Web hacks are a fact of life. There's no way to guarantee Web application security, given the increasing sophistication of intrusions and the continued use of inherently insecure programming languages, such as C and C++.
Most perimeter-based Web app security products require detailed knowledge of the application and its infrastructure, which translates into time-consuming, often cumbersome deployments. In stark contrast, the only information you need to put HIVE into action is contained in what first appears to be alarmingly scant documentation -- alarming until you see how well the product blocks Web based attacks with a minimum investment of time and effort.
Plan to spend only an hour to 90 minutes configuring HIVE for an individual enterprise application -- enough time to input app and network particulars, including site location, firewall information, account creation and audit controls.
While HIVE is easy to use, the technology under the hood, which Sentryware calls Context Authentication, is quite complex.
HIVE creates and manages secure application-layer tokens, which it injects into Web code for each proxied transaction to keep track of Web app security data during user sessions.
For example, a user's browser request for a HIVE-protected Web page will generate a token, which is placed in the application's response. Future requests to the application require HIVE tokens, which continuously change. HIVE analyzes each token for any human modifications to Web requests, such as cookie manipulation, and flags and disallows these changes through a series of internal algorithms. HIVE is unique in that it doesn't need to keep user state information in memory, or time out and synchronize session entries among various nodes.
Security managers can create and manage accounts and application preferences through HIVE's easy-to-use Web interface. It centrally manages, monitors and updates multiple appliances through its new management console, making HIVE a true enterprise-class product.
Since HIVE is an inline appliance, performance is critical. Each HIVE appliance can handle approximately 400 unencrypted HTTP or 150 HTTPS round-trip transactions per second. An SSL accelerator will boost that performance to 250 HTTPS transactions per second. Unless you're a pure-play Internet company, a few appliances should suffice.
HIVE works smoothly with all browsers, unlike some Web security proxies that continue to have issues supporting Netscape or Mozilla's Firefox.
Sentryware's HIVE is cool technology that works. It stops known attacks with an excellent level of confidence, and the enterprise management console reinforces this product's already strong value proposition.
About the author
James C. Foster (firstname.lastname@example.org) is deputy director of global security solution development at Computer Sciences Corp. He was technical advisor for Hacking the Code(Syngress, 2004) and lead author for the upcoming Advanced Security Code Development (Addison-Wesley, 2004 ) and The Ultimate Security Programmer's DeskRef (Syngress, 2004).
This review originally appeared in Information Security magazine.
This was first published in September 2005