ToolboxNew Products For IT Professionals
Marnie Hutcheson
Eliminate Application-Level Vulnerabilities
Automated Application-Level Inspection Services
Security Inspection Service from Reasoning Inc., a provider of automated software inspection services that focus on C, C++, and Java-language apps, searches for security vulnerabilities that are the root cause for the majority of CERT Advisories, including buffer overflows, tainted data, race conditions, and risky operations. This includes finding defects that have not yet been exploited, reported to the security community, or that have known signatures. Static analysis can access 100 percent of the code and examine it for the structural defects that hackers are exploiting.
Once the security inspection is complete, Reasoning provides the customer with a report of the analysis and the offending code complete with the pre-conditions. The development team can then focus on fixing the vulnerability as quickly as possible. The service does not require expensive and time-consuming test case creation, validation, maintenance, and processes. Reasoning can normally perform this service in two weeks or less. The process allows vulnerabilities to be removed early without additional staff, training, or resources.
Price: Based on the number of lines of code to be analyzed and the depth of analysis.
Test Your Web Apps
GreenBlue Inspector by Ecyware is an integrated Web application analyzer. It provides you with a compact but potent test platform for finding and documenting Web application vulnerabilities. The interface uses an integrated Web browser control and works just like a browser—a browser on steroids that lets you get under the hood and behind the scenes to view and modify browser requests, cookies, headers, and forms data. You can then analyze and document what comes back from the app and the Web server.
I like this product and I want one of my own. Few application test efforts are equipped with such an easy to use, versatile test engine. And with so many tools packed into such a small container!
The tool collects the headers, cookies, and form data in a session record that you can modify, with data and test insertions, and then replay. You can analyze the Web site application and server responses to your testing using handy reports, or you can record your test session for deeper analysis coverage and documentation.
The main workspace gives you three views of the page you are testing. It lets you see the page as it is displayed in the browser, you can view the HTML source, or you can use the forms view. Forms view gives you an editable hierarchical view of the forms on the application page. You can edit the source and change the values of virtually every field on a page. At the same time, you can follow your session steps using the event console, record your session, view and modify request and response headers, and cookies. You can use the Quick Tests page to see the effect of SQL injections, modified source code, and buffer overflows on the application you are testing. GreenBlue Inspector is implemented in 100 percent .NET managed code.
Price: A single IP address license is $895 and can be installed on multiple machines.
Personal Security Tools and Gadgets
Protect Data in Your Workstation
The Encryption Suite by Encryptasoft is a collection of three encryption tools—EncryptAccount, EncryptaNote, EncryptaFile—that are designed to protect sensitive data in your workstation.
EncryptAccount is a password manager that lets you store all of your user names and passwords for easy access using one master password. You can copy and paste the appropriate user name and password straight from EncryptAccount to the Web site login page. When it's minimized, EncryptAccount sits in your SysTray (next to the system clock) for quick access.
EncryptaNote allows you to encrypt and decrypt password-protected text messages, which is especially useful in e-mails and instant messages that are normally transmitted in cleartext.
EncryptaFile allows you to encrypt and decrypt files anywhere on your computer (including removable media and network-connected drives). The Encrypt or Decrypt options are available in the right-click menu in the Windows® File Explorer or via a simple to use interface that is similar in appearance to Windows Explorer.
The Encryption Suite is built on the Microsoft® .NET Framework.
Price: A 30-day free trial is available for download. The entire suite sells for $19.95 online.
Embed Hidden Messages in Media Files
Secret Media, by Direct Logic Systems, allows you to embed password-protected hidden messages in otherwise normal audio and video media files such as JPG, MP3, and WMA. The hidden messages are undetectable when viewing or playing these files. It has an easy-to-use wizard-style user interface that lets you create and view your password-protected hidden messages. It works with Windows 95, Windows 98, Windows 2000, Windows Me, and also Windows XP.
Price: $19.99.
Personal Security Database
The Passwords-Lines database provides encrypted storage and easy-to-find solutions to two personal security issues. One is provided by Passwords, which allows you to save your passwords along with a rich set of information related to the password (for example, what it goes to—the bank, my e-mail account, and so on). The other is provided by Lines, which allows you to save and retrieve data relating to things like college loans, credit cards, insurance, investments, leases, mortgages, and so forth. Both Passwords and Lines interact with each other in this encrypted relational database.
Price: A 30-day free trial is available for download. A license for two computers is available for $19.90.
Book Review
Security Sage's Guide to Hardening the Network Infrastructure (Syngress Publishing) is billed as the first book to focus exclusively on how hackers exploit the "nuts and bolts" of computer networks.
I like this book! It's not only a best practice how-to guide, it's also a handy reference that offers lots of examples and solutions on every topic it covers. In addition, it's useful for both novice and seasoned practitioners.
The sages (the book has multiple authors/contributors) really lay it out in simple and understandable terms. The early chapters focus on defining the network perimeter and assessing your current security status. Then they discuss secure network components: firewalls, routers, protocols, network management, switching, and other related topics. The later chapters focus on defense: threat detection and hardening the design of the network and its components with software, hardware, and physical security procedures.
Chapters covering specific components discuss the component in general, possible attacks, and how to defend against them. Then the authors go on to present examples of vendor products. The book does not present a comprehensive guide to products of any particular type, but there are candid discussions of specific vendor products in most topics. Topics include features and vulnerabilities, security weaknesses to be patched, and patches to be applied.
The book presents lots of examples on how to plan and implement security procedures throughout the network. Real-world examples abound.
Also, they discuss tools, both software and hardware, to help you secure, monitor, and defend your network. They typically start with shareware and move on to commercial products. There are lots of explanatory diagrams, product screen shots, and good examples of what things are and how they work, what they cost, and anything else that is pertinent. Each chapter includes additional resource links, checklists, and frequently asked questions sections. All that, and a good read too.
Price: $59.95
Protect Workstations and Servers
System Access Control Utility
Transparent Screen Lock PRO 3.5, a system access control utility from e-motional.com, enables IT pros to secure their workstations or servers with password protection while viewing programs that are running in the background.
Transparent Screen Lock PRO 3.5 supports optional USB proximity sensor hardware that can be used to automatically lock the system when the user steps away and reactivates it to display TSL-PRO's password-protected logon screen when a user approaches. The proximity sensor hardware option is less than two square inches and can be mounted on a monitor port.
Transparent Screen Lock PRO is ideal for facilities that must ensure compliance to the 21 CFR Part 11 code of U.S. federal regulations. It supports Windows NT, Windows 2000, Windows XP, and Windows Server™ 2003.
Price: $24.95 for a single-user license of the base version and $49.95 for the PRO version. Site licenses and volume discounts are available. A free trial version is available. The proximity sensor hardware option is $129.00.
Proactive Defense Against Hackers and Malicious Software
Anti-Cracker Shield by SoftSphere Technologies protects your entire system, including software apps, network settings, browsers, e-mail components, and the operating system itself. When a problem is found, the program informs the user and suggests how to fix it. Both workstation and server versions are available.
The Anti-Cracker Shield workstation provides proactive protection against attacks on the OS, including DDoS and spam-machine attacks. The server version works with several popular servers and allows a system administrator to specify which particular processes need to be fully protected.
The application explores the computer and its contents to identify vulnerabilities and potential exploits. It can identify and block predatory or malicious processes. It can also protect against new and unknown exploits by simply blocking any process that is used by hackers in order to infiltrate the system. Anti-Cracker Shield can protect Windows NT® services without actually switching them off. It does not hinder computer performance and does not crash the PC when an attack occurs.
Price: $79 US Workstation and $499 US Server Edition. A free demo version is available for evaluation.
Make Your Host Anonymous
www.port80software.com/products
The less an attacker knows about the target Web server, the more likely he will resort to behaviors that make him an easy target for an intrusion detection system (IDS) rule set. That is why an IDS, like a firewall or antivirus system, should be supplemented by host anonymization—the hiding or obfuscating of vendor, version, and other information that malicious hackers use to profile the software running on a host prior to mounting an attack.
This is where tools like ServerMask 2.2 from Port80 Software come in. By keeping a Microsoft IIS Web server from being "fingerprinted" by a hacker, ServerMask increases the efficiency of intrusion detection systems.
Popular among government and financial organizations, ServerMask 2.2 provides extensive masking of HTTP response data for IIS (hiding, altering, or randomizing the Server header, changing HTTP header order, masking any header, and masking ASP session cookies).
ServerMask 3.0 takes this idea even further, allowing IIS to defeat all attempts at HTTP-level fingerprinting and to thwart stack scanners like NMAP that use subtle variations in different vendors' TCP/IP implementations to fingerprint the operating system itself.
Price: $99.95 for a single server license. A 30-day free trial is available for download.
Advanced Application Security Firewall
RoadBLOCK (RimApp Technologies), based on Microsoft Internet Security and Acceleration (ISA) Server 2004, is an intelligent network security appliance providing advanced application-layer firewall, VPN, and Web cache capabilities in a dedicated hardware security solution. A full range of products are available to suit both small to medium businesses and also enterprise businesses.
ISA Server 2004, part of Windows Server System, is the advanced stateful inspection application that enables users to easily maximize existing IT investments by improving network security and performance.
The RoadBLOCK's Web interface provides centralized Web management for each and every ISA Server 2004 firewall feature. RimApp's RoadBLOCK Web-based administration tool makes complex firewall configuration tasks simple by using everyday language.
The RoadBLOCK Firewall includes enhanced security and ease of management tools, powered by GFI, a developer of messaging, content security, and network security software. These include e-mail antivirus and content checking, Web content checking, intrusion detection, anti-Trojan and anti-spam disclaimers, mail archiving, real-time Web monitoring, Web download antivirus, and security scanning and patch management.
Price: Estimated SRP is $2,300.
All prices were confirmed at press time and are subject to change.
Marnie Hutcheson is president of Ideva, a firm that specializes in Web application design, development, and hosting. She has published a variety of technical papers and books on various computing topics. You can reach her at marnie@ideva.com.
© 2008 Microsoft Corporation and CMP Media, LLC. All rights reserved; reproduction in part or in whole without permission is prohibited.