iApplianceWeb-iApplianceReview

Sponsor-Editors Sites
• iApplianceReview
• Appliance-Lab
• CyberNode Appliances
• VideoIP Services
• Energy Gateways
• Metering & Appliances
• Netcentric Community
• Techrite Associates

EETimes Sites
• EE TIMES
• EE TIMES ASIA
• EE TIMES CHINA
• EE TIMES FRANCE
• EE TIMES GERMANY
• EE TIMES KOREA
• EE TIMES TAIWAN
• EE TIMES UK

EETimes Network Sites
• CommsDesign
• iApplianceWeb.com
• Microwave Engineering
• EEdesign
• Deepchip.com
• Design & Reuse
• Embedded.com
• Embedded Edge
• Elektronik i Norden
• Planet Analog
• Silicon Strategies

• Byte
• ChannelWeb
• CMP
• CommWeb
• Com. Convergence
• CRN
• Conferences and Events
• DB2
• Dr. Dobbs Journal
• DV.Com
• EBN
• EBN China
• eeProductCenter
• Electronics Express
• Electronics Express
• Internet Week
• Network Computing
• Network Magazine
• NetSeminar Services
• QuestLink
• TechWeb
• VAR Business
• Windows Developer

NetContinuum Appliance Secures Web Services Apps

By Mitch Wagner, INW
iApplianceWeb
(11/21/02, 10:56:54 AM EDT)

Santa Clara, Ca. -- Startup NetContinuum Inc. has introduced a server iappliance designed to automatically provide security for Web applications, doing for Web security what firewalls did for other Internet apps.

The company, whose management includes alumni from Microsoft, Sun Microsystems and Cisco Systems, has as their first product the NC-1000 Web Security Gateway, a 2U rack-mountable device with an onboard ASIC providing SSL encryption and other security functionality.

Users can either install the appliance between a Web site and the Web-enabled application or between them and the outside world that has access to its applications. Simply put, it's designed to block users from doing anything on the Web site that the users have not been specifically permitted to do.

The device serves as a proxy, intercepting all inbound traffic on port 80, the port used by Web applications. Port 80 is not just used for static Web pages, it's also the corridor for Web services, including XML, SOAP, Java, .Net and J2EE applications.

For starters, the appliance encrypts all Web traffic using SSL.

The device also masks platform information about the Web site. With conventional Web applications, any user can determine the operating system, patch levels, and Web server software the site is running on, which allows an intruder to identify possible weaknesses in that platform.

The NetContinuum server hides that information from outsiders. With conventional Web applications, intruders can also find security holes by analyzing URLs for telltale strings; those URLs are altered by the NetContinuum device to mask that information. "We think you can eliminate 80 percent of hacking activity simply by putting this cloaking in place," said Wes Wasson, vice president of marketing for NetContinuum.

The device works at the network level to block attacks such as the ping of death and denial- of-service attacks.

The appliance can block outside users from accessing any URLs on the site except for authorized ones. That's important because some hacker attacks are launched by inserting text, characters or whole scripts into URLs.

Moreover, the URL-blocking will limit users to accessing only URLs that the Webmaster wants users to use. That's been an issue for companies seeking to drive traffic to their home page, rather than linking directly into internal pages.

Moreover, the URL control will help keep enterprises from accidentally exposing proprietary information.

In recent weeks, there have been a couple of such disclosures: on Friday, the judge's decision in the Microsoft antitrust hearing was available on the U.S. District Court Web site about 90 minutes earlier than the judge intended.

And Swedish software vendor Intentia International sued Reuters for computer piracy, after Reuters obtained Intentia's third-quarter financial results 31 minutes before Intentia intended to post it; Reuters says all it did to get the results was look at the same URL it used to access the second-quarter results, changing the 2Q in the URL to 3Q.

The way URL blocking works is that the Webmaster provides the NetContinuum appliance with a list of approved entry pages, and those are the only pages that the user can access to begin to use a Web site. As the user calls down pages, the device looks at the HTML going over the wire and compiles a list of links, and those links are the only internal sites that the user is entitled to access next.

The appliance also builds an audit trail of Web activity, digitally signed so that even the security administrator responsible for overseeing the machine can't alter the trail without leaving tracks. One effect of that would be to permit nonrepudiation of transactions; if a customer wants to deny ever having bought something, his truthfulness can be tested by checking the unalterable log.

The functionality is made possible by an on-board ASIC which handles all the computations.

The NC-1000-C, a 10/100 Ethernet model, is priced at $28,000 while the Gigabit version, the 1000-G, is priced at $38,000. Both are available next week.

For more information, go to http://www.netcontinuum.com/.

And for more information about the issues, products and technologiesin this story, go to the iAppliance Web Views page and call up the associatively-linked XML/Java Web map of the iApplianceWeb site and search for product information since the beginning of 2002.

For technical article coverage, go to EETimes In Focus maps on the same Web page and browse or quickly search for all articles on a particular topic since the beginning of 1998.

These Web Maps can be browsed by date, by category, by title, or by keyword, with results displayed instantly either as a list of possible hits or with the specific Web page.