NetGladiator Logo Our blog YouTube Subscribe

Thank you for visiting the NetGladiator Online Demonstration


View our Demo Video: Please watch our short (6:33 min) NetGladiator Demo Video to learn more about our IPS technology.

See for yourself how a hacker would be thwarted by NetGladiator.

If you would like to discuss NetGladiator in more detail, please contact us.

contact us





Read for yourself: To demonstrate just some of the capabilities of the NetGladiator, we have selected three (3) hacking scenarios that our product detects and prevents.

Product Demonstration Scenarios

The NetGladiator is a key device in a layered security approach.  Its behavior-based anomaly detection identifies potential attackers through recognizing unusual patterns of behavior, as a hacker explores and utilizes your website much differently than a normal user.  Because we can be confident in their malicious intent, we block their IP address immediately.

We are not an "all-in-one solution", which can be rendered useless by alerting you thousands of times a day, can block legitimate requests, and break web functionality. We do one thing very well - we catch and stop hackers during their information gathering process - keeping your web applications secure. Information gathering is almost always the initial phase for any attack.  For the attacker, it is critical to find out as much information as possible about your web server and the technologies that run on it.  What is discovered in this phase is often the basis of the actual attack.

SQL Injection PDF

Scenario #1:
SQL Injection

Read below or download
SQL Injection PDF

Directory Traversal PDF

Scenario #2:
Directory Traversal

Read below or download Directory Traversal PDF

Unexpected Countries PDF

Scenario #3:
Automated Attacks from Unexpected Countries

Read below or download Unexpected Countries PDF

Description

SQL Injection is one of the most common and dangerous attacks web applications face today. The attack takes advantage of weakly-coded pages that interface with a back-end database. A hacker will use this weakness to run custom database queries to gather information, modify the database entries, or insert malicious code. The result can be a total compromise of your most sensitive data.

Directory Traversal is one of the techniques used to discover file structure as well as software utilized by the server. This is essentially a brute force attempt to discover what files exist, what their permissions are, and what their function is in the overall web application.

From almost the moment a web server has a public facing IP address, botnets from all over the world are automatically scanning it for vulnerabilities. Often, these attacks originate from countries that house very few potential users or customers for your business. Botnets can be used maliciously to perform Denial of Service (DoS) attacks, website scraping, automated downloads, etcetera.

Example

Assume you have an ecommerce store that lists products on the following URL: http://www.mystore.com/products.php
If a user wants to view a certain product, they might end up at the following URL: http://www.mystore.com/products.php?id=74

This is a clue to the attacker that a database lookup is occurring. Likely with the following query: SELECT * FROM content WHERE id=74
If SQL Injection is possible, the attacker can use this knowledge to modify the above SQL query, possibly like this: http://www.mystore.com/products.php?id=74 AND (SELECT 1 FROM(Select Count(*), Concat(CHAR (58,58,58), (Version()), floor(rand(0)*2), CHAR (58,58,58))x FROM Information_Schema>

Now the query to the database becomes: SELECT * FROM content WHERE id=74 AND (SELECT 1 FROM(Select Count(*), Concat(CHAR (58,58,58), (Version()), floor(rand(0)*2), CHAR (58,58,58))x FROM Information_Schema

If this is successful, the page will print out the version of mysql running on the server. This results in a proof-of-concept for the attacker, and many other, more damaging queries can be executed.

Here is sample output of a directory traversal tool:
Directory Traversal Screen
The software is brute-forcing common names from a very large list. When it gets a response code of anything other than 404 (does not exist), it prints it here for further exploration. The attacker can then manually explore interesting results (like pipermail and admin above) for vulnerabilities.

You are a local business based in the United States. You sell videos to schools that teach kids how to do math. You have some online interfaces and also sell the videos online.

Because the Internet is a global entity, your website is being hacked at by robots originating in China, Iran, and Morocco every day. While possible, it is very unlikely that a legitimate request for your website is coming from someone in these locations.

You are putting your data at grave risk by allowing connections from IP spaces coming from unexpected countries (countries outside your normal scope of business) for the possibility of a small sale.

How NetGladiator Stops This Attack

The NetGladiator is a key device in a layered security approach. Its behavior-based anomaly detection identifies potential attackers through recognizing unusual patterns of behavior, as hackers explore and utilize your website much differently than a normal user.

NetGladiator looks for database keywords in the requests destined for your web servers. The assumption is that database keywords like SELECT, FROM, and WHERE would never be in a valid URL. NetGladiator will stop this attack right away, blocking the offending IP address and alerting an administrator to the attack.

Directory Traversal relies on sending many requests in a short period of time. Without the ability to send hundreds of thousands of requests, the tool used above is useless. NetGladiator stops this attack by tracking requests on a per IP basis. If the requests exceed a threshold, the IP is blocked. The assumption here is that no normal user sends thousands of requests per minute.

In this case, it is best to not even allow connections from unexpected countries (countries outside your normal scope of business). This may sound harsh and somewhat sweeping at first, but good security is all about risk vs. cost. Sure, this might turn away a few potential clients, but it will keep you less visible to a large, malicious botnet.
NetGladiator is capable of blocking IP ranges right off the bat. IP addresses can be geo-located with relative accuracy, and NetGladiator allows you to black list these IP addresses.

Layer This With...

When developing an IT security policy and implementing security controls, the single most important thing to consider is how the different controls you use will layer within your security profile. Because no single piece of equipment or software will be able to thwart 100% of attacks, good layering provides the best chance to stop a hacker from their ultimate goal.

To prevent SQL Injection, it’s very important to validate and sanitize the input from a form or URL before the database query is executed. This includes escaping strings, validating length, and checking the type of input to make sure it matches expected values.

There are four primary actions you can take to limit the successfulness of a directory brute-forcing tool:
  1. Turn off directory listings.
  2. Put all sensitive interfaces behind a .htaccess file that has password authentication.
  3. Remove all old versions of software, especially software that is no longer used.
  4. Keep up-to-date on security releases for software and your web server.

Diligent log review is the key to discovering locations of attacks hitting your websites. If you notice patterns in the logs indicating attacks from a specific IP range, block this IP set in NetGladiator’s user interface.