One of my customers came across the CoreTrace Bouncer product for securing your servers. Put simply it works by allowing only specific EXE’s and DLL’s to run if they have been configured as valid. This is 180 degrees from blacklisting systems like Anti-Virus who only stop activities if the attacker is on a list of known bad actors. Seems like a great technology especially on systems where once you get it configured you typically leave it alone. We’re working on getting it up and running but it’s been a bit painful. They deliver the app via on OVA package that you are supposed to just import and run. Well, a little work in Ubuntu and Webmin later we’re finally running. I’ll have to say that so far I’m a little skeptical, at least as far as the UI goes. Supposedly the fact that I don’t have a gateway is causing all kinds of problems. Well, I operate my system in an ultra secure fashion, not connecting to external systems.. obviously I’m not going to have a gateway. They’ve also chosen to use Silverlight for the UI. That’s pretty and fancy but how comfortable are you that all the security bugs have been worked out of the technology.
Anyway, I suspect that once we’re all up and running the technology itself will work great, just getting a little frustrated with the process getting there. I’ll post an update after we rebuild things this afternoon with the service guy to see how it goes.