| As a bullet-proof defense against the effects of Web site sabotage and
vandalism, the ExitControl™ concept is key to ensuring your Web server
will never be used against you, even if all other security methods fail.
Gilian’s ExitControl-based solutions are the first to proactively
scrutinize all objects leaving the Web server, verifying no content or
applications have been replaced, erased, or altered.
ExitControl technology represents a ground-breaking approach
that bolsters traditional network security solutions—such as firewalls,
intrusion detection systems, and access control mechanisms—that
were never designed to protect Web servers. Because even on the best-protected
corporate networks, hackers still gain access to Web servers via Ports
80 and 443—the two always-open gateways for all HTTP and HTTPS
Web traffic—and wreak havoc by corrupting content and applications.
It’s not enough to monitor incoming network traffic. You’ve
got to scrutinize outgoing content reaching your public from your Web
server.
With ExitControl, you can control the potential damage of any type
of security breach by monitoring all content leaving the Web server.
So,
when hackers gain access to your Web server—a most certain event—any
altered data is seamlessly replaced with the original, authentic content.
As a result, your Web audience never sees the dire consequences of a
hacker’s exploits. In fact, with ExitControl, visitors would not
even realize a security breach ever occurred. How ExitControl Works
View larger version of diagram.
- During the digital signing process,
site administrators create digital signatures and mirror archives
of each object that is on your Web server, such as CGI scripts, HTML,
GIF, and others.
- When a request is sent to the Web server, the reply
is checked in real-time and the digital signature is compared with
the previously
saved,
trustworthy signature of the original. This process is followed
regardless if the reply contains static or dynamic content, a program
or a script.
If the Web server is sending dynamic output—such as a stock quote
or pricing data—from a Web application, a digital signature
representation of the program itself is attached to the output.
- If the digital signatures match, the content is deemed authentic
and sent instantly to the user.
- If the digital signatures fail to match due to an unauthorized
alteration, the content is stopped before it reaches the customer,
and automatically
replaced in real-time with the archived copy of authentic
static information, and then forwarded to the user. In the case of
a dynamic
breach, the
transaction is stopped from executing. At that point, the
transaction is either load-balanced to re-execute or the Web visitor
is notified
of a problem with the transaction and asked to try again
later. Administrators are immediately notified via pager, phone, and/or
email.
ExitControl
technology is OPSEC certified, and integrates easily with
Checkpoint firewalls, BMC Patrol, Tivoli and countless other solutions
you
may have in your network environment.
- Web visitors only see original, unaltered content on your Web
site, unaware of any violation, and with no detectable
delay in processing. Administrators may take immediate action while
all Web
site
attacks
are neutralized.
|
