[unisog] Web Security Gateway Appliances

Tim Lane tlane at scu.edu.au
Fri Aug 10 01:45:09 GMT 2007



at Southern Cross University we are assessing the overall use and take-up of
web security appliances in the higher education industry.  Web security
appliances have evolved quite a bit over the past couple of years and
increasingly offer a range of integrated services (see my list below) in one
or more gateway appliances.  Gartner ranks Blue Coat, Secure Computing and
Ironport as leaders in the magic quadrant.


I would be interested in getting feedback on the following questions:


1)       Do you use one or more web security appliances?

2)       If no are you currently evaluating the use of any? 

3)       If you do use an appliance which one/s and for what services?

4)       Any general comments on effectiveness, issues, other thoughts etc




Tim Lane



List of Web Security Gateway Appliance Services


1)       URL Filtering - a gateway applied reputation scoring based system
that evaluates URL requests against pre-established corporate policy and
blocks for example, URL requests for porn, violence, hate etc sites, where
these sites are already registered in a global database and updated to the
gateway regularly as "blocked sites".  


2)       Web Reputation Technology - this type of system would update the
websites database multiple times per day to track the known "bad" sites as
well as the fly by night "put up and pull down sites".  These types of
systems are quite sophisticated today and on average content categories are
around 50 with around 20-60 million registered web sites including a subset
of 3.5 billion actual web pages


3)       Web Based Malware Detection - this method again uses an appliance
with a malware scanning engine that scans for web based malware (as opposed
to virus detection) on web pages as they are loaded.  Webroot Spysweeper
(which has consistently ranked highly for years) is embedded in appliances
and is used to detect spyware, cookies, hi-hjack ware, phishing, pharming
attacks, Trojans and keyloggers as they appear on webpages.  


4)       Corporate Web Security Monitoring - a new trend has been for any
frequently visited website (the Opera House website was recently attacked)
to be attacked and infected such that when visitors go to the page they
unwittingly download malicious code to their computer.  Web security
monitoring again uses an appliance to monitor, assess and report on activity
occurring within your own corporate infrastructure, pretty much like doing a
permanent web application vulnerability scan on your own web systems.


5)       Reverse Proxy - servers are secure from direct Internet access
whereby an intermediary is provided between web servers and Internet users.
Some systems that provide reverse proxy will also perform content scanning
for pages uploaded to detect malware or vulnerabilities.  The function of
the reverse proxy is basically to secure and can also accelerate web


6)       SSL Protection - one of the key security issues with SSL is that
content is hidden, so the bad along with the good is not transparent.  Web
based appliance solutions exist that terminate and then reinitiate SSL
traffic to allow content inspection.


7)       IM, P2P, Streaming and Skype Control - as some of these
applications use bitTorent or router onion traffic techniques they can be
very difficult to detect, also IM malware is increasing, web gateway
solutions exist that specifically focus on these applications and scan for
malware and apply policy based controls to ensure compliance.


8)       Web 2.0 Proxying and Bandwidth Optimisation Management - web
gateway solutions exist that optimise performance, caching, bandwidth
management and compression.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20070810/2f578cd3/attachment.htm 

More information about the unisog mailing list