Rapid development and the complexity of recent technologies make it difficult for networking staffs to keep up with the latest security technologies and threats. Value-added resellers (VARs) and systems integrators can add much needed value by maintaining technical expertise and selecting application firewalls
Technical expertise and understanding the customer's business are key. Partners must understand the application firewall technology and how it can best be used to meet each customer's unique needs, as well as specific compliance standards requirements.
Protect Web servers
Failure to meet compliance regulations, such as Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry (PCI), can carry severe consequences. Customers may have some idea about which application firewalls meet compliance standards but still need VARs with the technical skills to implement and maintain these firewalls.
As Web content has become more interactive, networks have become vulnerable to external threats. The PCI standard includes a list of specific attack types such as malformed HTML messages, cross-site scripting and embedded SQL queries. Web-specific firewalls protect against these types of threats.
VARs and integrators working in the Web content market must have a detailed understanding of the techniques used by hackers in the past, but new attack types appear constantly. Reacting quickly requires deep understanding of Web technology. Vendors offering Web firewalls include Borderware, Breach Security, Protegrity and Barracuda Networks.
Monitor and log database activity
Compliance standards require the monitoring and logging of all access to the database and activity within the database. Resellers have to be prepared to face both internal and external threats to a customer database. Firewalls need to be set up to monitor and protect from attempted breaches by unauthorized users and attempts by authorized users to exceed authority. Improper access attempts introduced by application software errors also need to be considered. Firewall products monitor all database access to prevent improper activity and log all access to enable tracing activity back to its source.
Sentrigo Inc. and Imperva Ltd. are among the vendors offering products designed to address database security. Sentrigo's product is host-based software while Imperva offers a family of appliances. Both products monitor and log application and database activity.
Shoring up SOA
Traditional network firewalls are not sufficient for technologies such as Voice over Internet Protocol (VoIP) and service-oriented architecture (SOA). Here also, VARs and integrators who intend to deploy these technologies must have a detailed understanding of the technologies and the role of application firewalls.
SOA has recently emerged as the next evolution of Web-based services. SOA offers the ability to adapt applications quickly to meet business needs but brings security issues specific to the technology. Components within an SOA implementation communicate via XML.
Layer7Technologies and Forum Systems provide families of firewall appliances that examine each XML message to ensure proper access to data and protect against XML attack methods such as insertion of malicious scripts or SQL queries in XML messages, forged credentials, or oversized message contents that can result in denial of service by overwhelming the XML parser.
XML firewalls offer VARs and integrators an opportunity to maintain long-term customer relationships. SOA is a rapidly evolving technology and SOA implementations are seldom static. As new applications are added and hackers develop new methods, a firewall configuration that once made the network secure may no longer be adequate.
Based on their experience working with many customers, systems integrators can point out potential problems before they occur and suggest solutions. Also, new and improved products are being introduced constantly. VARs and integrators in close contact with vendors receive information and training on new products and are able to identify products relevant to their customers' requirements.
Voice over IP security
As VoIP and video conferencing based on the Session Initiation Protocol (SIP) have become widely adopted, attacks against it have begun. VoIP adopters can expect to encounter intrusion attempts, denial-of-service attacks, call termination, call redirection, call spoofing and unauthorized call monitoring.
Borderware has added SIP-specific features to its existing line of email, IM and Web security products. Ingate Systems offers firewalls specifically designed to protect SIP messages. Products from these vendors enforce usage policies and scan for protocol violations on incoming and outgoing SIP traffic and can also encrypt conversations to protect against wiretap attempts.
Combat appliance proliferation
An installation utilizing multiple technologies, each with its own security requirements, can result in a rack full of appliances. Unified threat management solutions from vendors including Fortinet Inc. and Crossbeam Systems combine protection against multiple types of threats. While both offer products designed for a range of customers from small businesses to large enterprises and service providers, Crossbeam emphasizes its high-end products.
Fortinet has developed a set of software modules, each designed to deal with a specific type of threat. Customers can choose which to install. Crossbeam has partnered with application partners offering a variety of security products, each addressing one or more technologies. VARs and integrators select offerings appropriate to a specific installation from among these vendors and install the chosen software products on the Crossbeam platform.
About the author
David B. Jacobs of The Jacobs Group has more than 20 years of networking industry experience. He has managed leading-edge software development projects and consulted to Fortune 500 companies as well as software startups.
This was first published in November 2007