Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

Transcription

1 Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration 1. Development History 2007 First published Web application firewall with transparent proxy in domestic 2008 Mingyu Web application firewall was used in portal sites of governments and enterprises 2008 Mingyu Web application firewall was the first WAF product used in the core trading system of domestic finance industry 2009 Developed various types of Web application firewall with concurrency more than 100,000 connects 2009 Mingyu WAF was used successfully in China Mobile online business with most traffic in domestic 2010 Mingyu WAF was selected by China center government as qualified security product Asia market share of Mingyu WAF was on top three based on Frost & Sullivan statistics 2.Function Function Resist more than 30 WEB attacks Check protocol rules Resist WEB scanner to scan Prevent sensitive information leakage Prevent CC attack Performance More than 30 attack signatures are built in the system to protect the system against SQL injection, file injection, command injection, configuration injection, LDAP injection and XSS etc. With deployment of WAF, WEB attack behaviors are blocked automatically. Enable WEB active defense function by checking HTTP protocol rules, including request- header length limitation, request- code type limitation to block most illegal anonymous attacks. WAF can automate identifying scanning behavior from one scanner and intelligently block scanning behavior from Nikto Paros proxy WebScarab WebInspect Whisker libwhisker Burpsuite Wikto Pangolin Watchfire AppScan N- Stealth Acunetix Web Vulnerability Scanner. WAF has ability to detect the content with two- ways. Enable identifying sensitive information in server page and protecting the information leakage, such as server fault information, database connect file information, WEB server configuration, users private information continuously occurring in sites, which WAF can identify and provide protection upon relevant rules. Upon URL access frequency statistics, detect CC attack source by Page 1 / 5

2 Prevent hotlinking behaviors Track application program errors Prevent tampering static webpage WEB application acceleration WEB load balance Website access audit 3. Feature modeling access behaviors and take measure of time lock to prevent CC attacks from external network. The function can solve password blasting problem caused by lagging in verification code technology. Mingyu WAF supports various algorithms of identifying hotlinking against information theft behaviors, including single source hotlinking, distributed hotlinking, malicious data collection. Ensure the site source only accessed through this Site. Mingyu WAF can record error information in application program automatically and classify it as important reference when programmers need to analyze reason and remedy. WAF focuses on security defense of dynamic application program. Considering requirement to protect portal sites from tampering, defense and alert function against tampering static webpage is built in Mingyu WAF. The page to prevent tampering is indicated to user and the system alert on time. Use WebCache technology to accelerate protected website. Enable improvement of access speed by caching static file and dynamically querying multiplexing TCP connection. Enable lightweight load balance of protected sites through WAF and alleviate a single point of failure caused by a single server to ensure site working without interruption. Make access traffic analysis and statistics to indicate real- time trend chart, websites that customers most focus, or areas where customers most often access. Provide important data for business function evaluation. Features Security compliance Powerful defense capability Good Usability Real- time Alert security status Detailed Security logs Multiple security defense measurements Flexible deployment Description Based on compliance requirement in different industries, WEB application is compliant with many regulations, including PCI DSS Built- in defense policies against OWASP top 10. Comparing with other products with a few signatures (SQL injection, XSS) in domestic market, DAS- WAF s signatures library contained more than 30 security signatures to protect specific development languages, WEB server versions CMS against web attacks. DAS- WAF uses the advanced transparent proxy technology with zero environment impact. The signatures library has minimum false- positive rate which was proved well in wide applications. DAS- WAF can analyze and detect real- time security threats automatically. When protected site is attacked, the system can alert security incident automatically to administrator in order to take security measurement right the first time. In application, DAS- WAF can record all detail attack information related with HTTP protocols, including querying URL, POST content, response header, webpage s content. Provide direct evidences for tracking security incidents. Do not affect normal business access upon blocking URL request; Provide blacklist to restrict attack behaviors without interruption. Camouflage response defeats malicious attack behaviors. Enable all transparent deployment, one- arm mode, tracking mode, gateway mode. Available to use it in complex network environments for Page 2 / 5

3 modes Virtual Patching Virtual Host E- commerce environment compliance Support multiple protocols government, finance, operators, education, enterprises etc. Enable virtual patching function through custom rules combination. WAF will block vulnerabilities exploited by attackers to ensure quick remediation without interruption. Enable saving IP addresses through virtual host function, more important to hide real server to enhance site security defense capability. Mostly WEB core business uses SSL encryption and CDN acceleration technology. Normal WEB application firewall is hard to identify who is real access IP or execute access control in application. DAS- WAF uses HTTP data mining technology in application to solve the problem that normal WAF can not do. HTTP 0.9, HTTP1.0, HTTP1.1 WEB 2.0, WAP protocol, xml, webdav 4. Specification Model WAF-200AG WAF-500AG WAF- WAF- 1000AG 3000AG Form Factor 1U 2U 2U 2U Number Available Available Available NA Extendability Electric/ Electric/ Electric Electric/ Optical Type Optical Optical Single power Power Supply Single power supply supply 1+1 Redundant 1+1 Redundant /(Redundant Power Supply Power Supply Power Supply selectable Hardware Available Available Available Available BYPASS Built- in Optical Available Available Available NA Port BYPASS Most Power 300W 400W 460W 460W MTBF >60000 Hours >60000 Hours >75000 Hours >75000 Hours Management Mode WEB configuration Console command- line configuration Table 4-1 Page 3 / 5

4 Mingyu DAS- WAF 5. Typical Application l Core Business System As figure below, Mingyu WAF was deployed in core trading system of network bank. Effectively prevent sensitive information leakage and application attacks. Meanwhile meet compliance requirement in finance business. Good analysis function of application layer enables to identify real access information under HTTP environment very well. l Portal Sites Mingyu WAF is deployed in the front end of portal website server group. Through resistance of scanning, prevention of injection, XSS, back- door attack, reinforce security protection capability of portal website, meanwhile, considered to meet compliance requirement. Through URL white- list function, implement separation of access and security strategy between portal website front- end and management background. With the help of DBAPPSecurity s monitor platform, implement remote security monitor of website through public network. Copyright DBAPPSecurity Ltd All Right Reserved Page 4 / 5

5 E- Commerce Mingyu WAF supports distributed, cluster deployment to provide safety insurance of high performance for e- commerce website. It can implement 7- layer application protection, and do not change high usability of original structure. Through WEB application acceleration module, provide professional acceleration function for e- commerce website to ensure e- commerce website workable well in important three indictors: usability, safety, quickness. Page 5 / 5