 |
 
Frequently Asked Questions
Technology Overview
Argus security does not take the place of firewalls, encryption, or intrusion detection systems. Argus operating system level security augments and enhances your existing security architecture. You may find, however, that firewalls and IDS mechanisms become redundant and add to administrative complexity in many types of architectures, and that by securing your architecture with PitBull, you can eliminate your use of them. Argus security addresses security concerns that these and other mechanisms simply cannot. Most importantly, traditional security mechanisms operate only at the application level. This means that knowledgeable hackers can bypass these mechanisms through an attack on the operating system, for example, through buffer overflow or setuid0 exploits. Why do I need PitBull if I use PKI or SSL? Session encryption and communication security like SSL and PKI can protect privacy while information is in transit, but they cannot protect data residing on the servers themselves. Once the information has been transmitted and decrypted, the same information that was protected en route is now made vulnerable to attack while stored on the server. In the case of hard drive or full media encryption, the same problem exists with the encryption keys themselves. Consider a system in which encryption keys are machine generated 64-character strings. Cracking such encryption may seem a daunting task, but if a user can gain access to the file on the system where the strings (or the encryption algorithm) reside, the encryption scheme fails entirely. How easy is it for someone to actually gain control of my operating system? Browse the web and you will find countless sites boasting new and improved programs designed to gain nefarious root account access. Any amateur hacker need only execute one of these ready-made programs to attack your system. New methods are designed and conceived everyday - and that's only the information that the hacker community makes public. Imagine the damage that a sophisticated, professional, and determined hacker can do to a web server hosting a high value e-commerce system such as a bank or a successful on-line retail facility. What if an attacker breaks into my server? If an attacker manages to break into a PitBull-protected server, they will only have access to the specific component that was attacked. Because all other components on a system are isolated from each other a breach of the system creates a very limited scope of compromise. How does the PitBull security technology install on my existing system? Argus' unique architectural approach is based on a modular add-on to the commercial operating system and is intended to provide an appropriate level of security consistent with user requirements. Argus products install on top of standard commercial operating systems, such as Solaris from Sun Microsystems. Install scripts interlace the Argus security modules with the operating system itself. The products install as a 'package add' to a running system, so there is no need to replace the operating system as with other products of this type. Installing Argus software in no way alters or degrades the functionality of the commercial version of the OS. What about vendor patch compatibility? Can I install patches from the operating system vendor? The majority of vendor-released patches can be installed on an Argus system with no impact. However, in rare instances vendor patches may disable or otherwise interfere with security mechanisms implemented with the Argus software. In those special cases, Argus engineers will integrate the patch with the Argus software and release a separate patch to the system. Argus integrated patches are available free of charge to customers under a Maintenance and Support Agreement. What about application compatibility? Won't I have to reintegrate all my applications now? No. Argus maintains 100% compatibility with the standard operating system API, so there is no costly and time-consuming integration work to be performed. If your applications run on a standard, commercial operating system, they will run on an Argus-enhanced operating system without modification. Can I restrict access across multiple applications? Yes. While some trusted systems require administrators to run different applications on separate servers to maintain the security and integrity of their systems, Argus allows you to install several applications on a single machine. Because Argus supports multiple partitions, several applications can be hosted on a single-server. Argus' security design approach ensures that users are unable to exploit programming errors and bugs in one application to gain access to other data and resources on the system through another application. Why do I need PitBull security for my e-commerce web server? Experts agree that PitBull's operating system-level security is critical for e-commerce servers. Without securing the operating system of your mission-critical e-commerce server, you are significantly and unnecessarily placing yourself at risk. Traditional security mechanisms, while an important piece of an overall security architecture, are inadequate to secure e-commerce web servers when used alone. Once an attacker has gained legitimate access to your site (i.e., crossed the firewall), and authenticates themselves as a valid user of the system with a customer account password or PIN, they have virtually free access to your system and its connections to your internal network. These security mechanisms can only secure against access to the system. They have no control over what a user can or can not do on the system. Only OS-level security can provide this level of protection. Can PitBull be used to secure my application server as well as my web server? PitBull is also ideal for use in application servers. With its ability to isolate applications, PitBull can ensure that application bugs and programming errors can not be exploited to gain unauthorized access to data, system resources, or other applications. Each application can be hosted in its own partition, allowing flexibility in access management, while still maintaining high levels of security. PitBull is especially attractive for Application Services Providers who wish to mediate access to applications for their clients. Can PitBull be used to secure my informational website for read-only access? By placing web pages in a separate compartment with read only access, PitBull can ensure that hackers can not vandalize, remove, or otherwise modify your web pages. Web site vandalism is becoming increasingly frequent - one can read a news story of yet another site attack virtually every day. PitBull is the only way to ensure that web pages remain read-only, because the operating system enforces the security. Any other means can be circumvented by operating system level attacks. Can PitBull be used for more than I-banking or e-commerce? Absolutely! PitBull Foundation Suite is useful in any environment where critical services are being offered over the network. PitBull Foundation Suite is particularly well-suited for web based transaction servers but is also perfect for use in protecting other critical components such as electronic mail servers, DNS servers, directory services, informational web servers, and other mission critical services. How does PitBull protect my back-end systems from attack? PitBull allows administrators to virtually isolate applications, network connections, and system resources (i.e., administrative functions). By hosting the front-end web server in an isolated compartment from back-end network connections or other applications on the system (for instance, transaction processing applications, etc.), PitBull can ensure that no attacker from the Web can gain any access whatsoever to back-end systems or applications. PitBull also ensures the converse—that no person from the inside can send unauthorized information out via the Web interface. Batch processing models are no more secure than direct models, and such systems are vulnerable to the exact same security risks. Any system, accessible from the web and connected in any fashion, whether direct or batched, to internal networks, is at risk of exploit in any number of ways. For example, in a batch process model, users can send malicious commands to back-end servers that get processed along with other transaction instructions—commands that could install a backdoor or Trojan horse, or otherwise exploit back-end systems to gain root control. Additionally, a user could attack the web server, and open the batch connection to internal systems and networks to allow himself unlimited internal access. How does PitBull work when securing databases? PitBull allows administrators to set up their databases to exist in isolated partitions. Once these databases are isolated any attacks to other components on the system will not lead to access to the secured database. Isolation of on-system databases allows administrators to store critical information on a PitBull system without fear from compromise of the database from other system security holes such as cgi-bin exploits. How is security information tracked? Will I have to maintain complex databases and access tables? Argus does not employ performance-degrading, maintenance-intensive databases or access tables. Rather, Argus security mechanisms place security information directly on each protected resource. The security information associated with users of the system is also placed on each and every process launched by the user. This is done by the operating system itself. Security attributes placed on files, resources, and processes remain with the data so the security protections are enforced even if the resource is anyway modified, for example, by changing its name or moving its location.
|
 |
||||||||||||||
 |
||||||||||||||||
