Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
IT Management Webcasts:
The Role of Security in IT Service Management

Preparing for an IT Audit

More Webcasts

Search EarthWeb Network

Be a Commerce Partner
Car Donations
Promos and Premiums
Promotional Products
KVM Switch over IP
Desktop Computers
Laptop Batteries
Compare Prices
Computer Hardware
Server Racks
Auto Insurance Quote
Baby Photo Contest
Data Center Solutions
Boat Donations

Linked Data Planet Conference & Expo

IT Management : Columns : Executive Tech: Immunize Your Servers Against Attack

Install What You Need with Windows Server 2008
Windows Server 2008 is Microsoft's most full-featured server operating system yet, so it's ironic that one of its most exciting new features is an install option that cuts out most of the other features. Paul Rubens explores why a Server Core installation makes a great deal of sense in many instances. »

Identify Hardware and Software That Meet Microsoft Standards
The "Certified for Windows. Server 2008" logo identifies hardware and software solutions that meet Microsoft standards for compatibility and best practices with the Windows Server 2008 operating system. »

Windows Server Catalog: Certified Hardware Devices
Search the Windows Server 2008 catalog to find solutions to deploy with confidence. »

Windows Server Catalog: Certfied Servers
Search the Windows Server 2008 catalog to find servers you can deploy with confidence. »

Download the Windows Server 2008 Trial
With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, provide a secure network infrastructure, and increase technological efficiency and value within your organization. »

Related Articles
Whitelists Battle for Market Share
Make Wireless Easier and More Secure
Phish This, You Scum
Security's 'Perfect Storm' Leaves IT Ragged
Getting at the Root of Security Problems
Proposals Offer Small Steps to Stop Spam
'Critical' Windows Hijack Flaw Reported
Never Install an Application to a PC Again
- ITSMWatch Newsletter -
Tech Focus: Security

Cybersecurity: Laws Only Go So Far

Mozilla Firefox vs. Internet Explorer: Which is Safer?

Is Your Blog Leaking Trade Secrets?

The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip?

Stopping Spammers at The Point of Sale

Product Watch
IOGEAR KVM - Includes Audio/Peripheral Sharing
Coverity Prevent / Coverity Thread Analyzer - Analyze Source Code For Defects, Security Vulnerabilities
USSD Series - SDRAM-Based Solid State Drives to 256 GB
UltraSMS - Send SMS From Your PC
Sentinel Sensors - Wi-Fi Based Temperature Monitoring Especially For Cold Storage

more products >>

Datamation Definitions
data mining
grid computing
network appliance
FREE Tech Newsletters

Whitepaper: Control Costs & Drive Agility in the Datacenter. Learn to control costs, improve business agility & remain secure & in compliance through dynamic infrastructure.

Immunize Your Servers Against Attack
June 7, 2004
By Brian Livingston

Brian Livingston A security company is shipping today a new software release that it claims will better protect your servers against hacker attacks — whether or not you've installed the latest patches from Microsoft.

Primary Response 2.2 is software you install on Windows NT, 2000, 2003, or Solaris servers. It "immunizes" your servers against undefined intrusions, the way the human body defends itself against biological viruses it's never seen before, according to its developer, Sana Security.

The basic security features of Primary Response 2.1, the software's previous version, have just been certified by ICSA Labs, an independent testing firm, according to a lab spokesperson. This is the first such certification given to a new kind of program known as host-based intrusion prevention systems or HIPS, according to Dr. Steven Hofmeyr, Sana's founder and chief scientist.

How Host-Based Protection Stands Out

The defenses provided by HIPS stand squarely between two older, better-known layers of enterprise security:

Network-Based Intrusion Prevention Systems (NIPS). A NIPS solution is typically a hardware appliance that's plugged in between a company's servers and the Internet. Such devices monitor network traffic and protect the servers from inappropriate packets, such as hacker attacks. NIPS, however, cannot protect applications that are running on individual PCs or defend against the behavior of insiders, which most intrusions are.

Client Security Defenses. If malware has come into the corporate environment via an e-mail attachment or a download from a malicious Web site that an employee visited, security software on the client machine (such as an antivirus program) might catch the problem. But software on users' desktops can't monitor hacker attacks that can bring down an entire server or cluster of servers.

HIPS To The Rescue. Host-based intrusion prevention systems, such as Primary Response, install on each server that you wish to protect. Sana Security's software observes the operation of every application that runs on each server. This builds up a baseline of which behaviors are "normal." The security software can then automatically halt activities that are abnormal, such as a hacker's attempt to exploit a buffer overrun in a server application.

From Response Time of 180 Days to Zero Days

The need for Primary Response, Hofmeyr said in a telephone interview, comes from the fact that software developers such as Microsoft can't patch their products fast enough to defend against all possible attacks:

Nimda and SQL Slammer. The Nimda and Slammer worms, which swept the Internet in September 2001 and January 2003, respectively, emerged approximately 120 and 180 days after Microsoft had posted patches for the Windows vulnerabilities involved. In hindsight, we might look back on the length of those grace periods as a relic of "the good old days."

Seven-Day Exploitation Times. Later in 2003, two different worms required only seven days to exploit Windows security holes. Microsoft had identified these flaws only a week earlier in bulletins named MS03-039 and MS03-049, Sana Security says. "The attackers are winning the race," Hofmeyr says in a white paper, The Case for Intrusion Prevention. This is because "in general, patching is a slow, risky process." Many large corporations can't or won't test and install patches on their mission-critical systems in only seven days.

The Zero-Day Nightmare. Although the worst-case scenario hasn't yet occurred, security researchers warn that "the big one" is coming. That means a hacker exploit that rapidly compromises network servers across the Internet before the software provider has made a patch available — a so-called zero-day exploit.

Now Patch Only Every Three Months

Primary Response would have stopped all of the worms I've mentioned above, and others, Hofmyer says, whether or not the applicable patches from Microsoft had been installed on the affected servers. "All these attacks use unchecked bounds and buffers, and we prevent that," he explains.

Installing a HIPS solution, unfortunately, doesn't eliminate the need for companies to also purchase NIPS and client-based security software. But corporations can save big bucks with HIPS by installing Microsoft patches only once every calendar quarter, instead of once a month or more, Hofmeyr says.

One Sana Security customer, a global financial services conglomerate, reportedly employs 21 full-time people dedicated to security patching in the U.S. alone and spends $1.5 million every time Microsoft releases a security bulletin. That's a chunk of change, especially when you consider that 18% of security patches across all vendors are faulty and must be revised, according to one study.


Unless you think your company can install all security patches instantly and predict all upcoming zero-day attacks perfectly, HIPS software looks like a new layer of security you'll need to have.

A Primary Response 2.2 installation consists of at least one "management server," which lists for $6,500, and one "agent" per server you wish to protect. Each agent lists for $1,700. Sana Software offers bundles at a lower cost.

The short list of competing, host-based intrusion-prevention software for you to consider includes Cisco Security Agent and Network Associates' McAfee Entercept.

May the immune system be with you.

Brian Livingston is the editor of and the co-author of Windows Vista Secrets and 10 other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Add to your favorites
Add to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed

Executive Tech Archives



Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: 7.0, Microsoft's Lucky Version?
Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Windows Server 2008
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
Downloads and eKits
Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live