Network Computingwww.networkcomputing.com

If completely disabling the offending login isn't enough, WebStalker Pro can also restart your Web server when Web server stability may be in jeopardy. WebStalker Pro also watches anyone who tries to shut down your server, stopping them in their tracks. Solaris has the ability to audit the actions of every user on its system, and WebStalker Pro monitors that and bases its actions on what it finds. If a user accesses a file he or she should not, WebStalker Pro responds.

Intruders are not the only security problem Web server administrators face. Valid users often misuse their access to perform undesired actions on your Web server. When we accessed a file or directory that we were not granted access to, WebStalker Pro alerted us and performed the actions we configured (including notifying the administrator by e-mail). We loved the flexibility of response options given to the administrator when sensitive areas of the server were accessed illegally. WebStalker Pro also offers "jumper protection" (see "Warning Signs for Proactive Systems," on page 97).

We were pleased that Haystack Labs' WebStalker Pro let us enforce rules based on the day of the week, in conjunction with monitoring abilities. We set separate rules for weekdays, weeknights and weekends. This range of options let us set special night rules, when most people are not--or should not be--work ing. These rules can be combined with additional administrator notif ications to send alerts of suspicious employee activity quickly and effectively. Neither Trusted Web nor Gauntlet ForceField offered us this functionality.

On the down side, WebStalker Pro's underdeveloped encryption and authentication did not impress us. Unlike Trusted Web, which has support for strong encryption and authentication features, such as one-time pads, WebStalker Pro relies on normal Unix crypt-style passwords for authentication. This dependency becomes a problem if you are accessing WebStalker Pro over a network, especially an insecure one.

Without strong authentication, a simple packet monitor swipes your passwords while they are on their way from your administrative Web browser to WebStalker Pro, easily compromising security. Thieves could then use their Web browser and change your server settings, turning off essential notification mechanisms.

WebStalker Pro offers no encryption capabilities, which are extremely important if you are administering your Web server over a network. Sin ce Haystack Labs' product does not support strong authentication and encryption abilities, you should administer WebStalker Pro locally and not from a remote machine. Your security is incomplete if you are administering your Web server over a network.

Siemens Nixdorf Information Systems Ltd. Trusted Web
What Siemens Nixdorf's Trusted Web lacks in proactive response, it makes up for with defense, helping it earn an Honorable Mention award. Developed in Ireland, Trusted Web is not subject to U.S. export regulations on encryption technology, which Siemens Nixdorf uses to its distinct advantage. Trusted Web also offers a secure method that confirms user identifications, even though clients can use any HTTP browser to administer the system. Much like Trusted Information Systems' Gauntlet ForceField, Trusted Web offers more up-front protection when logging into t he Web server.

Trusted Web, as well as Gauntlet ForceField, does not offer any proactive features, such as activity and file-access monitoring.

In the lab, we noticed that Trusted Web addresses its security from a different perspective, relying on a larger and stronger role-based security system. In a role-based security system, every user on your system is defined by a role and is permitted access based on that role.

While we found that the roles within Trusted Web often function much like access control lists (ACLs) for Unix groups, it is more comprehensive and covers all of a user's abilities. Since roles rarely change, placing people into them is simplified and administration is reduced.