While ports 80 and 443 (HTTP and HTTPS) are gradually being recognized as the holes of choice for application-level level attacks such as buffer overflow exploits, port 53, which handles DNS, is just as vulnerable and poorly protected, NetContinuum says.
In May, the company will deliver a free software upgrade for its NC-1000 that gives it the ability to inspect DNS messages as they enter and leave the data center. The appliance will be able to check traffic for integrity and conformity with the relevant RFCs.
Wes Wasson, VP of marketing at the company, said that the so-called ‘port 80 hole’ created by network firewalls allowing web traffic through is now well-known: A lot of people miss the fact that port 53 is another route of attack to get into the data center.
The NC-1000 appliance was released in November with the primary function of preventing port 80 attacks. The device sits between the firewall and web server, proxying for all TCP/IP sessions, terminating SSL, masking web servers from hackers’ scanners, and encrypting and signing web logs.
Wasson said that NetContinuum will next explore looking deeper into the protocols that are carried over HTTP – primarily SOAP, which is used in web services to transport XML. While there are already a number of firms offering SOAP security appliances, Wasson said he does not expect the market to kick off until the middle of 2004.
Source: Computerwire
