FOR

With all your other security solutions in place you may be tempted to think that your web server has enough protection surrounding it to beat off any attempts to compromise it. Think again!

Web servers are the front door to many systems; within the boundaries you hold corporate data, payroll information and even valuable source code. They can be hacked and doing so may lay open all of your closely guarded corporate secrets.

So why have a web server operational if it is potentially such a known target? 'Business' - it's that simple, if you want to compete on an open playing field then you need to offer the right resources with a measurable amount of security from both the threat on the exterior and the one lurking within your own organization.

The very nature of web servers and the available software makes them particularly vulnerable. Badly configured web servers can attach an even greater threat to an already precarious situation. They can leave vital information about your whole system set-up unguarded; great for anyone who might find it invaluable to their cause! Add this together the need to allow external users to come in and access certain files and folders on the network without compromising your security and you have a disaster waiting to happen.

Security isn't just about keeping threats at bay, it should be about knowing your enemy and those that use your systems legitimately. Careful auditing and tracking can keep all usage to manageable and secure levels. Something rule based and easy to monitor, a good set of principles, software-led and simple to navigate may be the answer to a difficult and painful task for any IT security manager. VigilEnt Security Agent for Web Servers (VSA for Web Servers) is another of PentaSafe's practical and workable security solutions. Easy to install and configure, it provides a whole lot more information that is easy to track and simple to navigate, with an added commonsense approach to an everyday IT problem.

When deciding on a particular type of security solution, system requirements have to be taken into account and with VSA for Web Servers it's not too heavy going. Therefore, with the capacity of 128Mb of memory and 115Mb of free disk space you are almost ready to run. Additionally, you'll need either Apache 1.3 or over, Microsoft IIS 4.0 or 4.0, Netscape 3.x, or iPlanet 4.x on the web server side, and be running IBM AIX 4.3.3, Red Hat Linux 6.x, Sun Solaris 2.x or Windows NT 4.0 as your chosen platform. If you are looking to run PentaSafe's VigilEntSecurity Manager (see March issue for review) alongside VSA for Web Servers you'll also need to be running Windows NT 4.0 or Windows 2000.

VSA for Web Servers focuses on host-based auditing (PentaSafe already has a long and well respected history in the security auditing field) combined with intrusion detection; this solution takes the problem very seriously. Using agents and their architecture to implement the process, VSA for Web Servers looks for changes to the web site and web server files, then, if it finds unqualified data, it processes the information to reverse any potential damage.

The agent architecture is set up as a 'catch-all' for information to be gathered and processed in a logical and usable method. It deducts and detects changes with its three main components. The Manager Server is the central control for the whole system. It pushes out Agent Modules as required, ensuring that the correct module is sent to the right web server. The Agent Modules work on the auditing and security testing needed to keep system integrity, while the Agent Server transmits all data back to the Manger Server. When new components become available they are added to the Manager Server. In turn it automatically upgrades the agents by pushing out the information to the appropriate Agent Server.

This type of constant monitoring provides the basis for secure and sustainable information resources for both employee and customer-based use. One of the simplest and arguably the most important aspect, is knowing exactly what is available through the web server, with ease. Opening up systems may be good for business but if confidential information is also viewable to anyone who logs in, business confidence will be lost very quickly. To ensure this does not happen you will need at your disposal the means to ascertain the full extent of the available information open to your users. With an easy and simple log of all viewable files and folders, VSA for Web Servers provides your administrator with a clear report of all accessible data and allows reconfiguration in order to hide proprietary data from view.

Windows IIS has been fraught with problems, many patches later and you may still be wary, but VSA for Web Servers can keep a careful eye on this aspect for you. Deployment is eased with careful and calculated checks to resolve potential security issues. It also ensures changes cannot be made without them being tracked, detected and resolved. Alerts are sent out where changes are encountered, making corrupted files easily detectable. If required, an administrator may configure the system to automatically restore them to their original state or if preferred, manually deal with any changes. This prevents unnecessary downtime and provides reporting and logging methods to stop further attacks on system integrity. You should also find enough information is provided to support a case of litigation should your company feel that this type of action is necessary to thwart further action.

Of course, not all changes are malicious, some are purely down to human error and these too are processed and reported, leaving no room for mistakes to go undetected. Internal threats are also caught, allowing timely action to be taken to address further espionage. All in all, VSA for Web Servers makes light of a heavy job, freeing up administrators for other tasks in and around the corporate IT infrastructure.

SC On-Line
SC Magazine
www.scmagazine.com