Lock out Web hackers

Contrary to common wisdom, Fortune 500 companies and other high-profile organizations aren’t the only targets of Web site vandals. Indeed, for most hackers, any Web server will do, as long as it’s vulnerable to script kiddie mischief, DoS (denial of service) attacks, and other forms of business-threatening destruction.

In fact, smaller companies are sometimes more at risk. Large organizations usually implement sophisticated security solutions to protect their Web servers, so hackers are turning to the generally less-secure servers of small to midsize shops. So indifferent are these miscreants to whom they attack that they often scan ranges of IP addresses, hunting for vulnerable servers and targeting the least secure potential victim they find.

Thus it is no longer safe for small companies to house Web servers on internal networks and rely on mere firewalls for protection. And because port 80 must be open to allow regular business traffic, even the most obviously malicious requests will often sail through your firewall unchallenged.

With the release of AppLock/Web 1.0.1, WatchGuard Technologies Inc. aids vulnerable midsize shops that have neither the budget nor the manpower to implement high-end security solutions. Cost-effective and easily administered, AppLock sits on your Web server and blocks unauthorized access to system files and registry entries, keeping your e-business data safe and your Web site unmolested.

Because AppLock provides neither centralized management nor high-end reporting capabilities, it is not appropriate for organizations with 15 or more Web servers. Larger companies should consider a more enterprise-driven security solution such as those offered by Entercept Security Technologies Inc.

That said, AppLock defends Web servers with Herculean might, protecting midsize shops from the wiliest of viruses and earning a score of Consider.

AppLock automatically protects more than 200 file extensions, including HTML, GIF, Flash, ASP (Active Server Pages), and CGI. Any new or additional file types or directories can be added through the product’s Protections menu.

System hardware requirements are fairly minimal. AppLock needs just 6MB of hard drive space and 256MB of RAM. In addition, AppLock expends very little system overhead; we experienced no slowdowns or poor response times during our testing.

We installed AppLock on an unpatched IIS (Internet Information Server) running Windows 2000, and the process took us less than five minutes. Administration was also a breeze, requiring only a single-click to switch the product between its two modes – locked and unlocked.

A Key Limitation For Large Shops

When you lock down a Web server with AppLock/Web, the server is completely protected. But if you need to make adjustments of any kind to your Web site, including updating content or adding files, you must unlock your server, leaving it vulnerable to attack.

WatchGuard recommends taking the server offline while making such adjustments, which, of course, is not operationally or financially viable for most organizations. We would like to see future releases of AppLock allow authorized users to perform critical updates to the server, while keeping it locked to everyone else.

When locked, AppLock is practically impenetrable. We launched several mock attacks at our locked server, including the Unicode attack and Nimda worm, and also attempted to add, delete, and modify Web site files and registry entries. AppLock thwarted each of these offensives without a hitch.

To lock and unlock the server, AppLock needs at least a seven-character password with at least one uppercase letter, one lowercase letter, one number, and one special character. But because passwords are easily cracked, we would feel safer with additional authentication methods, such as biometrics, smart cards, or digital certificates.

The Windows Event Log and Systems Event Log record any changes to AppLock’s protection status and access attempts to protected files, which allows administrators to track attempted attacks against their system. Companies can use this information to trace attacks to their source, block certain IP addresses at the router level, and prevent attackers from continuing to target their systems.

But we would like to see a logging component to generate reports that detail trends such as which system files are most frequently attacked and how. In addition to arming administrators with crucial intelligence, these reports could also indicate whether additional or more diverse security measures are needed.

AppLock/Web 1.0.1 is clearly not for everyone. Midsize companies that want to maintain Web site integrity and inspire customer confidence – and are not required to keep a Web server running every minute of the day – should give AppLock a close look. At US$595, the product is well worth its price and could potentially save your company from an embarrassing, costly, and possibly irrevocable attack.


WatchGuard AppLock/Web 1.0.1

Business Case: AppLock/Web 1.0.1 provides lockdown protection for Microsoft IIS Web servers, saving time, resources, and money. But because site updates require Web servers to be unlocked, AppLock may be unsuitable for large enterprises.

Technology Case: The server security provided by AppLock/Web is excellent and requires little day-to-day administration. Integration with Windows’ event logging utility is cumbersome.


+ Easy to install and configure

+ Cost-effective

+ Single-click administration


– May not be appropriate for large enterprises

– No centralized management

– Limited reporting capabilities

Cost: US$595 per server

Platform(s): Windows NT/2000

Company: WatchGuard Technologies; http://www.watchguard.com

Contributing Editor Mandy Andress is a network security engineer at Tivo. E-mail her atmandy@arcsec.com.