Development and evaluation of a secure web gateway with messaging functionality : utilizing existing ICAP and open-source tools to notify and protect end users from Internet security threats.

Abstract

Secure web gateways aim to protect end user systems against web based threats. Many proprietary commercial systems exist. However, their mechanisms of operation are not generally publicly known. This project undertook development and evaluation of an open source and standards based secure web gateway. The proof of concept system developed uses a combination of open source software (including the Greasyspoon ICAP Server, Squid HTTP proxy, and Clam Antivirus) and Java modules installed on the ICAP server to perform various security tasks that range from simple (such as passive content insertion) to more advanced (such as active content alteration). The makeup of the proof of concept system and the evaluation methodology for both effectiveness and performance are discussed. The effectiveness was tested using comparative analysis of groups of self-browsing high interaction client honey pots (employing a variety of security measures) and recording different system alteration rates. Performance was tested across a wide range of variables to determine the failure conditions and optimal set up for the components used. The system developed met the majority of the goals set, and results from testing indicate that there was an improvement in infection rates over unprotected systems. Performance levels attained were suitable for small scale deployments, but optimization is necessary for larger scale deployments.