For a complete interactive demonstration on how PitBull secures not only web hosting, but also application hosting and PKI architectures, visit our Interactive Demos section.

Figure 1 represents a simple web hosting architecture. Incoming packets from the Internet are handled by the web server application, which accesses and reads the requested web pages. If a URL contains a CGI script, the packet is sent along to the CGI daemon, which accesses the requested script.

Commercial web server applications and CGI daemons are known to have exploitable holes and are often targets for attack. Hackers commonly "break" CGI daemons to gain access to system- level functions and perform any number of malicious operations, such as altering or defacing the web pages on the server, or launching attacks at mission-critical back-end systems. Since the web server is based upon a non-trusted platform, the entire architecture is exposed to serious risks.

When PitBull Foundation and PitBull Foundation Suite are installed (figure 2), PitBull's Advanced Secure Networking (ASN) component assigns an incoming http packet a security label based on the incoming network interface and any applicable host rules. The web server application, administration application, and CGI daemon are each isolated in separate security compartments. CGI scripts and web pages are isolated in separate "read-only" compartments for increased levels of security. PitBull's Secure Communications Enforcer (SCE) then routes the incoming packet to the requested web server. The SCE is the only mechanism which is able to route incoming packets to isolated compartments.

The Security Gate mediates communication between the web server application and the CGI daemon and its scripts. The Security Gate is tightly integrated with the operating system, and will only allow limited, secure communication between applications or utilities operating in separate compartments. If a hacker exploits a hole in either the web server application or CGI daemon, the packet is trapped in its own security compartment and cannot gain access to other compartments to alter files or perform other malicious tasks. PitBull stops the attacker in his tracks.

PitBull solves the dilemma of being open for e-business and yet maintaining absolute security. It is ideal for securing the following application areas:

Including applications such as online banking, online stock trading, insurance and mortgage applications.

Multiple web servers can now be run on a single system to accelerate ROI. PitBull also provides the ability to launch highly-secure hosting services that can be offered at a premium to security-conscious customers.

PitBull's compartments and differentiated access allow multiple customers and suppliers to access the same server in total isolation from each other for purchasing, quotations, inventory checks, or even accessing individual contracts and trading terms.

Patient data can be safely put online. Differentiated access can be configured for different groups such as doctors, nurses and administrators. Medical insurance organizations can also access patient data and integrate it with their client databases.

Numerous services and sensitive data can be delivered online without risk.

Innovative Security Systems is a specialty developer of Internet security software for the e-business market. It is the world's only multi-platform vendor of Trusted Operating System software and has the world's largest & most experienced development team dedicated to this technology. Established in 1993 in Champaign, Illinois, Argus has offices covering the US, Europe, the Middle East and Asia, together with partnerships with leading developers and integrators of e-commerce software and integration services. Many of the world's most serious security practitioners have chosen Argus to protect their most critical e-business servers, including such companies as Credit Suisse, Union Bank of Switzerland, Chase Manhattan Bank, ABN AMRO Bank and Pilot Network Services.