Check Point offers multi-layer app security

Scheduled for a 3 June Australian release, Check Point Next Generation with Application Intelligence blocks malicious data, controls hazardous application operations and validates compliance to pre-determined standards and expected usage protocols by forcing traffic through a multilayer security gateway, the company claims.

Scott Ferguson, regional director for Check Point in Australia and New Zealand, said the Application Intelligence feature was effective against worms and threats that have previously wreaked global IT havoc - such as Code Red, Nimda, SQL Slammer, HTTP encoding attacks, FTP bounce attacks, malicious URLs and directory traversal.

"Most firewalls cannot defeat application attacks. They are designed for network-level access control [and have] security policies permitting traffic to vulnerable applications," he said. "Microsoft talks a lot about security, they're a great operating system and application company ... yet the Microsoft development environment was brought down by SQL Slammer in January."

He said popular applications such as email, AOL Instant Messaging and Voice-over IP (VoIP) were some of the most vulnerable features of a system. A related increase in application-based attacks versus network attacks meant businesses were increasingly seeking ways to protect IT apps.

"A survey quoted at AUSCert found that in the last 12 months, 91 per cent of attacks came from outside the network. Consequential costs to companies [from such attacks] have tripled in the last 12 months," Ferguson said. "[For example] VoIP is a great technology, but it's vulnerable. The cost of losing your telephone availability as a business is huge."

Check Point's new software offered a single security policy, integrated audit logs and reporting via a single point of enforcement. Companies could save 200-300 per cent on TCO buying Check Point instead of several complementary products requiring multiple management processes, Ferguson said.

Umar Göldeli, an Universal Defence IT security consultant and former hacker, said network-based attacks until just recently comprised most security attacks. Today, however, threats increasingly targeted the application layer.

"Application layer attacks effectively bypass all firewalls and network-based security," he said. Yet many application protocols were not designed for the purpose for which they were currently being used, and were retrofitted with functionality. Programmer error added to the problem, with the cumulative effect being that application-based attacks were often easier to launch than some types of network attack.

"While a firewall can block strange network requests, there is nothing that differentiates between semantic malice [in the code] and a valid request ... After all, the firewall is doing what it is being told to do, allow anybody network access to the application," Göldeli said.

He said hackers could even 'jump' directly to a service's database backend through the web interface. "Remember, the web server already has direct access to the database," Göldeli said.

Tim Smith, national business continuity manager for Alphawest, said the concern for businesses was that they could be held legally liable for such attacks, if they could be shown to have failed to perform due care and due diligence in IT security matters.

New legislation, such as the Victorian CyberCrime Act, stipulated strict penalties, including fines and gaol terms, for companies or individuals found to be in breach of best practice or without good faith in the best interests of the company.

"And lawyers usually come after the one with the money - the company," Smith said.