Teros-100 Gateway


2003 will go down in history as the year of the worm. We saw the Slammer, Sobig and Blaster worms, among others, spread throughout the Internet like wildfire, easily bypassing most security systems and causing widespread loss wherever they went. If the barrage of attacks in 2003 is a portent of what's to come in 2004, every solution provider has a responsibility to provide strong security to their customers.

Some companies survived the battering of 2003's Internet ills untouched by deploying the Teros APS-100 security appliance. The device proved to be one of the most effective security appliances on the market, offering adaptive technologies to combat activities found outside of any normal Web traffic. The unit, whose design is easy to understand, includes a host of security services, from protecting sensitive data to offering enforcement technologies to meet HIPAA guidelines. What's more, the unit is able to stop worm and denial-of-service attacks dead in their tracks.

The Teros-100 APS differs significantly from other security appliances and firewalls because it examines Internet traffic in both directions at the packet level, while performing realtime analysis for security problems. The unit's true strength is its ability to learn what normal Web traffic looks like and reject anything outside of it. The device examines data packets for items such as Social Security numbers, passwords, credit card numbers and other valuable information, foiling attackers looking for personal information.

The Teros-100 APS also protects applications and Web servers from defacement or other attacks. The unit can be trained to recognize acceptable traffic, preventing attacks that leverage security flaws such as buffer overflows. Teros offers frequent updates to help combat new attacks as they are discovered, although the unit's inherent learning mode may negate the need for updates after the unit is trained for normal traffic patterns.

Teros uses the HTML Interaction Model (HIM) process to control which traffic can pass from a browser to a Web server and vice versa. In the process, however, HIM can mistake some traffic as an attack, especially in cases when Web developers have implemented nonstandard programming techniques. Teros can compensate for this problem via its learning mode during setup, through which solution providers can trend and catalog both typical and atypical Web traffic. This knowledge is then used to fine-tune policies to protect the network.

The Teros-100 APS relies on five filtering methods to control all HTTP/HTTPS traffic: Input validation filtering checks that all incoming data is valid for every field on a defined form and blocks any inappropriate data; form consistency filtering further protects input forms from invalid data by comparing submitted data against acceptable data policies; buffer overflow protection prevents the all-too-common buffer overflow attack; hyperlink inspection checks for malformed or malicious HTTP requests; and the cookie-tampering filter prevents the acceptance of invalid cookies.

A 1U rack-mount device houses both the hardware and software, making the unit work as a network-edge security appliance. Under the hood, the unit runs a hardened version of the Linux kernel, which allows Teros flexibility when incorporating new features or capabilities. Although the device does not offer plug-and-play simplicity, network security-savvy integrators will still find initial deployment of the product straightforward.

Complexity of the setup rises in direct proportion to the complexity of the protected network and the number of applications and Web servers that must be protected. Solution providers should plan for product integration to occur over several days, creating security policies as trending data is gathered and protected applications are defined.

The unit can be implemented in many fashions, including acting as a gateway between the public Internet and the internal network. This style of implementation ensures that every incoming and outgoing packet is inspected for compliance with defined security policies, and it centralizes both management and response. One advantage to the gateway style of implementation is that all of a network's assets can be protected against new, yet-undefined threats. This gives administrators the luxury of validating application security patches before deployment.

The unit can also act as a reverse Internet proxy, which requires the unit to be installed directly in front of the Web or application server to be protected. This type of implementation allows multiple units to be distributed around the network for extremely busy sites. The unit boasts throughput reaching 40 Mbps, so only the busiest Web-connected networks may require multiple units. The unit's documentation, online help and technical support are second to none.

Although some may find the entry price of $25,000 a little a steep, the benefits offered to busy Web sites is clear. Considering the costs associated with lost business, Web site defacement or legislative requirements such as ensuring compliance with the California Law on SSN Confidentiality and HIPAA, the Teros-100 APS becomes a small price to pay for peace of mind.

Teros provides thorough presales and post-sales technical support, which helps to ease most integration challenges, along with joint sales calls and sales assistance from its direct and channel sales forces to help solution providers sell its product.

Basic technical support is available during business hours, and 24x7 Platinum-level support is available for a fee. The vendor also offers on-site and online sales training and on-site technical training by its systems engineers.

Solution providers will find that the Teros-100 APS offers complete protection for Web-based applications and Web servers from most any attack. The product's policies, filters, reporting and ease of management make the Teros-100 APS a must-have appliance for anyone looking to completely protect a company's Web assets.

Those considerations earned the AP-100 the 2003 Overall Product of the Year distinction from the CRN Test Center.

CHANNEL PROGRAM SNAPSHOTS
> TEROS-100 APS
PRICE: $25,000
AUTHORIZATION REQUIREMENTS: None
DISTRIBUTORS: Direct from vendor
COMPANY: Teros
Santa Clara, Calif.
(408) 850-0800
www.teros.com