Protect Web Apps From Attacks

The Sasser worm attack last week, which reportedly infected hundreds of thousands of computer systems, shows that security professionals--despite their best intentions and efforts--often can't outrun virus writers in the race to patch and protect systems.

The Sasser worm attacks a software vulnerability for which Microsoft provided a patch last month. It poses a threat to Windows XP, Windows 2000, and Windows Server 2003. However, many Microsoft customers have cited problems with the patch, saying it caused Windows 2000 systems to crash during startup.

To combat hacker attacks launched against applications and Internet worms such as Sasser, Blaster, and SQL Slammer, more companies have been deploying intrusion-prevention technology from security vendors such as Internet Security Systems, Kavado, NetContinuum, Sanctum, Teros, and TippingPoint. The latest security vendor to add these features to its product line is network firewall and VPN software maker Check Point Software Technologies Ltd. It has added improved Web-application defenses to its software and introduced a Secure Sockets Layer VPN with security features to thwart Sasser-style attacks.

One Check Point customer welcomes the news, saying most businesses can't patch systems fast enough to stay ahead of hackers. "You don't have time to patch servers within two weeks," says Andrew Bagrin, director of business-technology applications at Regal Cinemas Inc., which operates 550 movie theaters in 36 states.

Bagrin has looked at products from a variety of intrusion-prevention vendors but has yet to decide which vendor would be the best fit for Regal. However, as a longtime Check Point customer, he says it's good that a leading provider of VPNs and network firewalls added application protection. "This is a move in the right direction for Check Point," he says.

Check Point's Web Intelligence provides increased protection for software vulnerabilities that reside inside Web applications. "It's critical because the time between when a vulnerability is announced and the attacks arrive is shrinking," Bagrin says.

Check Point's Web Intelligence can be integrated into the company's VPN-1 gateway and is built into its new Connectra SSL VPN, also unveiled last week. And it includes what the company calls its Malicious Code Protector, which catches many types of attacks used in hacker toolkits and viruses and worms, including buffer overflows, a common form of attack.

With Web Intelligence built into its Connectra SSL VPN, remote users as well as the systems to which they connect will have the increased security. The SSL VPN includes end-point firewall protection from Zone Labs, which Check Point acquired in December for $205 million. Zone Labs' Integrity software can make sure remote systems have the proper security settings before allowing the connection to a corporate network.

The additional application protection, while much better than what was offered before, "does not yet fully compete" with the products offered by existing Web-application firewalls, says Eric Ogren, senior analyst with the Yankee Group.

Check Point says its Web Intelligence will be available later this month and is priced starting at $5,000 as an add-on for VPN-1 to protect up to three Web servers. The Connectra SSL VPN will be available in June; pricing starts at $10,000. Check Point VPN-1 customers can purchase an SSL Network Extender, which starts at $2,300, to add SSL VPN connectivity to their conventional VPNs. The SSL Network Extender is included free with Connectra.