Startup aims to safeguard Web servers

Start-up MagniFire WebSystems Inc. recently unveiled TrafficShield 2.0, an updated version of its application firewall that the company says will help customers prevent break-ins into Web servers.

TrafficShield 2.0 will add a number of new defences, including the ability to block hackers attempts to change their ID and privileges after authentication – known as dynamic-parameter tampering. The package also can prevent database harvesting, an attack using automated scripts to slowly extract information or cause a denial-of-service attack.

TrafficShield 2.0, which supports 100Mbps or Gigabit Ethernet connections, is typically installed as a reverse proxy in front of the HTTP-based Web servers to be protected, either in a data centre or behind the firewall. TrafficShield can block known Web worms and unidentified worms based on suspicious activity.

It can block an attack known as “forceful browsing” in which a hacker turns to input-related tricks from a browser to gain illegal access to Web content through invalid input. TrafficShield also detects other trickery, such as cookie poisoning, hidden-field manipulation and stealth commanding, such as SQL injection.

The appliance monitors the Web site to detect changes and analyzes the changes to suggest policy-update recommendations, which can either be applied automatically or with administrative approval.

“We have an automatic process that’s like a crawler that goes over the application to understand the JavaScripts and applets, looking at flow parameters,” says MagniFire CEO Eitan Bauch. “Every day you add a line of code you open yourself up to new vulnerabilities.” However, TrafficShield can’t monitor traffic when VPNs are used to access the internal network and applications directly.

At least one user was impressed with TrafficShield’s ease of use.

“The first day we installed the product, we were able to see a graphic display of our entire Web application. It was amazing. We could see every entry point, every legal user interaction for the first time. Our developers were very impressed by that,” says Elbling Zvi, infrastructure and technology manager at Bank of Jerusalem, which has used TrafficShield since January to protect an online banking application.

With its research and development roots in Israel, MagniFire sold the first version of TrafficShield mainly to Israeli and European corporations, but with an office now in New York, the start-up is prepared to market the US$25,000 TrafficShield 2.0 to North American customers as well, Bauch says.

MagniFire competes against Kavado Inc., NetContinuum Inc., Sanctum Inc. and Teros Inc. in the application firewall arena. Some customers using the MagniFire appliance say it can be somewhat easier to configure a security policy because it has a spidering mechanism to “map” the application it is intended to protect.