Educause Security Discussion mailing list archives
Web Security Gateway Appliances
From: Tim Lane <tlane () SCU EDU AU>
Date: Fri, 10 Aug 2007 11:45:09 +1000
Hello, at Southern Cross University we are assessing the overall use and take-up of web security appliances in the higher education industry. Web security appliances have evolved quite a bit over the past couple of years and increasingly offer a range of integrated services (see my list below) in one or more gateway appliances. Gartner ranks Blue Coat, Secure Computing and Ironport as leaders in the magic quadrant. I would be interested in getting feedback on the following questions: 1) Do you use one or more web security appliances? 2) If no are you currently evaluating the use of any? 3) If you do use an appliance which one/s and for what services? 4) Any general comments on effectiveness, issues, other thoughts etc Thanks, Tim Lane List of Web Security Gateway Appliance Services 1) URL Filtering - a gateway applied reputation scoring based system that evaluates URL requests against pre-established corporate policy and blocks for example, URL requests for porn, violence, hate etc sites, where these sites are already registered in a global database and updated to the gateway regularly as "blocked sites". 2) Web Reputation Technology - this type of system would update the websites database multiple times per day to track the known "bad" sites as well as the fly by night "put up and pull down sites". These types of systems are quite sophisticated today and on average content categories are around 50 with around 20-60 million registered web sites including a subset of 3.5 billion actual web pages 3) Web Based Malware Detection - this method again uses an appliance with a malware scanning engine that scans for web based malware (as opposed to virus detection) on web pages as they are loaded. Webroot Spysweeper (which has consistently ranked highly for years) is embedded in appliances and is used to detect spyware, cookies, hi-hjack ware, phishing, pharming attacks, Trojans and keyloggers as they appear on webpages. 4) Corporate Web Security Monitoring - a new trend has been for any frequently visited website (the Opera House website was recently attacked) to be attacked and infected such that when visitors go to the page they unwittingly download malicious code to their computer. Web security monitoring again uses an appliance to monitor, assess and report on activity occurring within your own corporate infrastructure, pretty much like doing a permanent web application vulnerability scan on your own web systems. 5) Reverse Proxy - servers are secure from direct Internet access whereby an intermediary is provided between web servers and Internet users. Some systems that provide reverse proxy will also perform content scanning for pages uploaded to detect malware or vulnerabilities. The function of the reverse proxy is basically to secure and can also accelerate web content. 6) SSL Protection - one of the key security issues with SSL is that content is hidden, so the bad along with the good is not transparent. Web based appliance solutions exist that terminate and then reinitiate SSL traffic to allow content inspection. 7) IM, P2P, Streaming and Skype Control - as some of these applications use bitTorent or router onion traffic techniques they can be very difficult to detect, also IM malware is increasing, web gateway solutions exist that specifically focus on these applications and scan for malware and apply policy based controls to ensure compliance. 8) Web 2.0 Proxying and Bandwidth Optimisation Management - web gateway solutions exist that optimise performance, caching, bandwidth management and compression.
Current thread:
- Web Security Gateway Appliances Tim Lane (Aug 09)