WebStalker Pro

Guard access to your Web

With the popularity of the Web, attacks on your Web site are inevitable. Firewalls can't protect you--they only filter packets at the IP port level or limit access to certain IP addresses. (This restriction is not helpful if your company is running a Web site to market its products.) With these limitations, you might wonder if a product exists to protect your Web site. WebStalker-Pro from Trusted Information Systems is a product you'll want to consider.

WebStalker-Pro is a security monitoring and response system that monitors your Web site and automatically notifies you about security breaches and other invalid attempts to access your Web site. WebStalker-Pro lets you create a security policy for your Web site, and it monitors this policy. When the software detects deviations, it notifies you via pager, email, event log, or report file.

The software monitors many types of attacks on your Web server. These attacks include illegal logons; attempts to access your systems administrator account, replace images or text in your documents, shut down your Web server, or tamper with WebStalker-Pro; and access-jump attempts, in which users try to access more insecure systems from your Web server.

Before you install the software, you must have your Web server installed and operational. WebStalker-Pro supports only Microsoft Internet Information Server (IIS) 2.0 or later on Windows NT 4.0, Netscape FastTrack Server 2.0 or later, Netscape Enterprise Server 2.0 or later, and O'Reilly's WebSite Professional 1.1f or later. For full functionality, you must use WebStalker-Pro only on NTFS-formatted drives. The software will work with FAT-formatted drives, but it can't detect changes that the other users make to your server's files.

Installing WebStalker-Pro takes a fair amount of time and involves two stages. You must first install the software. On my test NT server, this process took about 5 minutes. I popped in the WebStalker-Pro CD-ROM, and NT's auto-run feature launched an installation switchboard. I clicked Install, answered a few basic questions, and waited for the installation to finish.

After you install the software, you must run the WebStalker-Pro interview program you see in Screen 1 to configure how you want the software to protect your system. To start, you click Begin Interview in the WebStalker-Pro program group off the Start menu. The first time you run this program, you must go through a software registration process and obtain a license key to activate the product. After you have the license key you can continue the security interview process and set up the product the way you need it. This configuration occurs within the Web browser on your system.

The security policy configuration process is lengthy, but it helps establish a complete security profile for your site. You must establish a log name, Web server administrator, Simple Network Management Protocol (SNMP) trap generator, and time definitions (specifically, when daytime policy hours are in effect). At first, I didn't understand why the software had daytime policy hours and nighttime policy hours, because Web sites don't exist in real time, only relative time. Nighttime at my Web site is daytime somewhere else. However, as I became more involved in the package's configuration, I learned that this feature lets me configure certain activities as illegal when nobody is at my server (i.e., nighttime).

After the initial setup, you can create specific actions based on illegal logons, jumpers, privilege use, file access, and shutdown events. Each action has options you can set and different parameters for daytime and nighttime use. For example, the illegal logons configuration lets you limit the users who log on to the Web server: You can allow all users, select users, or no users. During the day you might allow all users access and at night allow no users access. This feature also lets you specify addresses. You can use a wildcard to define IP addresses and limit access to specific source addresses.

WebStalker-Pro is expensive, but it's cheaper than the costs associated with an intrusion. If you are going to establish a major Web site and need to protect it, WebStalker-Pro is a product you'll want to consider.