Earlier this week at a press event in Barcelona, HP announced a new type of digital vaccine (DV) called Application digital vaccine (AppDV) for their TippingPoint Intrusion Prevention System (IPS).
Marius Haas, senior vice president and general manager of HP networking, explained that TippingPoint eliminates patch lag-time risk by providing “day zero protection.” This is possible thanks to the research HP conducts at its DVLabs, Haas said.
As an example of the protection AppDV can provide, Haas cited vulnerabilities such as those in Adobe’s Acrobat Reader application which has been used as a way for malware to attack computer systems.
In addition to application management and control, bandwidth usage can be rate limited with AppDV as well, Haas said.
Michael Callahan, director of worldwide security product marketing at HP, said that AppDV combines exploit protection with application control.
Application blocking: BitTorrent
The University of Leeds in the UK was presented as an AppDV success story, with Dave Neild from network development services at the university called on to speak about their implementation.
Neild said that they experienced two major problems outside the normal malware attacks on their network: Peer-to-peer (P2P) traffic was using up a large amount of bandwidth and the university was receiving a large number of cease & desist copyright violation notices.
The notices caused administrative overhead as students found violating the university’s policies on downloading and distributing copyrighted material are cut off from the network, Neild explained. This causes the student to complain, which in turn results in a meeting with the student to explain what had happened before their account will be reinstated.
To try and solve their problem the university blocked BitTorrent traffic from the network using TippingPoint and an AppDV filter.
Not only was there a significant improvement in network performance, Neild said, but they have not received a single cease & desist notice since implementing the filter.
Unfortunately this blocks legitimate uses of BitTorrent such as downloading patches for StarCraft 2 and World of WarCraft, both video games from Blizzard Entertainment.
According to Neild exceptions are made for users who complain about not being able to download the patches. AppDV is able to allow access to BitTorrent on a per-user basis and Neild says that they warn students not to abuse their ability to make use of BitTorrent.
Callahan explained that in addition to blocking certain applications, rate-limiting is also possible. From the explanations provided it sounded very similar to the shaping, or traffic prioritisation used by most Internet Service Providers (ISPs) in South Africa.
If cease and desist notices are a concern then completely blocking BitTorrent seems to be a very effective way of getting rid of the problem.
If you’d like to keep a larger base of your users happy given certain bandwidth constraints however, rate-limiting BitTorrent and other peer-to-peer applications might be the better option.
Blocking torrents: New HP tech very effective << Comments and views
Jan Vermeulen was a guest of HP at a media and partner event in Barcelona