Rise Of HTML5 Brings With It Security Risks

Upcoming Events

Are you caught between a desire for the benefits of the cloud and concerns about security and control? Then you should attend this insight-packed webinar to learn how private data networking technologies like MPLS IP-VPNs can address your concerns and allow you to safely and intelligently reap the savings, agility and other benefits associated with cloud computing.

Join us to hear top industry experts discuss the private data network technologies that are best suited for enterprise cloud access requirements. You won't want to miss this opportunity to learn how your organization can best mitigate risk while reaping the full potential benefits of the cloud.

Register Now!

Rise Of HTML5 Brings With It Security Risks

Posted by Robert Mullins
January 24, 2012

The fourth potential flaw relates to one of the HTML5's best features. The WebSocket API enables two-way communication over one transmission control protocol (TCP) socket. The Websocket.org web site uses the example of a stock ticker Web application to explain how WebSocket works. In a traditional HTTP designed browser, in order to display the most current price for a stock, the browser constantly pings the Web server for new information, a process called "polling." Because that wastes time and compute resources, WebSocket allows the web server to push the information out to the browser only when it has new information to share.

The feature, called asynchronous full duplex communication, drastically reduces the amount of unnecessary traffic between server and browser, says Bulman. In the example of the stock ticker app accessed by 10,000 end users in the experiment, the data traffic reduction ratio was 500 to 1.

The downside is that WebSocket disables a number of important network security tools. It takes over key network ports such as Port 80 that screen packets for any maladies and, in a WebSocket port, the packets lack the traditional headers that would be seen by a web application firewall to block suspicious packets. Reputation-based defenses also fail with WebSocket deployed.

Wedge Networks' solution to this dilemma is an approach it calls "deep content inspection," a feature, introduced in November 2011, of its WedgeOS operating system that powers its security appliances.

"We judge the content, the structure and the intent of the data in motion," says Hongwen Zhang, CEO of Wedge Networks.

Wedge offers a "unique architecture" to deliver high performance deep packet inspection, wrote Chenxi Wang, a Forrester analyst, in a report providing a market overview for the content security space for the third quarter of 2011.

"Using this deep content inspection engine, customers can conduct in-depth malware detection, DLP processing and content classification at line speed," Wang notes.

But Wedge competes with a number of well-known players in this space, including Cisco, Google, McAfee, Microsoft, Sophos and Symantec, among others, she said.

Learn more about Data Encryption by subscribing to Network Computing Pro Reports (free, registration required).

Page: « Previous Page | 1 | 2

More Insights


	To upload an avatar photo, first complete your Disqus profile. \| Please read our commenting policy.

Next Gen Network Reports

Is Hosted VoIP Right for You? 6 Must-Ask Questions

We outline six questions you must ask when deciding whether to move your telephony system to a hosted VoIP provider, including questions about reliability, branch survivability, E911 capability and whether you�re looking for additional collaboration services. We also outline how to price a hosted VoIP option.

Understanding Flat Networks

A flat network or fabric provides more paths through the network and can maximize bandwidth and better support a highly virtualized data center. We'll look at standards-based approaches to designing a flat network, including TRILL and SPB, as well as proprietary implementations. We'll also discuss the implications of moving to a flat network and provide guidance to help you decide if this approach is right for your data center.

3 Paths To Network Convergence

Separate data and storage networks might have been necessary when Fast Ethernet was pitted against speedy, special-purpose Fibre Channel, but Ethernet's evolution has obviated most of the performance differences. We'll examine the trends behind network convergence, share exclusive research, and outline three deployment scenarios for those who want to merge data and storage networks.

Long-Distance LAN

Connecting two data centers for always-on applications is a tricky business. Perhaps the most critical decision is how to link themL keeping the application and virtualization software synchronized requires very low latency between the two data centers.We walk you through the challenges and evaluate the pros and cons of solutions such as VPLS and MLAG, as well dark fiber and dense wave division multiplexing.

Networking In A Virtualized World

Virtualization is rapidly evolving into a core element of next-generation data centers. This expanded role places new strains on the network. This report explore the technical issues exposed by virtualized infrastructure and looks at standards, technologies and best practices that can make your network ready to support virtualization.

Premium Content

Plan Now for the Hyperconverged Enterprise Network

In this Gartner report, industry analysts explain why changes in the business and application environment will result in up to 80% of end-user traffic moving to the WAN by 2014. This is a significant change to the old rule of thumb that 80% of traffic will stay within the enterprise LAN, and it means that network design is facing radical new requirements for network connectivity and performance. Find out how enterprises can modernize their network planning processes across IT groups to ensure they continue to meet business and end-user needs.

Infographic: Forces Disrupting the Network

Big data, mobile computing, social media and cloud computing are massively disrupting the network. Get the facts in this infographic.

Building for the Next Billion: What the New World of Business Means for the Network

Download research from Forrester Consulting to learn new approaches to network design, infrastructure and management. Find out how to transform your network into an Intelligent WAN that will help ensure your ability to meet IT challenges now and in the future.

Video: Wine.com Uncorks Network Bottleneck with MPLS

Watch how consolidating networking services with XO MPLS IP-VPN has given Wine.com a more scalable network that provides faster data speeds, prioritizes business-critical data, and delivers improved cost-efficiencies by converging voice and data traffic over a single IP network infrastructure.

Choosing the Right Ethernet Solution for Your WAN

Many enterprises are extending Ethernet to the WAN. Learn about drivers for adoption, benefits, the technology behind Ethernet services in the WAN, and how to evaluate the best service provider for your business.

Research and Reports

FEATURED RESEARCH

State of Server Technology

FEATURED STRATEGY

The Long-Distance LAN

Register for Network Computing Pro

Find hundreds of reports featuring research from your peers, and best practices from top IT pros.

Video

Network Computingwww.networkcomputing.com

Upcoming Events

A Network Computing Webinar:
Avoiding Downtime: How Virtualization Can Help In Times of Trouble

June 12, 2013
11:00 AM PT / 2:00 PM ET

Subscribe to Newsletter

Vendor NewsFeed

Rise Of HTML5 Brings With It Security Risks

Posted by Robert Mullins
January 24, 2012