Security Products & Services: Espion Interceptor - bonus

Interceptor Solution - Secure Proxy (HTTP/HTTPS) Service	email page link to a friend
Download secure proxy solution as a PDF
How can the bundled Interceptor based Secure Proxy solution increase my web application security compared to what I currently have? Here's how - take a look at the typical web application deployment scenario below and then how Interceptor can improve on it.

TYPICAL WEB APPLICATION DEPLOYMENT SCENARIO: Although this should be the norm for deploying web applications, many organizations do not go even this far to secure their web jewels.

TYPICAL WEB APPLICATION DEPLOYMENT SCENARIO
Characteristic	Exposure	Description
Security Risk	HIGH	The weakest feature of such deployment is that it relies on ability of the application infrastructure (i.e. web server, web application server or database server) to resist the attack.
Maintenance	HIGH	Each application server and each firewall requires continuous security and/or application maintenance to address the latest security threat.
Cost	HIGH	Security related application updates and their expedited functionality testing, integration testing and implementation, usually drive the cost of this solution much higher than anticipated. Also, the timing of changes can not be anticipated, hence it is hard to budget for such changes.
Scalability	HIGH	Web application architecture is usually easily horizontally scalable.
Economies of scale	LOW	Although convenient, horizontal scalability usually means that the solution will become more and more complex and hence, expensive, as number of infrastructure elements increases.

INTERCEPTOR SECURE PROXY DEPLOYMENT SCENARIO: Interceptor self-maintains an Intrusion Prevention System database with over 950 web attack signatures, adding or updating signatures as soon as any other peer device in the world comes across a new pattern. These signatures cover such areas as web server configuration (Apache, IIS, Domino), CGI's (PHP execution, Perl vulnerabilities), Coldfusion, Frontpage, etc. Once Interceptor IPS recognizes the web based attack, it rejects any further traffic being directed at any device on the secured side of the network.

WEB-ATTACKS .htgroup access WEB-ATTACKS /bin/ls command attempt WEB-ATTACKS /bin/ls| command attempt WEB-ATTACKS /bin/ps command attempt WEB-ATTACKS /etc/inetd.conf access WEB-ATTACKS /etc/motd access WEB-ATTACKS /etc/shadow access WEB-ATTACKS /usr/bin/cc command attempt WEB-ATTACKS /usr/bin/cpp command attempt WEB-ATTACKS /usr/bin/g++ command attempt WEB-ATTACKS /usr/bin/gcc command attempt WEB-ATTACKS /usr/bin/id command attempt WEB-ATTACKS /usr/bin/perl execution attempt WEB-ATTACKS bin/nasm command attempt WEB-ATTACKS bin/python access attempt WEB-ATTACKS bin/tclsh execution attempt WEB-ATTACKS cc command attempt WEB-ATTACKS chgrp command attempt WEB-ATTACKS chmod command attempt WEB-ATTACKS chown command attempt WEB-ATTACKS chsh command attempt WEB-ATTACKS conf/httpd.conf attempt WEB-ATTACKS cpp command attempt WEB-ATTACKS echo command attempt WEB-ATTACKS g++ command attempt WEB-ATTACKS gcc command attempt WEB-ATTACKS id command attempt WEB-ATTACKS kill command attempt WEB-ATTACKS lsof command attempt WEB-ATTACKS mail command attempt WEB-ATTACKS mail command attempt WEB-ATTACKS nasm command attempt WEB-ATTACKS netcat command attempt WEB-ATTACKS nmap command attempt WEB-ATTACKS nt admin addition attempt WEB-ATTACKS perl execution attempt WEB-ATTACKS ping command attempt WEB-ATTACKS ps command attempt WEB-ATTACKS python access attempt WEB-ATTACKS rm command attempt WEB-ATTACKS tclsh execution attempt WEB-ATTACKS tftp command attempt WEB-ATTACKS traceroute command attempt WEB-ATTACKS uname -a command attempt WEB-ATTACKS wget command attempt WEB-ATTACKS X application to remote host attempt WEB-ATTACKS xterm command attempt WEB-CGI /cart/cart.cgi access WEB-CGI /cgi-bin/ access WEB-CGI /cgi-bin/jj access WEB-CGI /cgi-bin/ls access WEB-CGI /cgi-dos/ access WEB-CGI /fcgi-bin/echo.exe access WEB-CGI /wwwboard/passwd.txt access WEB-CGI a1stats a1disp3.cgi access WEB-CGI a1stats a1disp3.cgi directory traversal attempt WEB-CGI a1stats access WEB-CGI ad.cgi access WEB-CGI adcycle access WEB-CGI admentor admin.asp access WEB-CGI admin.pl access WEB-CGI ads.cgi command execution attempt WEB-CGI aglimpse access WEB-CGI agora.cgi access WEB-CGI agora.cgi attempt WEB-CGI AHG search.cgi access WEB-CGI album.pl access WEB-CGI alchemy http server NUL arbitrary command execution attempt WEB-CGI alchemy http server PRN arbitrary command execution attempt WEB-CGI alert.cgi access WEB-CGI alibaba.pl access WEB-CGI alibaba.pl arbitrary command execution attempt WEB-CGI AlienForm af.cgi access WEB-CGI AlienForm af.cgi directory traversal attempt WEB-CGI alienform.cgi access WEB-CGI alienform.cgi directory traversal attempt WEB-CGI Allaire Pro Web Shell attempt WEB-CGI AltaVista Intranet Search directory traversal attempt WEB-CGI alya.cgi access WEB-CGI Amaya templates sendtemp.pl access WEB-CGI Amaya templates sendtemp.pl directory traversal attempt WEB-CGI anaconda directory transversal attempt WEB-CGI anform2 access WEB-CGI AnyForm2 access WEB-CGI archie access WEB-CGI args.bat access WEB-CGI args.cmd access WEB-CGI Armada Style Master Index directory traversal WEB-CGI AT-admin.cgi access WEB-CGI AT-generated.cgi access WEB-CGI auktion.cgi access WEB-CGI auktion.cgi directory traversal attempt WEB-CGI ax-admin.cgi access WEB-CGI axs.cgi access WEB-CGI bash access WEB-CGI bb-hist.sh access WEB-CGI bb-hist.sh attempt WEB-CGI bb-histlog.sh access WEB-CGI bb-histsvc.sh access WEB-CGI bb-hostscv.sh access WEB-CGI bb-hostscv.sh attempt WEB-CGI bb-rep.sh access WEB-CGI bb-replog.sh access WEB-CGI bbs_forum.cgi access WEB-CGI bigconf.cgi access WEB-CGI bizdbsearch access WEB-CGI bizdbsearch attempt WEB-CGI bnbform.cgi access WEB-CGI book.cgi access WEB-CGI book.cgi arbitrary command execution attempt WEB-CGI bsguest.cgi access WEB-CGI bslist.cgi access WEB-CGI Bugzilla doeditvotes.cgi access WEB-CGI cached_feed.cgi moreover shopping cart access WEB-CGI cached_feed.cgi moreover shopping cart directory traversal WEB-CGI cachemgr.cgi access WEB-CGI calendar access WEB-CGI calendar-admin.pl access WEB-CGI calendar_admin.pl access WEB-CGI calendar_admin.pl arbitrary command execution attempt WEB-CGI calender.pl access WEB-CGI cal_make.pl access WEB-CGI cal_make.pl directory traversal attempt WEB-CGI campas access WEB-CGI campus access WEB-CGI campus attempt WEB-CGI cart.cgi access WEB-CGI cart32.exe access WEB-CGI catgy.cgi access WEB-CGI cgforum.cgi access WEB-CGI cgicso access WEB-CGI cgiforum.pl access WEB-CGI cgiforum.pl attempt WEB-CGI cgimail access WEB-CGI cgiwrap access WEB-CGI chipcfg.cgi access WEB-CGI classifieds.cgi access WEB-CGI commerce.cgi access WEB-CGI commerce.cgi arbitrary file access attempt WEB-CGI count.cgi access WEB-CGI csh access WEB-CGI CSMailto.cgi access WEB-CGI csNews.cgi access WEB-CGI csPassword password.cgi.tmp access WEB-CGI csPassword.cgi access WEB-CGI csSearch.cgi access WEB-CGI csSearch.cgi arbitrary command execution attempt WEB-CGI cvslog.cgi access WEB-CGI cvsview2.cgi access WEB-CGI cvsweb.cgi access WEB-CGI day5datacopier.cgi access WEB-CGI day5datanotifier.cgi access WEB-CGI db2www access WEB-CGI dbman db.cgi access WEB-CGI dcboard.cgi access WEB-CGI dcboard.cgi invalid user addition attempt WEB-CGI dcforum.cgi access WEB-CGI dcforum.cgi directory traversal attempt WEB-CGI DCShop access WEB-CGI DCShop auth_user_file.txt access WEB-CGI DCShop orders.txt access WEB-CGI dfire.cgi access WEB-CGI directorypro.cgi access WEB-CGI directorypro.cgi attempt WEB-CGI dnewsweb.cgi access WEB-CGI document.d2w access WEB-CGI download.cgi access WEB-CGI dumpenv.pl access WEB-CGI echo.bat access WEB-CGI echo.bat arbitrary command execution attempt WEB-CGI edit_action.cgi access WEB-CGI emumail.cgi access WEB-CGI emumail.cgi NULL attempt WEB-CGI enivorn.pl access WEB-CGI enter_bug.cgi access WEB-CGI enter_bug.cgi arbitrary command attempt WEB-CGI environ.cgi access WEB-CGI envout.bat access WEB-CGI envout.bat arbitrary command execution attempt WEB-CGI eshop.pl access WEB-CGI eshop.pl arbitrary commane execution attempt WEB-CGI everythingform.cgi access WEB-CGI eXtropia webstore access WEB-CGI eXtropia webstore directory traversal WEB-CGI ezadmin.cgi access WEB-CGI ezboard.cgi access WEB-CGI ezman.cgi access WEB-CGI faqmanager.cgi access WEB-CGI faqmanager.cgi arbitrary file access attempt WEB-CGI faxsurvey access WEB-CGI faxsurvey arbitrary file read attempt WEB-CGI faxsurvey attempt (full path) WEB-CGI filemail access WEB-CGI files.pl access WEB-CGI fileseek.cgi access WEB-CGI finger access WEB-CGI flexform access WEB-CGI fom.cgi access WEB-CGI FormHandler.cgi access WEB-CGI FormHandler.cgi directory traversal attempt attempt WEB-CGI FormHandler.cgi external site redirection attempt WEB-CGI formmail access WEB-CGI formmail arbitrary command execution attempt WEB-CGI gbook.cgi access WEB-CGI getdoc.cgi access WEB-CGI glimpse access WEB-CGI global.cgi access WEB-CGI gozila.cgi access WEB-CGI guestbook.cgi access WEB-CGI guestserver.cgi access WEB-CGI hello.bat access WEB-CGI hello.bat arbitrary command execution attempt WEB-CGI Home Free search.cgi directory traversal attempt WEB-CGI htmlscript access WEB-CGI htmlscript attempt WEB-CGI htsearch access WEB-CGI htsearch arbitrary configuration file attempt WEB-CGI htsearch arbitrary file read attempt WEB-CGI HyperSeek hsx.cgi access WEB-CGI HyperSeek hsx.cgi directory traversal attempt WEB-CGI icat access WEB-CGI ikonboard.cgi access WEB-CGI imageFolio.cgi access WEB-CGI imagemap.exe access WEB-CGI imagemap.exe overflow attempt WEB-CGI info2www access WEB-CGI input.bat access WEB-CGI input.bat arbitrary command execution attempt WEB-CGI input2.bat access WEB-CGI input2.bat arbitrary command execution attempt WEB-CGI ksh access WEB-CGI lastlines.cgi access WEB-CGI listrec.pl access WEB-CGI loadpage.cgi access WEB-CGI loadpage.cgi directory traversal attempt WEB-CGI LWGate access WEB-CGI MachineInfo access WEB-CGI MachineInfo access WEB-CGI mailfile.cgi access WEB-CGI mailit.pl access WEB-CGI maillist.pl access WEB-CGI mailnews.cgi access WEB-CGI mailview.cgi access WEB-CGI man.sh access WEB-CGI ministats admin access WEB-CGI mmstdod.cgi access WEB-CGI mrtg.cgi directory traversal attempt WEB-CGI multidiff.cgi access WEB-CGI newdesk access WEB-CGI newsdesk.cgi access WEB-CGI Nortel Contivity cgiproc access WEB-CGI Nortel Contivity cgiproc DOS attempt WEB-CGI Nortel Contivity cgiproc DOS attempt WEB-CGI nph-exploitscanget.cgi access WEB-CGI NPH-publish access WEB-CGI NPH-publish access WEB-CGI nph-publish.cgi access WEB-CGI nph-test-cgi access WEB-CGI nsManager.cgi access WEB-CGI Oracle reports CGI access WEB-CGI overflow.cgi access WEB-CGI pagelog.cgi access WEB-CGI pagelog.cgi directory traversal attempt WEB-CGI pals-cgi access WEB-CGI pals-cgi arbitrary file access attempt WEB-CGI parse_xml.cgi access WEB-CGI perl command attempt WEB-CGI perl.exe access WEB-CGI perl.exe command attempt WEB-CGI perlshop.cgi access WEB-CGI pfdispaly.cgi access WEB-CGI pfdispaly.cgi arbitrary command execution attempt WEB-CGI pfdisplay.cgi access WEB-CGI phf access WEB-CGI phf arbitrary command execution attempt WEB-CGI php.cgi access WEB-CGI Poll-it access WEB-CGI post-query access WEB-CGI ppdscgi.exe access WEB-CGI printenv access WEB-CGI printmail.cgi access WEB-CGI process_bug.cgi access WEB-CGI psunami.cgi access WEB-CGI readmail.cgi access WEB-CGI redirect access WEB-CGI register.cgi access WEB-CGI responder.cgi access WEB-CGI rguest.exe access WEB-CGI rksh access WEB-CGI rpc-nlog.pl access WEB-CGI rpc-smb.pl access WEB-CGI rsh access WEB-CGI rwwwshell.pl access WEB-CGI scriptalias access WEB-CGI sdbsearch.cgi access WEB-CGI sdbsearch.cgi access WEB-CGI search.cgi access WEB-CGI sendform.cgi access WEB-CGI sendmessage.cgi access WEB-CGI service.cgi access WEB-CGI setpasswd.cgi access WEB-CGI SGI InfoSearch fname access WEB-CGI SGI InfoSearch fname attempt WEB-CGI shopping cart directory traversal WEB-CGI simplestguest.cgi access WEB-CGI simplestmail.cgi access WEB-CGI siteUserMod.cgi access WEB-CGI SIX webboard generate.cgi access WEB-CGI SIX webboard generate.cgi attempt WEB-CGI smartsearch.cgi access WEB-CGI snork.bat access WEB-CGI snorkerz.cmd access WEB-CGI sojourn.cgi access WEB-CGI sojourn.cgi File attempt WEB-CGI spin_client.cgi access WEB-CGI statusconfig.pl access WEB-CGI store.cgi access WEB-CGI store.cgi directory traversal attempt WEB-CGI story.pl access WEB-CGI story.pl arbitrary file read attempt WEB-CGI streaming server parse_xml.cgi access WEB-CGI survey.cgi access WEB-CGI swc access WEB-CGI SWSoft ASPSeek Overflow attempt WEB-CGI swsrv.cgi access WEB-CGI Talentsoft Web+ exploit attempt WEB-CGI talkback.cgi access WEB-CGI talkback.cgi directory traversal attempt WEB-CGI tcsh access WEB-CGI technote main.cgi file directory traversal attempt WEB-CGI technote print.cgi directory traversal attempt WEB-CGI test-cgi access WEB-CGI test-cgi attempt WEB-CGI test.bat access WEB-CGI test.bat arbitrary command execution attempt WEB-CGI test.cgi access WEB-CGI testcgi access WEB-CGI textcounter.pl access WEB-CGI tst.bat access WEB-CGI tstisapi.dll access WEB-CGI ttawebtop.cgi access WEB-CGI ttawebtop.cgi arbitrary file attempt WEB-CGI txt2html.cgi access WEB-CGI txt2html.cgi directory traversal attempt WEB-CGI upload.cgi access WEB-CGI upload.pl access WEB-CGI uploader.exe access WEB-CGI user_update_admin.pl access WEB-CGI user_update_passwd.pl access WEB-CGI ustorekeeper.pl access WEB-CGI ustorekeeper.pl directory traversal attempt WEB-CGI view-source access WEB-CGI view-source directory traversal WEB-CGI view_source access WEB-CGI viralator.cgi access WEB-CGI visadmin.exe access WEB-CGI vpasswd.cgi access WEB-CGI w3-msql access WEB-CGI w3tvars.pm access WEB-CGI wais.pl access WEB-CGI way-board access WEB-CGI way-board.cgi access WEB-CGI wayboard attempt WEB-CGI Web Shopper shopper.cgi access WEB-CGI Web Shopper shopper.cgi attempt WEB-CGI web-map.cgi access WEB-CGI webdist.cgi access WEB-CGI webdist.cgi arbitrary command attempt WEB-CGI webdriver access WEB-CGI webgais access WEB-CGI webplus directory traversal WEB-CGI webplus version access WEB-CGI websendmail access WEB-CGI websitepro path access WEB-CGI webspeed access WEB-CGI webspirs.cgi access WEB-CGI webspirs.cgi directory traversal attempt WEB-CGI wguest.exe access WEB-CGI whois_raw.cgi access WEB-CGI whois_raw.cgi arbitrary command execution attempt WEB-CGI win-c-sample.exe access WEB-CGI wrap access WEB-CGI ws_mail.cgi access WEB-CGI www-sql access WEB-CGI wwwadmin.pl access WEB-CGI wwwwais access WEB-CGI yabb access WEB-CGI yabb directory traversal attempt WEB-CGI zml.cgi access WEB-CGI zml.cgi attempt WEB-CGI zsh access WEB-CLIENT Javascript document.domain attempt WEB-CLIENT Javascript URL host spoofing attempt WEB-CLIENT Outlook EML access WEB-CLIENT readme.eml autoload attempt WEB-CLIENT readme.eml download attempt WEB-CLIENT XMLHttpRequest attempt WEB-COLDFUSION ?Mode=debug attempt WEB-COLDFUSION addcontent.cfm access WEB-COLDFUSION admin decrypt attempt WEB-COLDFUSION admin encrypt attempt WEB-COLDFUSION administrator access WEB-COLDFUSION application.cfm access WEB-COLDFUSION application.cfm access WEB-COLDFUSION beaninfo access WEB-COLDFUSION cfappman access WEB-COLDFUSION cfcache.map access WEB-COLDFUSION cfmlsyntaxcheck.cfm access WEB-COLDFUSION CFUSION_VERIFYMAIL access WEB-COLDFUSION datasource attempt WEB-COLDFUSION datasource passwordattempt WEB-COLDFUSION datasource username attempt WEB-COLDFUSION db connections flush attempt WEB-COLDFUSION displayfile access WEB-COLDFUSION evaluate.cfm access WEB-COLDFUSION exampleapp access WEB-COLDFUSION exampleapp application.cfm WEB-COLDFUSION expeval access WEB-COLDFUSION exprcalc access WEB-COLDFUSION fileexists.cfm access WEB-COLDFUSION getfile.cfm access WEB-COLDFUSION getodbcdsn access WEB-COLDFUSION getodbcin attempt WEB-COLDFUSION gettempdirectory.cfm access WEB-COLDFUSION mainframeset access WEB-COLDFUSION onrequestend.cfm access WEB-COLDFUSION parks access WEB-COLDFUSION sendmail.cfm access WEB-COLDFUSION set odbc ini attempt WEB-COLDFUSION settings refresh attempt WEB-COLDFUSION snippets attempt WEB-COLDFUSION startstop DOS access WEB-FRONTPAGE .... request WEB-FRONTPAGE /_vti_bin/ access WEB-FRONTPAGE access.cnf access WEB-FRONTPAGE administrators.pwd access WEB-FRONTPAGE author.exe access WEB-FRONTPAGE authors.pwd access WEB-FRONTPAGE cfgwiz.exe access WEB-FRONTPAGE contents.htm access WEB-FRONTPAGE dvwssr.dll access WEB-FRONTPAGE form_results access WEB-FRONTPAGE form_results.htm access WEB-FRONTPAGE fpadmcgi.exe access WEB-FRONTPAGE fpadmin.htm access WEB-FRONTPAGE fpremadm.exe access WEB-FRONTPAGE fpsrvadm.exe access WEB-FRONTPAGE frontpage rad fp4areg.dll access WEB-FRONTPAGE orders.htm access WEB-FRONTPAGE orders.txt access WEB-FRONTPAGE posting WEB-FRONTPAGE rad fp30reg.dll access WEB-FRONTPAGE register.htm access WEB-FRONTPAGE register.txt access WEB-FRONTPAGE registrations.htm access WEB-FRONTPAGE registrations.txt access WEB-FRONTPAGE service.cnf access WEB-FRONTPAGE service.pwd WEB-FRONTPAGE service.stp access WEB-FRONTPAGE services.cnf access WEB-FRONTPAGE shtml.dll access WEB-FRONTPAGE shtml.exe access WEB-FRONTPAGE svcacl.cnf access WEB-FRONTPAGE users.pwd access WEB-FRONTPAGE writeto.cnf access WEB-FRONTPAGE _vti_rpc access WEB-IIS %2E-asp access WEB-IIS *.idc attempt WEB-IIS +.htr code fragment attempt WEB-IIS .asp chunked Transfer-Encoding WEB-IIS .bat? access WEB-IIS .cnf access WEB-IIS .htr access WEB-IIS .htr chunked Transfer-Encoding WEB-IIS /exchange/root.asp access WEB-IIS /exchange/root.asp attempt WEB-IIS /iisadmpwd/aexp2.htr access WEB-IIS /isapi/tstisapi.dll access WEB-IIS /msadc/samples/ access WEB-IIS /pcadmin/login.asp access WEB-IIS /scripts/iisadmin/default.htm access WEB-IIS /scripts/samples/ access WEB-IIS /StoreCSVS/InstantOrder.asmx request WEB-IIS achg.htr access WEB-IIS Alternate Data streams ASP file access attempt WEB-IIS anot.htr access WEB-IIS ASP contents view WEB-IIS ASP contents view WEB-IIS asp-dot attempt WEB-IIS asp-srch attempt WEB-IIS as_web.exe access WEB-IIS as_web4.exe access WEB-IIS Battleaxe Forum login.asp access WEB-IIS bdir.htr access WEB-IIS CGImail.exe access WEB-IIS cmd.exe access WEB-IIS cmd32.exe access WEB-IIS cmd? access WEB-IIS CodeRed v2 root.exe access WEB-IIS cross-site scripting attempt WEB-IIS cross-site scripting attempt WEB-IIS ctss.idc access WEB-IIS del attempt WEB-IIS directory listing WEB-IIS Directory transversal attempt WEB-IIS DirectoryListing.asp access WEB-IIS doctodep.btr access WEB-IIS encoding access WEB-IIS exec-src access WEB-IIS fpcount access WEB-IIS fpcount attempt WEB-IIS getdrvs.exe access WEB-IIS global.asa access WEB-IIS htimage.exe access WEB-IIS idc-srch attempt WEB-IIS iisadmin access WEB-IIS iisadmpwd attempt WEB-IIS IISProtect access WEB-IIS IISProtect globaladmin.asp access WEB-IIS IISProtect siteadmin.asp access WEB-IIS iissamples access WEB-IIS index server file source code attempt WEB-IIS ISAPI .ida access WEB-IIS ISAPI .ida attempt WEB-IIS ISAPI .idq access WEB-IIS ISAPI .idq attempt WEB-IIS ISAPI .printer access WEB-IIS isc$data attempt WEB-IIS ism.dll access WEB-IIS ism.dll attempt WEB-IIS jet vba access WEB-IIS MDAC Content-Type overflow attempt WEB-IIS mkilog.exe access WEB-IIS MS BizTalk server access WEB-IIS MS Site Server admin attempt WEB-IIS MS Site Server default login attempt WEB-IIS msadcs.dll access WEB-IIS msdac access WEB-IIS MSProxy access WEB-IIS multiple decode attempt WEB-IIS newdsn.exe access WEB-IIS NewsPro administration authentication attempt WEB-IIS nsiislog.dll access WEB-IIS outlook web dos WEB-IIS pbserver access WEB-IIS perl access WEB-IIS perl-browse0a attempt WEB-IIS perl-browse20 attempt WEB-IIS postinfo.asp access WEB-IIS register.asp access WEB-IIS repost.asp access WEB-IIS SAM Attempt WEB-IIS scripts-browse access WEB-IIS search97.vts access WEB-IIS showcode.asp access WEB-IIS site server config access WEB-IIS site/iisamples access WEB-IIS srch.htm access WEB-IIS srchadm access WEB-IIS Synchrologic Email Accelerator userid list access attempt WEB-IIS trace.axd access WEB-IIS unicode directory traversal attempt WEB-IIS unicode directory traversal attempt WEB-IIS unicode directory traversal attempt WEB-IIS unicode directory traversal attempt WEB-IIS Unicode2.pl script (File permission canonicalization) WEB-IIS uploadn.asp access WEB-IIS UploadScript11.asp access WEB-IIS users.xml access WEB-IIS view source via translate header WEB-IIS viewcode.asp access WEB-IIS WEBDAV exploit attempt WEB-IIS WebDAV file lock attempt WEB-IIS WEBDAV nessus safe scan attempt WEB-IIS webhits access WEB-IIS _mem_bin access WEB-IIS _vti_inf access WEB-MISC *%0a.pl access WEB-MISC .bash_history access WEB-MISC .DS_Store access WEB-MISC .FBCIndex access WEB-MISC .history access WEB-MISC .htaccess access WEB-MISC .htpasswd access WEB-MISC .nsconfig access WEB-MISC .wwwacl access WEB-MISC .wwwacl access WEB-MISC /*.shtml access WEB-MISC /.... access WEB-MISC ///cgi-bin access WEB-MISC /Carello/add.exe access WEB-MISC /cgi-bin/// access WEB-MISC /CVS/Entries access WEB-MISC /doc/ access WEB-MISC /doc/packages access WEB-MISC /ecscripts/ecware.exe access WEB-MISC /etc/passwd WEB-MISC /home/ftp access WEB-MISC /home/www access WEB-MISC /~ftp access WEB-MISC /~nobody access WEB-MISC /~root access WEB-MISC ?open access WEB-MISC ?PageServices access WEB-MISC active.log access WEB-MISC adminlogin access WEB-MISC Admin_files access WEB-MISC Allaire JRUN DOS attempt WEB-MISC amazon 1-click cookie theft WEB-MISC Annex Terminal DOS attempt WEB-MISC ans.pl access WEB-MISC ans.pl attempt WEB-MISC answerbook2 admin attempt WEB-MISC answerbook2 arbitrary command execution attempt WEB-MISC apache ?M=D directory list attempt WEB-MISC apache chunked encoding memory corruption exploit attempt WEB-MISC Apache Chunked-Encoding worm attempt WEB-MISC apache DOS attempt WEB-MISC apache source.asp file access WEB-MISC architext_query.pl access WEB-MISC AuthChangeUrl access WEB-MISC Axis Storpoint CD access WEB-MISC AxisStorpoint CD attempt WEB-MISC b2 access WEB-MISC b2 arbitrary command execution attempt WEB-MISC backup access WEB-MISC bad HTTP/1.1 request, Potentially worm attack WEB-MISC basilix mysql.class access WEB-MISC basilix sendmail.inc access WEB-MISC BBoard access WEB-MISC BigBrother access WEB-MISC BitKeeper arbitrary command attempt WEB-MISC carbo.dll access WEB-MISC cart 32 AdminPwd access WEB-MISC cat%20 access WEB-MISC cd.. WEB-MISC cgitest.exe access WEB-MISC cgitest.exe attempt WEB-MISC cgiWebupdate.exe access WEB-MISC changepw.exe access WEB-MISC chip.ini access WEB-MISC Chunked-Encoding transfer attempt WEB-MISC Cisco /%% DOS attempt WEB-MISC Cisco Catalyst command execution attempt WEB-MISC Cisco IOS HTTP configuration attempt WEB-MISC CISCO PIX Firewall Manager directory traversal attempt WEB-MISC CISCO VoIP DOS ATTEMPT WEB-MISC Compaq Insight directory traversal WEB-MISC console.exe access WEB-MISC ContentFilter.dll access WEB-MISC convert.bas access WEB-MISC counter.exe access WEB-MISC cpshost.dll access WEB-MISC cross site scripting attempt WEB-MISC cross site scripting HTML Image tag set to javascript attempt WEB-MISC cs.exe access WEB-MISC cvsweb version access WEB-MISC cwmail.exe access WEB-MISC cybercop scan WEB-MISC DB4Web access WEB-MISC ddicgi.exe access WEB-MISC Delegate whois overflow attempt WEB-MISC DELETE attempt WEB-MISC Demarc SQL injection attempt WEB-MISC Domino agentrunner.nsf access WEB-MISC Domino bookmark.nsf access WEB-MISC Domino catalog.nsf access WEB-MISC Domino cersvr.nsf access WEB-MISC Domino collect4.nsf access WEB-MISC Domino domcfg.nsf access WEB-MISC Domino domlog.nsf access WEB-MISC Domino events4.nsf access WEB-MISC Domino log.nsf access WEB-MISC Domino mab.nsf access WEB-MISC Domino mail.box access WEB-MISC Domino mailw46.nsf access WEB-MISC Domino names.nsf access WEB-MISC Domino ntsync4.nsf access WEB-MISC Domino setup.nsf access WEB-MISC Domino statrep.nsf access WEB-MISC Domino webadmin.nsf access WEB-MISC Ecommerce check.txt access WEB-MISC Ecommerce checks.txt access WEB-MISC Ecommerce import.txt access WEB-MISC Ecommerce import.txt access WEB-MISC ExAir access WEB-MISC filemail access WEB-MISC ftp attempt WEB-MISC ftp.pl access WEB-MISC ftp.pl attempt WEB-MISC get32.exe access WEB-MISC global.inc access WEB-MISC globals.jsa access WEB-MISC globals.pl access WEB-MISC guestbook.pl access WEB-MISC handler access WEB-MISC handler attempt WEB-MISC helpout.exe access WEB-MISC HP OpenView Manager DOS WEB-MISC htgrep access WEB-MISC htgrep attempt WEB-MISC http directory traversal WEB-MISC http directory traversal WEB-MISC IBM Net.Commerce orderdspc.d2w access WEB-MISC iChat directory traversal attempt WEB-MISC ICQ Webfront HTTP DOS WEB-MISC ICQ webserver DOS WEB-MISC intranet access WEB-MISC ion-p access WEB-MISC iPlanet .perf access WEB-MISC iPlanet GETPROPERTIES attempt WEB-MISC iPlanet Search directory traversal attempt WEB-MISC jigsaw dos attempt WEB-MISC jrun directory browse attempt WEB-MISC L3retriever HTTP Probe WEB-MISC Linksys router default password login attempt WEB-MISC Linksys router default username and password login attempt WEB-MISC logicworks.ini access WEB-MISC login.htm access WEB-MISC login.htm attempt WEB-MISC long basic authorization string WEB-MISC Lotus DelDoc attempt WEB-MISC Lotus Domino directory traversal WEB-MISC Lotus EditDoc attempt WEB-MISC Lotus Notes .csp script source download attempt WEB-MISC Lotus Notes .exe script source download attempt WEB-MISC Lotus Notes .pl script source download attempt WEB-MISC ls%20-l WEB-MISC lyris.pl access WEB-MISC Macromedia SiteSpring cross site scripting attempt WEB-MISC mailman cross site scripting attempt WEB-MISC mall log order access WEB-MISC mkilog.exe access WEB-MISC mkplog.exe access WEB-MISC mlog.phtml access WEB-MISC mod-plsql administration access WEB-MISC mod_gzip_status access WEB-MISC MsmMask.exe access WEB-MISC MsmMask.exe attempt WEB-MISC musicat empower access WEB-MISC musicat empower attempt WEB-MISC mylog.phtml access WEB-MISC nc.exe attempt WEB-MISC ndcgi.exe access WEB-MISC negative Content-Length attempt WEB-MISC Nessus 404 probe WEB-MISC net attempt WEB-MISC NetGear router default password login attempt$admin\:password$ WEB-MISC Netscape admin passwd WEB-MISC Netscape dir index wp WEB-MISC Netscape Enterprise directory listing attempt WEB-MISC Netscape Enterprise DOS WEB-MISC Netscape Enterprise Server directory view WEB-MISC Netscape Enterprise Server directory view WEB-MISC Netscape Enterprise Server directory view WEB-MISC Netscape Enterprise Server directory view WEB-MISC Netscape Enterprise Server directory view WEB-MISC Netscape Enterprise Server directory view WEB-MISC Netscape Enterprise Server directory view WEB-MISC Netscape Enterprise Server directory view WEB-MISC Netscape Enterprise Server directory view WEB-MISC Netscape PublishingXpert access WEB-MISC Netscape Servers suite DOS WEB-MISC Netscape Unixware overflow WEB-MISC Novell Groupwise gwweb.exe access WEB-MISC Novell Groupwise gwweb.exe attempt WEB-MISC nstelemetry.adp access WEB-MISC Oracle Dynamic Monitoring Services (dms) access WEB-MISC Oracle Java Process Manager access WEB-MISC oracle portal demo access WEB-MISC oracle web application server access WEB-MISC oracle web arbitrary command execution attempt WEB-MISC Oracle XSQLConfig.xml access WEB-MISC order.log access WEB-MISC PCCS mysql database admin tool access WEB-MISC PeopleSoft PeopleBooks psdoccgi access WEB-MISC perl post attempt WEB-MISC philboard.mdb access WEB-MISC philboard_admin.asp access WEB-MISC philboard_admin.asp authentication bypass attempt WEB-MISC Phorecast remote code execution attempt WEB-MISC PIX firewall manager directory traversal attempt WEB-MISC plusmail access WEB-MISC post32.exe access WEB-MISC post32.exe arbitrary command attempt WEB-MISC queryhit.htm access WEB-MISC RBS ISP /newuser directory traversal attempt WEB-MISC RBS ISP /newuser access WEB-MISC rcmd attempt WEB-MISC redirect.exe access WEB-MISC register.dll access WEB-MISC ROADS search.pl attempt WEB-MISC robot.txt access WEB-MISC robots.txt access WEB-MISC ROXEN directory list attempt WEB-MISC rpm_query access WEB-MISC sadmind worm access WEB-MISC SalesLogix Eviewer access WEB-MISC SalesLogix Eviewer web command attempt WEB-MISC search.dll access WEB-MISC search.dll directory listing attempt WEB-MISC search.vts access WEB-MISC SecureSite authentication bypass attempt WEB-MISC server-info access WEB-MISC server-status access WEB-MISC SFNofitication.dll access WEB-MISC shopping cart access WEB-MISC showcode access WEB-MISC SiteScope Service access WEB-MISC SmartWin CyberOffice Shopping Cart access WEB-MISC sml3com access WEB-MISC SpamExcp.dll access WEB-MISC spamrule.dll access WEB-MISC Sun JavaServer default password login attempt WEB-MISC SWEditServlet access WEB-MISC SWEditServlet directory traversal attempt WEB-MISC Talentsoft Web+ internal IP Address access WEB-MISC Talentsoft Web+ Source Code view access WEB-MISC telnet attempt WEB-MISC tftp attempt WEB-MISC Tomcat directory traversal attempt WEB-MISC Tomcat null byte directory listing attempt WEB-MISC Tomcat server exploit access WEB-MISC Tomcat server snoop access WEB-MISC Tomcat servlet mapping cross site scripting attempt WEB-MISC Tomcat SnoopServlet servlet access WEB-MISC Tomcat sourecode view WEB-MISC Tomcat sourecode view WEB-MISC Tomcat sourecode view WEB-MISC Tomcat TroubleShooter servlet access WEB-MISC Tomcat view source attempt WEB-MISC TOP10.dll access WEB-MISC TRACE attempt WEB-MISC Trend Micro OfficeScan access WEB-MISC Trend Micro OfficeScan attempt WEB-MISC ultraboard access WEB-MISC unify eWave ServletExec DOS WEB-MISC unify eWave ServletExec upload WEB-MISC viewcode access WEB-MISC VirusWall catinfo access WEB-MISC VirusWall catinfo access WEB-MISC VirusWall FtpSave access WEB-MISC VirusWall FtpSaveCSP access WEB-MISC VirusWall FtpSaveCVP access WEB-MISC VsSetCookie.exe access WEB-MISC WEB-INF access WEB-MISC webadmin.dll access WEB-MISC webalizer access WEB-MISC webcart access WEB-MISC webcart-lite access WEB-MISC WebDAV propfind access WEB-MISC WebDAV search access WEB-MISC webfind.exe access WEB-MISC WebLogic ConsoleHelp view source attempt WEB-MISC weblogic view source attempt WEB-MISC Webnews.exe access WEB-MISC webplus access WEB-MISC Webtrends HTTP probe WEB-MISC whisker HEAD/./ WEB-MISC whisker space splice attack WEB-MISC whisker tab splice attack WEB-MISC windmail.exe access WEB-MISC wsh attempt WEB-MISC ws_ftp.ini access WEB-MISC wwwboard.pl access WEB-MISC xp_availablemedia attempt WEB-MISC xp_cmdshell attempt WEB-MISC xp_enumdsn attempt WEB-MISC xp_filelist attempt WEB-MISC xp_regdeletekey attempt WEB-MISC xp_regread attempt WEB-MISC xp_regwrite attempt WEB-PHP admin.php access WEB-PHP admin.php file upload attempt WEB-PHP Advanced Poll admin_comment.php access WEB-PHP Advanced Poll admin_edit.php access WEB-PHP Advanced Poll admin_embed.php access WEB-PHP Advanced Poll admin_help.php access WEB-PHP Advanced Poll admin_license.php access WEB-PHP Advanced Poll admin_logout.php access WEB-PHP Advanced Poll admin_password.php access WEB-PHP Advanced Poll admin_preview.php access WEB-PHP Advanced Poll admin_settings.php access WEB-PHP Advanced Poll admin_stats.php access WEB-PHP Advanced Poll admin_templates.php access WEB-PHP Advanced Poll admin_templates_misc.php access WEB-PHP Advanced Poll admin_tpl_misc_new.php access WEB-PHP Advanced Poll admin_tpl_new.php access WEB-PHP Advanced Poll booth.php access WEB-PHP Advanced Poll poll_ssi.php access WEB-PHP Advanced Poll popup.php access WEB-PHP autohtml.php access WEB-PHP autohtml.php directory traversal attempt WEB-PHP b2 cafelog gm-2-b2.php access WEB-PHP b2 cafelog gm-2-b2.php remote command execution attempt WEB-PHP bb_smilies.php access WEB-PHP Blahz-DNS dostuff.php access WEB-PHP Blahz-DNS dostuff.php modify user attempt WEB-PHP BLNews objects.inc.php4 access WEB-PHP BLNews objects.inc.php4 remote command execution attempt WEB-PHP calendar.php access WEB-PHP chatbox.php access WEB-PHP content-disposition memchr overflow WEB-PHP DatabaseFunctions.php access WEB-PHP directory.php access WEB-PHP directory.php arbitrary command attempt WEB-PHP DNSTools access WEB-PHP DNSTools administrator authentication bypass attempt WEB-PHP DNSTools authentication bypass attempt WEB-PHP edit_image.php access WEB-PHP external include path WEB-PHP files.inc.php access WEB-PHP forum_details.php access WEB-PHP friends.php access WEB-PHP gallery arbitrary command execution attempt WEB-PHP GlobalFunctions.php access WEB-PHP Mambo upload.php access WEB-PHP Mambo upload.php upload php file attempt WEB-PHP Mambo uploadimage.php access WEB-PHP Mambo uploadimage.php upload php file attempt WEB-PHP Messagerie supp_membre.php access WEB-PHP p-news.php access WEB-PHP PayPal Storefront arbitrary command execution attempt WEB-PHP Phorum /support/common.php access WEB-PHP Phorum /support/common.php attempt WEB-PHP Phorum admin access WEB-PHP Phorum authentication access WEB-PHP Phorum code access WEB-PHP Phorum read access WEB-PHP Phorum violation access WEB-PHP PHP-Nuke remote file include attempt WEB-PHP PHP-Wiki cross site scripting attempt WEB-PHP php.exe access WEB-PHP phpBB privmsg.php access WEB-PHP phpbb quick-reply.php access WEB-PHP phpbb quick-reply.php arbitrary command attempt WEB-PHP PHPLIB remote command attempt WEB-PHP PHPLIB remote command attempt WEB-PHP phpMyAdmin db_details_importdocsql.php access WEB-PHP piranha passwd.php3 access WEB-PHP pmachine remote command execution attempt WEB-PHP readmsg.php access WEB-PHP read_body.php access attempt WEB-PHP rolis guestbook access WEB-PHP rolis guestbook arbitrary command execution attempt WEB-PHP Setup.php access WEB-PHP shoutbox.php access WEB-PHP shoutbox.php directory traversal attempt WEB-PHP smssend.php access WEB-PHP squirrel mail spell-check arbitrary command attempt WEB-PHP squirrel mail theme arbitrary command attempt WEB-PHP strings overflow WEB-PHP strings overflow WEB-PHP test.php access WEB-PHP TextPortal admin.php default password (12345) attempt WEB-PHP TextPortal admin.php default password (admin) attempt WEB-PHP Title.php access WEB-PHP ttCMS header.php access WEB-PHP ttCMS header.php remote command execution attempt WEB-PHP ttforum remote command execution attempt WEB-PHP Turba status.php access WEB-PHP UpdateClasses.php access WEB-PHP viewtopic.php access

INTERCEPTOR SECURE PROXY DEPLOYMENT SCENARIO
Characteristic	Exposure	Description
Security Risk	LOW	Interceptor provides the first line of defense, preventing direct exposure of even web server - typically the only device in the DMZ.
Maintenance	LOW	Interceptor maintains its' Intrusion Prevention System database without any need for manual intervention.
Cost	LOW	Interceptor IPS is integrated part of the Interceptor package - so it comes as an added bonus feature at no additional cost.
Scalability	HIGH	Interceptor IPS has the same scalability as the appliance itself - from a few hundred users to 20,000 users per clustered pair.
Economies of scale	HIGH	This is where the biggest advantage of Interceptor solution shows well. The more protected devices behind Interceptor, the lower cost of security gets!

Try before you buy - please contact us to arrange for your free trial!

Secure Software and Hardware Solutions for the Enterprise