| Q1. |
Why do we need a InterScan/Immunix Secured Solution? |
| A1. |
For eCommerce and the Net economy to operate 24 x 7, our networks must be protected at the operating system from both known and unknown vulnerabilities. To meet this need Hewlett Packard has partnered with WireX to put ImmunixTM security in this new secured solution. Immunix is based on advanced security technology that protects the operating system from network threats and prevents software bugs in applications from being used to gain system access, the InterScan/Immunix Secured Solution combines the best features of ProLiant DL servers, Linux and market leading applications. |
|
| Q2. |
Why Trend Micro? |
| A2. |
Trend Micro, Inc. is a leader in network anti-virus and Internet security software and services. Trend's solutions protect the flow of information on PCs, file servers, email servers and at the Internet gateway, providing a complete, centrally-controlled VirusWall for enterprise networks. |
|
| Q3. |
Why InterScan VirusWall? |
| A3. |
Trend Micro's enterprise solutions have been adopted by over one-third of the Fortune 500 since 1997. A recent IDC (2001) study found Trend Micro's InterScan VirusWall with a dominant 63% global market share at the Internet gateway, the fastest growing segment of the anti-virus market. Trend Micro also led the field with 31% of the email/groupware anti-virus market and 33% of the overall server-based anti-virus market in 2000 (IDC Bulletin, 2001). |
|
| Q4. |
Who developed Immunix™ security for Linux? |
| A4. |
WireX Communication Inc. under a grant from the Defense Advanced Research Projects Agency (DARPA) developed Immunix. It is licensed by Hewlett Packard for resale with this solution on ProLiant DL series servers. |
|
| Q5. |
What is the Secure Linux Solutions Program? |
| A5. |
A development and distribution alliance formed by HP, WireX, and Trend Micro. It is open to all application software developers whose customers demand a secure, easily managed, high performance and cost effective platform for their edge-of-the-net applications.
|
|
| Q6. |
Is InterScan compatible with my firewall? |
| A6. |
InterScan fully integrates with major firewalls, such as Check Point FireWall-1, Cisco Systems PIX, Lucent VPN-Brick and Netscreen firewalls. |
|
| Q7. |
Are virus pattern file updates available? |
| A7. |
Weekly updates of the virus pattern file are available from Trend Micro's Web site and can be automatically downloaded and installed. Emergency pattern files are made available on an "as needed" basis.
|
|
| Q8. |
Can InterScan alert the sysadm to problems? |
| A8. |
InterScan VirusWall can be configured to respond to virus detection and security violation incidents in several ways, alone or in combination:
- Alert the system administrator
- Isolate the infected file for later cleaning or other action
- Delete the infected file
- Permit the user to download the file under certain strictly-controlled conditions
|
|
| Q9. |
Whose Scan Engine does Trend Micro use? |
| A9. |
InterScan VirusWall uses Trend's multi-threaded, 32-bit scan engine to detect thousands of viruses, including 100% of those found on Joe Well's 'Wild List.' InterScan detects known and unknown viruses and recognizes more than 16 types of compression encoding formats and scans down as many as 20 layers of compression. |
|
| Q10. |
Is InterScan Check Point CVP Compliant? |
| A10. |
InterScan VirusWall seamlessly integrates with Check Point FireWall-1 NG or 2000 via Check Point's CVP API. This integration allows scanning of Internet traffic - SMTP, HTTP and FTP, without changing the network topology or end-user's browser proxy configuration - simply add a rule within the FW-1 rule base to redirect traffic to the InterScan VirusWall server. Multiple InterScan VirusWall servers may be grouped to provide load balancing and fault tolerance of virus and content scanning. InterScan VirusWall for NT v3.5 and v3.52 are OPSEC certified for FW-1 NG and 2000. |
|
| Q11. |
Does InterScan work with Trend's Virus Control System (VCS)? |
| A11. |
Yes, VCS is a Web-based management tool that allows administrators to configure, monitor, and maintain most anti-virus programs installed on the network from a single point - regardless of the program's physical location or platform. Trend VCS improves and simplifies the administration of corporate virus control policies by organizing all anti-virus servers into groups. Trend VCS installs on a Windows NT server in minutes and is accessible from any machine running a Netscape or Microsoft browser. It provides network-wide virus statistics and analysis for most Trend Micro, and many third-party, anti-virus products, allowing administrators to identify weak points in the network. |
|
| Q12. |
Where can I find more information on Trend Micro's InterScan products? |
| A12. |
Information can be found on Trend Micro's web-site at www.trendmicro.com |
|
| Q13. |
Why does the solution cd only include an evaluation license for InterScan VirusWall? |
| A13. |
Trend Micro InterScan VirusWall licenses are based on the number of seats supported. This allows one set of market leading features to be affordable to customers of all sizes. The software pre-installed and pre-configured on the solution cd may be activated by a license key that authorizes usage to meet the needs of each customer. |
| Q14. |
What is Immunix? |
| A14. |
Immunix a family of tools designed to enhance system integrity by securing system components and platforms against malicious attacks. Immunix secures both the Linux OS and applications. Immunix works by hardening existing software components and platforms so that attempts to exploit security vulnerabilities will fail-safe, i.e. the compromised process halts instead of giving control to the attacker, and then is restarted. Immunix technology protects with passive restraint - just like an air bag. This security requires no user action, deploys only when needed and is designed to protect critical processes from any vulnerabilities. Instead of merely patching known holes, the Immunix compiled operating system and select application programs are immunized from all buffer overflow, printf, and race condition vulnerabilities. When an immunized program senses a known or more importantly an unknown threat, it instantly deploys to stop the attack. |
|
| Q15. |
Does Immunix support Insight Manager and Health drivers? |
| A15. |
No. These agents utilize SMNP protocols which are not considered secure. They will be sub-domained in future versions and make available to users via download. |
|
| Q16. |
Which class vulnerabilities does Immunix protect against? |
| A16. |
Buffer overflow, print format and race condition vulnerabilities |
|
| Q17. |
What is a buffer overflow attack? |
| A17. |
Buffer overflow attacks exploit a lack of bounds checking on the size of input being stored in a buffer array. By writing data past the end of an allocated array, the attacker can make arbitrary changes to program state stored adjacent to the array. A buffer overflow allows the return address of a function to be changed and cause the system to spawn a new shell or session from which the system may be compromised. |
|
| Q18. |
How does Immunix prevent buffer overflow attacks? |
| A18. |
Immunix detects and defeats stack smashing attacks by protecting the return address on the stack from being altered. Immunix places a "canary" word next to the return address when a function is called. If the canary word has been altered when the function returns, then a stack attack has been attempted. The program responds by emitting an intruder alert into syslog, then halts and restarts the process. |
|
| Q19. |
What is a printf (print format) vulnerability and why should it concern me? |
| A19. |
Format strings are a programming construct used in the C and C++ programming languages used for formatting I/O. They contain special identifiers (such as %s for strings, %d for integers) that if used in malicious input, can reveal information about the call stack and variables used in functions. In particular, the dangerous %n identifier can be used to overwrite data in memory. Since overwriting memory allows hackers to do basically the same thing as buffer overflows, the results are the same: arbitrary code execution. |
|
| Q20. |
How does Immunix protect against printf format errors? |
| A20. |
Immunix works by employing C's ability to distinguish macros with identical names but a different number of arguments. Immunix provides a macro definition of the printf function for each of iterative arguments up to 100. Each of these macros in turn calls a safe wrapper that counts the number of format characters in the format string, and rejects the call if the number of arguments does not match the number of format directives. |
|
| Q21. |
How do race condition vulnerabilities weaken my security? |
| A21. |
The problem occurs in the handling of files created in the /tmp directory. During execution of the program, files are created in the /tmp directory. However, these files are created in an insecure manner, which makes it possible to guess the filename of a future /tmp file. This allows a user with malicious motives to create a number of symbolic links in the /tmp directory, and potentially append to or overwrite system files that grant access to root. |
|
| Q22. |
How does Immunix protect against race condition vulnerabilities? |
| A22. |
Immunix will defend against this form of attack by preventing the attacker from racing in between the read and the write. Immunix allows multiple file accesses, but aborts the second write access, if it points to a different file than the first access. |
|
| Q23. |
How does Immunix protect against unknown threats? |
| A23. |
Immunix not only secures the operating system but off-the-shelf applications as well, restricting the ports, processes and IP addresses the application may access to only those it requires. Even if an application program is attacked and compromised via an unknown vulnerability, Immunix prevents the program from being used to gain access to other programs or other areas of the system, server, or network. |
|
| Q24. |
Why can't I simply reply on my OS developer to provide patches to these vulnerabilities? |
| A24. |
You can, but you will only receive them AFTER the vulnerability is discovered, exploited, published and patches are developed. Immunix prevents the exploitation of vulnerabilities BEFORE they are discovered. |
|
| Q25. |
What customer support is provided for Immunix? |
| A25. |
Two years of Level One support and intra-version updates to the operating system are provided in the license price of Immunix. |
|
|
printable version
