LSLI Home News Products Support Contact Us About Us

Webgate Plus™

Webgate Plus is a Web Application Protection System (APS) Designed to Secure Web Servers and Related Applications.

Highlights

  • Protects Web Servers from attacks mounted by dedicated, highly skilled and well funded groups and individuals.
  • Designed for High Availability (99.999%) mission critical environments
  • All HTTP and HTTPS commands examined; valid requests permitted, invalid requests and attacks blocked
  • Offloads SSL processing from busy web servers
  • Protects against unauthorized modification or destruction of content
  • Defends against denial of service attacks
  • Secure remote administration includes secure web server administration
  • Workload balancing allows a group of web servers to act as one
  • Logs all WWW access in several formats including Common Log Format with extensions and WebTrends format, integrated reporting tool
  • Unequaled scalability and performance supporting more than 4 Gbps throughput for non-SSL traffic and more than 658 Mps throughput for SSL traffic using a single system.

Introduction

Many organizations are deploying web servers on the Internet to engage in e-commerce or to provide clients or staff with the ability to receive information or to update data bases. Devastating attacks against these web servers are escalating. Attacks include denial of service attacks, unauthorized modification or destruction of data and theft of confidential information such as credit card or health data.

Webgate Plus offers the most secure protection for web servers available today. Webgate Plus is unequaled in terms of security, performance and availability.

If properly designed and configured, firewalls block unauthorized network level access to server systems. However, the most damaging attacks are those that exploit weaknesses in the application server or the applications that run on the server. These types of attacks pass through the best of the stateful packet filters and the majority of application proxy firewalls. The use of encryption algorithms such as used by SSL provide security for data in transit over public networks such as the Internet but do nothing to protect the applications running on the web servers.

Most web application developers do not have the time or expertise to develop applications that are resistant to determined attackers. Even the largest software firms have done a poor job in securing their web server software. As a result, there seems to be a never ending list of new security alerts followed by a never ending list of patches that must be applied to web sever software and applications.

Webgate Plus is specifically designed to recognize and block attacks directed at web servers and their applications.

Security

Webgate Plus is an advanced application protection system (APS) designed to secure HTTP and SSL connections. Webgate Plus examines all HTTP and HTTPS commands and permits valid requests while blocking invalid requests and attacks. Webgate Plus uses an advanced pattern recognition engine that detects and blocks hundreds of attacks that exploit web server and web application weaknesses. For example, Webgate Plus:

  • blocks buffer overflow attacks that can result in Denial of Service (DoS) attacks or the installation and execution of attack programs.
  • blocks attacks that exploit published vulnerabilities in web servers and application servers
  • prevents insertion of Trojan horses that cause web applications to issue unintended commands.
  • prevents exploitation of mis-configured servers and sever applications

Detailed examination of inbound commands and data permits Webgate Plus to detect and block application level attacks which pass through the best of the stateful packet filters and most proxy based firewalls. Webgate Plus also provides better network level defenses than those found in Stateful Packet Filters. Webgate Plus deactivates IP packet forwarding eliminating direct IP connectivity between the Internet and the web server. The only way to communicate from the Internet to the web server is through Webgate Plus. This prevents low level network attacks from reaching the web server. Webgate Plus defends against multiple types of denial of Service attacks including but not limited to SYN Flood, Ping-of-Death, Teardrop2, Named Buffer Overflow, MS Exchange and Netscape Mail Server Buffer over runs, BackOrfice, Smurf Attacks, BlueButton and others. Attacks that exploit low level operating system features do not get past Webgate Plus.

Webgate Plus permits connections to the web server using explicitly defined ports and IP addresses. Access to other ports are denied unless explicitly permitted.

Webgate Plus provides secure remote administration of the web server with strong user authentication and encrypted data streams. This allows administrators to maintain the web content from a remote location without the risk of an unauthorized intrusion.

SSL

Webgate Plus supports three methods of handling SSL traffic.

SSL Offload Webgate Plus uses SSL to encode/decode traffic between the client and proxy. Traffic between Webgate Plus and the server is in clear text. This offloads encryption from busy web servers. A cryptographic coprocessor is available to enhance SSL performance. System are available that can support more than 650 Mbps SSL throughput.

SSL Parsing Webgate Plus uses SSL to encode/decode traffic between the client and the proxy as well as between the proxy and the server. This allows Webgate Plus to examine the HTTP traffic permitting full logging and detection and blocking of web based attacks.

SSL Tunneling SSL tunneling passes the encrypted data between the client and the sever. Since the data stream is not decrypted the commands are not examined by Webgate Plus preventing inspection and logging. Basic connection information including date and time, the clients IP address and the number of bytes processed is logged.

Performance

Webgate Plus provides high speed, load sharing and load balancing in a transparent manner to one or more web servers. Hardware configurations are available to support any throughput requirement. Webgate Plus achieves unparalleled performance by eliminating 90% of the systems overhead found in most application proxies and by fully exploiting the performance advantages of multiple processor systems. Its distributed architecture provides linear scalability by load sharing between clusters of SMP machines.

Below are some examples of performance data.

  Proccessor    
Model
Num
GHz
Type
Mbps
Ops/Sec

Webgate Plus-ESp630
4
1.45
Power4+
2292 w/No SSL
19,300
Webgate Plus-ESp630
4
1.45
Power4+
657 w/SSL
5,464
Webgate Plus-ESx335
2
3.0
Xeon
1710 w/No SSL
14,300
Webgate Plus-ESx335
2
3.0
Xeon
458 w/SSL
3,819

Workload Balancing

Webgate Plus can be configured to load balance the workload across multiple web servers allowing intelligent distribution of incoming requests across the servers. Since all connections are session based there is no confusion regarding which network Interface is used to return packets. A higher percentage of the workload can be dispatched to the fastest web servers. Should a server get overly busy or completely fail Webgate Plus will temporarily stop dispatching work to the slow/dead server. It will automatically detect when a failed web server comes back on-line and will immediately begin dispatching work to it. One can dynamically increase total web server capacity with non-disruptive addition of new web servers or new Webgate Plus nodes.

High Availability

Webgate Plus is designed to support mission critical applications where a disruption in service will have a measurable security impact to the organization. With the cost of an outage varying from a few hundred dollars per minute to thousands of dollars per minute it is essential that a web security system be designed to operate without disruption for extended periods of time. Mission critical applications require the use of a high availability product. Webgate Plus is the first application protection system designed to support mission critical applications and can be configured to deliver unprecedented 99.999% availability. Unlike other solutions Webgate Plus has a true high availability architecture.

Webgate Plus is designed to be more reliable than the web servers it is protecting. Webgate Plus systems provide fault detection, fault isolation and automatic recovery. The high degree of fault tolerance assures very high availability, data integrity and security. Systems can be configured with multiple levels of hardware and software redundancy to meet the organization's availability requirements.

Webgate Plus is designed to detect, report and isolate errors to prevent error propagation to other functions. There are multiple levels of functional recovery routines designed to automatically recover from software failures.

Multiple nodes can be configured as load sharing hot backups of each other. The work load can be evenly distributed between multiple firewall nodes minimizing overall system response times. This can also be used to even the workload for a cluster of web servers. Each node monitors its partner and can automatically takeover its functions in the event of a failure. Since all the nodes are actively sharing the workload the unscheduled outage of a node will be picked up by another node that has been in active use. There are no surprises caused by switching a production workload to a system that has been idle backup.

Webgate Plus-ES (Embedded System) is designed to support High Availability (99.999%) for mission critical applications. This requires a fault tolerant architecture that incorporates both hardware and software error detection, error reporting, fault isolation and recovery. Advanced memory architecture virtually eliminates system outages due to memory failures.

Logging

Webgate Plus provides a complete log of all web operations. The HTTP access log can be written in several standard formats including Common Log Format plus extensions or in the WebTrendsMultiHomed format. The extensions are appended to the CFL and include Agent and Referrer information. Records can also be written using CLF and Virtual Host information making it easier to process the logs for virtual hosts. Third party web analysis tools such as analog and WebTrends can process the http access log. A built-in real time monitor shows the number of concurrent connections, the transaction rates and data rates.

The HTTP access logs can be written in real-time to another system and used for real-time analysis. With a multi-node Webgate Plus system all the log information can be consolidated onto a single machine for real-time analysis. To improve efficiency the Plog daemon buffers log entries before sending them to the log analysis machine. This utility is essential for large scale web sites that produce large quantities of log data. It runs more than 10 times faster than other web analysis products such as WebTrends. Large logs that take WebTrends hours to process can be analyzed in a few minutes with our Smart Web Analysis tool. The HTTP Log Analysis program can process log data at a rate of more than 5 MB per second!

A web log analysis tool is included that produces up to 32 reports allowing you to analyze how the Internet community is using your web server. The HTTP reports can be generated either in HTML, Delimited Text or plain text.

Non-standard traffic including errors and attacks are logged in the syslog. Alerts are issued when attacks are identified and blocked.

Management

Most administrative tasks can be completely automated minimizing administrative overhead. Reports can be automatically generated and mailed to the appropriate administrators and managers. There are GUI interfaces for systems administration and for administering the access control rules. A GUI utility is available for secure remote administration. Security is maintained through the use of strong user authentication and an encrypted data stream. Changes to the access control rules, configuration information, including NIC IP addresses, can be made in a non-disruptive manner while the system is running. Use of single level store and buffered writes to contiguous storage minimize disk fragmentation eliminating the need to defragment disk space. The Volume manger allows dynamic extensions to the file system without disrupting on-going operations.

Webgate Plus is a complete security solution and does not require another firewall to secure the web servers. However, Webgate Plus is compatible with firewalls and workload balancers.

Webgate Plus is available on a CD and ships with a policy data base containing pre-defined attack patterns. Included with each license is a one year subscription for automatic updates of attack signatures. Webgate Plus is supported by AIX, Solaris and Linux operating systems. Webgate Plus is licensed by the number of concurrent connections you wish to support.

Webgate Plus is available as a turnkey solution for your business incorporating state of the art hardware.
Home | News | Products | Services | Support | Contact Us | About Us

PORTUS is a registered trademark of Livermore Software Laboratories, Inc.
This website and its content © 1993-2005 Livermore Software Laboratories, Inc.