Home > Articles > Security > General Security and Privacy

Protecting Web Sites by Guarding the Exits

  • Print
  • + Share This
This article discusses a novel way of protecting web servers that mirrors the way some department stores protect against shoplifters: Watch the exits. While most efforts focus on securing the web server machine from compromise, a novel technique of approving content and then verifying that everything that leaves a site is approved can virtually eliminates the ability of attackers to hijack the content of a web site.
Avi Rubin is the author of White-Hat Security Arsenal: Tackling the Threats (Addison-Wesley, 2001, ISBN 0-201-71114-1). Rubin sits on the technical advisory board of Gilian Technologies, which introduced the idea of exit control.
From the author of

No Safety in Numbers

As business moves online, the web is becoming more and more of a marketplace. It's a place where vendors and buyers meet to interact. Online transactions are now a normal, accepted part of life: You can auction unwanted goods, find a long-lost friend, get an education, keep up with your favorite sports teams... A business that doesn't have a web presence is practically unheard-of these days.

Obviously, this provides a fertile playground for malfeasants to wreak havoc. Even the U.S. government computers are not immune. The White House web site was recently defaced, and the Department of Justice hijacking is legendary. There were more than 15,000 reported cases of break-ins and data alterations in the year 2000, and the rate of break-ins has been increasing exponentially. According to http://defaced.alldas.de/, we're on track for more than 50,000 web site defacements this year. Interestingly, an increasing number of break-ins originate in foreign countries. Some of the well-known hacked sites include those of the U.S. Army, Air Force, and Navy; NASA; the Department of the Treasury; and the IRS. In fact, most organization have a strong incentive to immediately cover up any hijacking incident and to keep them as quiet as possible, in order to maintain customer confidence. So, in reality, the numbers may be much higher than those mentioned above.

Security experts are clamoring to come up with ways of countering all of these attacks. This article looks at a new technique that offers some promise.

  • + Share This
  • 🔖 Save To Your Account