Appliance streamlines security

The increasing sophistication of application-layer attacks and growth in application traffic volume have led companies to deploy a single-purpose security and acceleration devices in their networks. These include application firewalls to protect HTTP and HTTPS traffic; Secure Sockets Layer accelerators to perform encryption and decryption; proxy servers for translating sensitive internal URLs and concealing platform information; and I/O accelerators to manage the setup and tear-down of TCP connections.

Because Web services, are vulnerable to many of the same attacks as HTML applications, IT departments are faced with the prospect of deploying yet another single-function device to protect XML traffic. In response, application security gateways have emerged. These appliances protect HTML and XML applications, and perform additional security and networking functions currently handled by single-purpose products.

Application security gateways let organizations reduce the number of devices in their networks. The consolidation improves overall application performance by minimizing the number of hops traffic must make before reaching the Web server. Fewer devices and security policies to manage decreases operating costs.

An application security gateway, which operates at Layer 7, intercepts and inspects traffic before it reaches and after it leaves a Web server. It verifies that each user request and server response adheres to the parameters and structure that define correct behavior for the application language (HTML or XML).

Because an application security gateway predefines what is appropriate, any deviation from correct application behavior is immediately blocked. For example, once a user has landed on the home page of a Web site, an application security gateway will block requests to URLs that have not been presented to a user. This defeats forceful browsing attacks, which attempt to gain unauthorized access to protected application resources and files.

In addition to their core HTML and XML application protection capabilities, application security gateways can perform the following functions:

• SSL acceleration: Decrypts and analyzes SSL traffic to prevent hackers from disguising attacks within encrypted payloads. Performing SSL acceleration within the gateway dramatically improves throughput and response times by relieving the Web server of these compute-intensive operations.
• Business object protection: Analyzes outbound application traffic to identify sensitive information such as credit card, Social Security and account numbers, and prevent them from being extracted from a Web application or back-end database.
• Web I/O acceleration: Improves application performance and response times by offloading TCP connection setup and tear-down operations from the Web server. The application security gateway terminates all inbound client connections and multiplexing them into a small set of persistent connections back to the Web server.
• Application cloaking: Prevents hackers from collecting sensitive information about a Web server, database, operating system, internal domain naming and the like. Multilayer cloaking denies hackers valuable information often gathered to exploit existing vulnerabilities.
• Application proxy: The bidirectional translation of URLs lets corporations publish user-friendly and consistent URLs regardless of the internal URL naming structure. For example, a bank can present its online customers with URLs such as www.mybank.com/checking when the internal URL being accessed is a long, cryptic string of characters.
• Defacement protection: Detects even the slightest change to a Web page and blocks the defaced page from being served to visitors.

Application security gateways provide a single integrated line of defense for HTML and XML applications, and eliminate multiple single-purpose devices to deliver faster application performance and lower management costs.