Remember, too, that log files must be rotated occasionally. If your policy is too restrictive, or the profiler doesn't detect log rotation, you may find that logfile.txt is permitted but logfile2.txt is denied. We easily created a policy in Cisco and Platform Logic that allowed write access to logfile.txt only. When IIS tried to cycle the log, it got a violation and couldn't cycle. The solution was to allow read/write to logfile*.txt. Cisco's profiler was relatively easy to modify, thanks to its extensive use of macros and file sets. Platform Logic's AppFire profiler wasn't as clear-cut because it generated a ton of rules.
We'd like to see finer control of role-based administration across a group of machines. For example, we wanted to create a group of servers and assign an administrator to modify only that group. CA's product allowed this, as did Sana's, but Cisco's CSA and Platform Logic's AppFire didn't offer that much granularity.
We also wanted better reporting capabilities. Sana offered the most useful reporting information, but no vendors made it crystal clear what went wrong or which rule was violated. Platform Logic's product was especially poor in this regard, displaying only a long list of violations.
In the final analysis, though the products from Cisco and Platform Logic are nearly identical in features and operation, Cisco won our Editor's Choice award, because CSA had some of the best canned policies, centralized management features and reporting of the group.
Pricing is quite complex, with management stations, a variety of agents, and support and services all thrown into the mix. To get a ballpark estimate of your cost, see "HIP Software Features" for detailed pricing breakdowns and the cost of our scenario. Although these products seem expensive, they all, quite simply, worked. None of the attacks we threw at them caused a breach of information or elevated access rights. Of course, we did not do a full penetration test--such testing requires hundreds of work hours and thousands of dollars per product--so our results are not a 100 percent ironclad guarantee of security. But tossing Code Red at a vulnerable machine and ending up with an "attack failed" message instead of a command shell was quite a feat.
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
