocks downloads based on file type
- Blocks applications that access the Internet, including IM, music services, and software updaters
- Integrates with "safe search" filters built into popular image search engines
- Provides integrated gateway and desktop spyware protection
Designed for the enterprise, the Web Filter enables you to set up custom policies for particular user and groups across customizable time ranges. The Web Filter integrates with popular LDAP directory servers, such as Microsoft Active Directory, for both authentication and group membership information on which to apply custom policies. Sample uses of group policies include:
- Restricting access to job board Web sites to only the Human Resources group
- Defining separate policies for teachers and students at a school
- Enabling compliance officers unrestricted access to the Web for investigation
- Providing external instant messaging (e.g., AIM) access only to specific users or groups
- Restricting personal Web browsing to non-working hours
For organizations that do not utilize directory servers, policies can be defined for unauthenticated users as a whole, locally defined users and groups, or network IP address ranges.