NSFOCUS Web Application Firewall White Paper
|
|
- Verity Cook
- 8 years ago
- Views:
Transcription
1 White Paper NSFOCUS Web Application Firewall White Paper By NSFOCUS White Paper NSFOCUS
2 NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect to all textual narrations, document formats, illustrations, photographs, methods, processes and other contents, unless otherwise specified, which shall be governed by relevant property rights and copyright laws. Without written permission of NSFOCUS, any individual or institution shall be prohibited to copy or quote any section herein in any way. White Paper NSFOCUS
3 Contents Overview... 1 Key Features of NSFOCUS WAF... 2 Adoption of a Customer Asset Perspective... 2 Optimized Configuration Wizard... 2 Multiple Rule- Based Inspections... 3 PCI- DSS Compliance Report... 4 Layered Security Mechanism... 5 Effective Auto- Learning and Whitelist Creation... 5 Transparent, Drop- in Deployment... 6 Emergency Response through Smart Patching... 7 Typical Deployment... 9 Use Cases Website Access Control Webpage Defacement Prevention Prevention against Sensitive Data Leaks Correlated Protection against DDoS Virtual Website Protection Appendix Business Assets: Definitions WAF Rule Systems: Definitions White Paper NSFOCUS
4 Overview The NSFOCUS Web Application Firewall (WAF) is an asset- focused web security solution. WAF combines blacklist and whitelist mechanisms and integrates multiple web security detection technologies into a complete solution that can be configured for a customer s specific needs. Additionally, NSFOCUS WAF correlates with mature distributed denial- of- service (DDoS) prevention systems. This comprehensive design enables WAF to protect against the OWASP Top Ten and other web security threats in addition to DDoS attacks. WAF offers transparent in- path deployment, router (out- of- path) deployment, and cloud- based deployment, all with a low operating expense (OPEX). Given its easy deployment and economical yet comprehensive features, NSFOCUS WAF is an excellent solution for safeguarding your applications against current and future security threats. In the first section of this white paper, we will present the key features which differentiate the WAF solution. In sections two and three, we will describe typical deployment modes and use cases, with an appendix and definitions following. 1 / 19 - White Paper
5 Key Features of NSFOCUS WAF Adoption of a Customer Asset Perspective NSFOCUS WAF adopts a website tree (user asset list) method to treat the asset inventory and attributes of each asset, including the state, the protocol type, the IP address, and the port number. In addition, WAF takes related security policies, which are collections of security rules, as one of the asset attributes and stores these in the form of templates. Policy templates can be easily reused by websites with different IP addresses and port numbers in similar business environments, making WAF a very adaptable and easy to manage system for our clients. Figure 1: The Asset Perspective of NSFOCUS WAF Optimized Configuration Wizard NSFOCUS WAF offers an optimized wizard tool that confirms client information for operating systems (OSs), databases, web servers, and programming languages. WAF also employs the concept of a website group, which categorizes websites (IP address 2 / 19 - White Paper
6 + port number) with the same or similar OS, and groups web servers or applications into one website group, so that WAF can filter rules specific to customer environments while building website assets. This achieves a precise utilization of blacklist rules in customer environments, reducing false positives and streamlining configuration operations. Figure 2: Website Rules Filtered by the Wizard System Multiple Rule- Based Inspections Rule- based inspections are a basic method used by web application firewalls to detect and block known attacks. The rule database of NSFOCUS WAF has been highly refined based on years of accumulative research on network security. The WAF rule- based protection capabilities include: Web server vulnerability protection Web plug- in vulnerability protection Crawler protection Cross- site scripting protection SQL injection protection LDAP injection protection SSL directive protection XPATH injection protection 3 / 19 - White Paper
7 Command line injection protection Path traversal protection Remote file inclusion protection In addition to rule refinement and diversification, NSFOCUS WAF also applies several mechanisms to ensure the precision and effectiveness of its rules. A. Leading character Most network traffic is legitimate. A traffic pre- screening mechanism improves detection efficiency by matching simple character strings of leading codes. B. Diversified detection locations Supports flexible definitions for detected objects, including any HTTP header fields and HTTP body fields, and various detection algorithms. C. Logical combination of multiple detection conditions Supports logical combination of multiple detection conditions, to enable definitions for complex rules. D. Custom rules Provides custom rules close to natural languages with complicated scenario description capabilities. The custom rules can act on specific URLs, significantly improving the effectiveness and accuracy of the rules. E. Independent rule update Within its compiled rule database, NSFOCUS WAF separates rule updates and system updates. PCI- DSS Compliance Report Regulatory compliance is an increasingly important measure to constrain exposure and ensure information security for enterprises. The Payment Card Industry Data Security Standard (PCI- DSS) is a globally- recognized data security metric related to payment cards which is used to protect consumers, financial organizations, and other merchants and service providers. PCI- DSS specifies security requirements regarding storing, processing, and transferring cardholder data. NFOCUS WAF can determine 4 / 19 - White Paper
8 whether a user assets environment meets the PCI- DSS, with consideration of the current security configurations of the protected websites. WAF then provides configuration suggestions for PCI- DSS compliance, and assists merchants and service providers to prepare for PCI- DSS compliance inspections and to conduct security reinforcement of their information systems. Layered Security Mechanism Based on the layered structure of user assets, NSFOCUS WAF subdivides the protection layer into a default layer(s) and a custom layer(s). The default layer applies to website objects, while the custom layer treats specific assets (specific URLs). Default ProtecQon Layer ( Website Objects) Custom ProtecQon (Asset 1, a URL) Custom ProtecQon (Asset 2, a URL) Custom ProtecQon (Asset 3, a URL) Figure 3: Layered Asset Protection In addition to dedicated protection for Web applications, NSFOCUS WAF also defends against bandwidth- consumption DDoS attacks and application- layer DDoS attacks. This defense is powered by NSFOCUS s independent research on anti- DDoS algorithms and on application- layer DDoS mitigation technologies. By blocking attack traffic in real time, NSFOCUS ensures the availability and continuity of web services at the network layer. When DDoS attack volume overpowers processing capacity, NSFOCUS WAF can correlate with dedicated NSFOCUS Anti- DDoS systems (ADS) to divert and clean the attack traffic. Effective Auto- Learning and Whitelist Creation A blacklist contains certain pre- defined and custom rules. It utilizes a strong knowledge base as a backup to support WAF in protecting against web threats. However, since rule updates are made after an event, the blacklist mechanism best functions to address known security issues. It is not designed to deal with real- time, zero- day exploits. By its nature, a blacklist cannot predict future business logic for a 5 / 19 - White Paper
9 specific customer environment and thus deter attacks with any precision. To make up for inherent defects of blacklist- based detection, NSFOCUS WAF adopts auto- learning and whitelist mechanisms to create enhanced detection of zero- day vulnerabilities. Taking advantage of statistical auto- learning technology, the WAF appliances analyze user behaviors and HTTP request parameters of specified URLs. By doing so, WAF gathers not only an intact display of the business logic of the target websites, but also helps administrators to build whitelist rules around legitimate business traffic. Figure 4: Effective Auto- Learning and Whitelist Creation As a comprehensive protection procedure, NSFOCUS WAF first employs blacklist rules to solve known security risks, and then uses auto- learning and the whitelist as a complement to mitigate security risks at the business logic layer. This allows NSFOCUS WAF to better fit into customers business environments, and to pinpoint zero- day vulnerabilities with higher speed and efficacy. The NSFOCUS procedure eliminates the need to learn the business environment over a long span of time, which is typically required in the case of sole dependence on a whitelist mechanism. It also frees clients from the need to tune policies frequently with changing business models. Installing NSFOCUS WAF is easy it can be put into operation with drop- in deployment and zero- configuration. Transparent, Drop- in Deployment NSFOCUS WAF provides flexible deployment modes. The most common one is the drop- in transparent deployment which requires no changes to existing applications or 6 / 19 - White Paper
10 networks. And in this mode, WAF also offers default protection policies and default network interface configuration functions, shortening the time needed to get to go- live to less than half an hour. Two router (out- of- path) modes, reverse proxy and out- of- path traffic diversion, are also available. The reverse proxy mode reduces the single point of failure (SPOF) and enables WAF to exert its optimized capabilities, while the out- of- path traffic diversion features flexible deployment locations. Since WAF and web servers can be placed in different security zones, this mode is widely used in cloud- based WAF services worldwide. Emergency Response through Smart Patching NSFOCUS WAF can correlate with cloud- based NSFOCUS WebSafe Services (WSS) or NSFOCUS Web Application Vulnerability Scanning Systems (WVSS), and receive vulnerability scanning reports about protected websites from them. Then, based on its existing rules, NSFOCUS WAF automatically generates a new set of rules called Smart Patch to apply to the protected websites. When the protected websites are remediated with Smart Patch, previously scanned web application vulnerabilities can never reappear. Figure 5: Smart Patching Smart Patch leverages the web vulnerability awareness of NSFOCUS WSS and WVSS, as well as the rule systems of WAF. With no change to the configurations of the protected websites and no additional burden on devices, Smart Patch can effectively minimize any security risks caused by frequent business updates or by lack of timely 7 / 19 - White Paper
11 patching. It also helps customers to satisfy security compliance in real time. 8 / 19 - White Paper
12 Typical Deployment NSFOCUS WAF offers flexible deployment options, including transparent, reverse proxy, and out- of- path modes. With in- path deployment, NSFOCUS WAF supports a transparent proxy at the TCP/IP protocol stack in the kernel module, which considerably accelerates network adaptability. This mode not only ensures drop- in deployment without any change to the network or to server configurations, but also reduces deployment and maintenance costs. For the reverse proxy mode, DNS resolution and change of server IP addresses are required. The bridge deployment mode uses the IP address of the web server as the virtual IP address (VIP) at the expense of some capabilities, such as SSL. In the network environment with servers deployed in multiple network segments, the NSFOCUS WAF appliance can also be deployed in out- of- path mode to provide logical online protection. This deployment has advantages in flexibility, traffic shunting, and making only minor impacts on core systems. The technical principles of this out- of- path mode are: 1. Traffic diversion. Traffic destined for the IP address of the target websites is diverted to WAF appliances. The diverted HTTP traffic is a mixture of web attack traffic and legitimate traffic. 2. Traffic detection and filtering. Web attack traffic is filtered out of the blended traffic through multi- layer identification and purging functions. 3. Traffic reinjection. The filtered legitimate traffic is redirected to the network and allowed to flow to the destination website. 4. Response traffic inspection. The website s response HTTP traffic is inspected before the returning to the client side. 9 / 19 - White Paper
13 Figure 6: Typical WAF Deployment 10 / 19 - White Paper
14 Use Cases Website Access Control Some website paths may restrict to certain IP addresses, while some may open access to any IP address. In response to this, NSFOCUS WAF offers HTTP access control functions via in- path, out- of- path, and reverse proxy deployments. Using HTTP access controls, users can control access permissions while also correcting false positives, such as allowing some URLs to pass without any check. Most web servers with access control requirements have been configured with certain security policies. However, most security policies may not implement stringent inspections on host names, leading to potential security policy bypass risks. Through explicit configuration, NSFOCUS WAF allows only specified host names to access. This prevents permission abuse risks at the security policy configuration layer, ensuring strict implementation of access controls. Webpage Defacement Prevention NSFOCUS WAF offers online protection to prevent webpage defacement during an event and to remediate any affected systems after the event. WAF filters defacement traffic (such as SQL injection and XSS) which is mixed in with HTTP requests. After the event, WAF automatically monitors the integrity of all protected webpages. If webpage defacement is detected, WAF will immediately alert the administrator by SMS, and will display the stored correct version of the webpage to ensure the website s integrity view for its users. Prevention against Sensitive Data Leaks NSFOCUS WAF can identify and correct business processes which are using wrong web applications. WAF can also detect and block leaks of sensitive data to maintain regulatory compliance and meet audit requirements. WAF can: 1. Customize a search of illegal sensitive keywords, and automatically filter these keywords to avoid any related illegal content being published to the public. 11 / 19 - White Paper
15 2. Provide granular HTTP access controls to prevent unauthorized access to URL links which are not included in the website data directory tree. This could include directories not intended for public access, stealth links which have been publicized without authorization, and web login interfaces. 3. Proactively protect the website. Filter errors at the server side, including error types, absolute paths with invalid scripts, absolute paths to webpage directories, incorrect SQL sentences and parameters, software versions, and system configuration information. This can prevent sensitive data from being exploited by hackers as an entry point to access customers assets. 4. Supervise and protect against leakage of sensitive data. Filter and act upon sensitive data included in server response traffic, including PII numbers and credit card numbers. Correlated Protection against DDoS NSFOCUS WAF provides TCP flood mitigation functions. When a DDoS attack occurs and the traffic volume exceeds the threshold value of NSFOCUS WAF, WAF can correlate with the scrubbing center of the dedicated NSFOCUS Anti- DDoS system (ADS), to achieve a layered traffic cleaning. The working scenario of NSFOCUS WAF and the DDoS scrubbing center is as follows: 1. NSFOCUS WAF uses its TCP flood prevention module to block DDoS attack traffic below a certain threshold value. 2. When the attack traffic exceeds the threshold value of NFOCUS WAF, WAF notifies and requests the upstream ADS scrubbing center to divert and clean the attack traffic destined for the WAF- protected websites. 3. When the ADS scrubbing center successfully diverts and cleans the attack traffic, NSFOCUS WAF disables its TCP flood protection function. 4. When WAF detects that the attack traffic cleaned by the upstream ADS scrubbing center is less than its threshold value, WAF calls the upstream ADS to suspend its traffic diversion and cleaning, and enables the WAF TCP flood function. 12 / 19 - White Paper
16 Figure 7: Correlated Protection by NSFOCUS WAF and NSFOCUS ADS This correlated protection solution is a critical feature of NSFOCUS s web security solutions. This solution benefits clients with its rational on- demand utilization of WAF s anti- DDoS module along with the cleaning resource of the scrubbing center, by automatically judging and controlling the cleaning layers based on the actual volume of attack traffic. Virtual Website Protection With the expansion of data centers and the myriad business diversifications of a hosted website, hosted websites are frequently using one IP address to match different domain names to one virtual website. For IP+Port defined websites, NSFOCUS WAF can configure different domain names matching the protected IP address, and use different policies for different domain names of the virtual websites, and thus ensure that policy configurations fit the client s various business scenarios. In addition to safeguarding the hosted websites, this also gives data centers an additional business opportunity in offering web security services to their customers. NSFOCUS has already been enabling our domestic and overseas clients with this value- added revenue opportunity. 13 / 19 - White Paper
17 Appendix Business Assets: Definitions 1. Website: Figure 8: Definition of Website 2. Host Name: Host Domain Port Figure 9: Definition of Host Name 3. URI: Parameter-name Parameter-value GET /index.php?a=1&b=2 HTTP/1.1\r\n Method URI-path URI Parameter Query-string Parameter Version Figure 10: Definition of a URL and Relevant Fields WAF Rule Systems: Definitions 14 / 19 - White Paper
18 The rule systems of NSFOCUS WAF are defined as follows: 1. Rule: A character string for the signature detection of specific objects based on HTTP traffic. 2. Policy: A set of rules and the actions of the rule set, which can be used to define policy exceptions. 3. Policy exception: Permission for attack signatures for targeted specific objects, or a specific rule of a policy. 4. Whitelist rules: Description of legitimate traffic to a website, generated by auto- learning traffic signatures of the protected websites or by custom. 5. Smart patch rule: A targeted custom rule generated by the smart patch system, based on vulnerability information from protected websites. 6. Leading character (code): A sub- string of simple character strings in a rule. 15 / 19 - White Paper
19 Please contact us to see how NSFOCUS can work for you: For more information about NSFOCUS products and services, contact one of our NSFOCUS sales offices: NSFOCUS Global TEL: info- NSFOCUS Japan TEL: info- jp@nsfocus.com Visit NSFOCUS on the Web at: NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect to all textual narrations, document formats, illustrations, photographs, methods, processes and other contents, unless otherwise specified, which shall be governed by relevant property rights and copyright laws. Without written permission of NSFOCUS, any individual or institution shall be prohibited to copy or quote any section herein in any way. About NSFOCUS NSFOCUS is a global leader in active perimeter network security for service providers, data centers, and corporations. Through our network security solutions including our industry- proven Anti- DDoS System, Web Application Firewall, and Network Intrusion Prevention System, NSFOCUS helps clients to secure their networks and protect critical data and customer information. Learn more at 16 / 19 - White Paper
NSFOCUS Web Application Firewall
NSFOCUS Web Application Firewall 1 / 9 Overview Customer Benefits Mitigate Data Leakage Risk Ensure Availability and QoS of Websites Close the Gap for PCI DSS Compliance Collaborative Security The NSFOCUS
More informationMingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway
Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration
More informationNSFOCUS Web Vulnerability Scanning System
NSFOCUS Web Vulnerability Scanning System Overview Most Web application systems are tailor-made and delivered in source codes by Customer Benefits Accurate Analysis on Website Vulnerabilities Fast scan
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationArrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015
Arrow ECS University 2015 Radware Hybrid Cloud WAF Service 9 Ottobre 2015 Get to Know Radware 2 Our Track Record Company Growth Over 10,000 Customers USD Millions 200.00 150.00 32% 144.1 16% 167.0 15%
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationEnterprise-Grade Security from the Cloud
Datasheet Website Security Enterprise-Grade Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed security
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationImperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers
How to Protect Your from Hackers Web attacks are the greatest threat facing organizations today. In the last year, Web attacks have brought down businesses of all sizes and resulted in massive-scale data
More informationPowered by. Incapsula Cloud WAF
Powered by Incapsula Cloud WAF Enero - 2013 Incapsula Cloud WAF Overview Incapsula Cloud WAF Delivery Model Threat Central 360 Global Threat Detection & Analysis Enables early detection across the entire
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationWebsite Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?
Datasheet: Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-ofbreed
More informationWeb Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week
More informationRadware s Attack Mitigation Solution On-line Business Protection
Radware s Attack Mitigation Solution On-line Business Protection Table of Contents Attack Mitigation Layers of Defense... 3 Network-Based DDoS Protections... 3 Application Based DoS/DDoS Protection...
More informationOut of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet
Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More information2013 MONITORAPP Co., Ltd.
01 Cloud Computing Overview Intelligent Web Application Firewall For Cloud Infrastructure Introduction 2013 MONITORAPP Co., Ltd. 01 Cloud Computing Overview Cloud-based Web Firewall Overview The new form
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationGuidelines for Web applications protection with dedicated Web Application Firewall
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
More informationNSFOCUS Remote Security Assessment System. Overview
NSFOCUS Remote Security Assessment System Overview Network vulnerabilities are an increasingly common issue in today's highly complex computing environments. With exploit attacks appearing faster than
More informationREAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL
REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL AWF Series Web application firewalls provide industry-leading Web application attack protection, ensuring continuity
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationAchieving PCI Compliance Using F5 Products
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
More informationEnd-to-End Application Security from the Cloud
Datasheet Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed
More informationLoad Balancing Security Gateways WHITE PAPER
Load Balancing Security Gateways WHITE PAPER Table of Contents Acceleration and Optimization... 4 High Performance DDoS Protection... 4 Web Application Firewall... 5 DNS Application Firewall... 5 SSL Insight...
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Security Scanning Procedures Version 1.1 Release: September 2006 Table of Contents Purpose...1 Introduction...1 Scope of PCI Security Scanning...1 Scanning
More informationBarracuda Web Site Firewall Ensures PCI DSS Compliance
Barracuda Web Site Firewall Ensures PCI DSS Compliance E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012
More informationIBM. Vulnerability scanning and best practices
IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration
More informationIndusGuard Web Application Firewall Test Drive User Registration
IndusGuard Web Application Firewall Test Drive User Registration Document Version 1.0 24/06/2015 Confidentiality INDUSFACE HAS PREPARED THIS DOCUMENT FOR INTERNAL PURPOSE. NEITHER THIS DOCUMENT NOR ITS
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationWhite Paper A10 Thunder and AX Series Load Balancing Security Gateways
White Paper A10 Thunder and AX Series Load Balancing Security Gateways June 2013 WP_LB FW 062013 Disclaimer This document does not create any express or implied warranty about A10 Networks or about its
More informationBuilding Energy Security Framework
Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationWeb App Security Audit Services
locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System
More informationF5 Silverline Web Application Firewall Onboarding: Technical Note
F5 Silverline Web Application Firewall Onboarding: Technical Note F5 Silverline Web Application Firewall Onboarding With organizations transitioning application workloads to the cloud, traditional centralized
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationContemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited
Contemporary Web Application Attacks Ivan Pang Senior Consultant Edvance Limited Agenda How Web Application Attack impact to your business? What are the common attacks? What is Web Application Firewall
More informationHow To Block A Ddos Attack On A Network With A Firewall
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
More informationApplication and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium
Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium Organizations need an end-to-end web application and database security solution to protect data, customers, and their businesses.
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationFortiWeb 5.0, Web Application Firewall Course #251
FortiWeb 5.0, Web Application Firewall Course #251 Course Overview Through this 1-day instructor-led classroom or online virtual training, participants learn the basic configuration and administration
More informationFrom the Bottom to the Top: The Evolution of Application Monitoring
From the Bottom to the Top: The Evolution of Application Monitoring Narayan Makaram, CISSP Director, Security Solutions HP/Enterprise Security Business Unit Session ID: SP01-202 Session 2012 Classification:
More informationWHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6
WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL Ensuring Compliance for PCI DSS 6.5 and 6.6 CONTENTS 04 04 06 08 11 12 13 Overview Payment Card Industry Data Security Standard PCI Compliance for Web Applications
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationInformation Technology Policy
Information Technology Policy Enterprise Web Application Firewall ITP Number ITP-SEC004 Category Recommended Policy Contact RA-ITCentral@pa.gov Effective Date January 15, 2010 Supersedes Scheduled Review
More informationV-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks
Enabling Precise Defense against New DDoS Attacks 1 Key Points: DDoS attacks are more prone to targeting the application layer. Traditional attack detection and defensive measures fail to defend against
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationCyberoam Perspective BFSI Security Guidelines. Overview
Overview The term BFSI stands for Banking, Financial Services and Insurance (BFSI). This term is widely used to address those companies which provide an array of financial products or services. Financial
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationWHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6
WHITE PAPER FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6 Ensuring compliance for PCI DSS 6.5 and 6.6 Page 2 Overview Web applications and the elements surrounding them
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationWeb Application Security 101
dotdefender Web Application Security Web Application Security 101 1 Web Application Security 101 As the Internet has evolved over the years, it has become an integral part of virtually every aspect in
More informationHow To Protect Your Network From Attack From Outside From Inside And Outside
IT 4823 Information Security Administration Firewalls and Intrusion Prevention October 7 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationPayment Card Industry Data Security Standard Payment Card Industry Data Security Standard (PCI / DSS)
Payment Card Industry Data Security Standard (PCI / DSS) InterSect Alliance International Pty Ltd Page 1 of 12 Intersect Alliance International Pty Ltd. All rights reserved worldwide. Intersect Alliance
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationFortiWeb Web Application Firewall. Ensuring Compliance for PCI DSS requirement 6.6 SOLUTION GUIDE
FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS requirement 6.6 SOLUTION GUIDE Overview Web applications and the elements surrounding them have not only become a key part of every company
More informationSecurityDAM On-demand, Cloud-based DDoS Mitigation
SecurityDAM On-demand, Cloud-based DDoS Mitigation Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS
More informationAdvanced Administration for Citrix NetScaler 9.0 Platinum Edition
Advanced Administration for Citrix NetScaler 9.0 Platinum Edition Course Length: 5 Days Course Code: CNS-300 Course Description This course provides the foundation to manage, configure and monitor advanced
More informationSERENA SOFTWARE Serena Service Manager Security
SERENA SOFTWARE Serena Service Manager Security 2014-09-08 Table of Contents Who Should Read This Paper?... 3 Overview... 3 Security Aspects... 3 Reference... 6 2 Serena Software Operational Security (On-Demand
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationMcAfee Network Security Platform Administration Course
McAfee Network Security Platform Administration Course Intel Security Education Services Administration Course The McAfee Network Security Platform Administration course from McAfee Education Services
More informationSecure Web Appliance. Reverse Proxy
Secure Web Appliance Reverse Proxy Table of Contents 1. Introduction... 1 1.1. About CYAN Secure Web Appliance... 1 1.2. About Reverse Proxy... 1 1.3. About this Manual... 1 1.3.1. Document Conventions...
More informationBarracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper
Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper Securing Web Applications As hackers moved from attacking the network to attacking the deployed applications, a category
More informationHealthcare Security and HIPAA Compliance with A10
WHITE PAPER Healthcare Security and HIPAA Compliance with A10 Contents Moving Medicine to the Cloud: the HIPAA Challenge...3 HIPAA History and Standards...3 HIPAA Compliance and the A10 Solution...4 164.308
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationNext Generation Firewall
Next Generation Firewall Product Overview SANGFOR Next-Generation Firewall is designed with Application Control, Intrusion Prevention and Web Security in mind, providing deep and fine-grained visibility
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationWhy a Web Application Firewall Makes Good Business Sense How to Stay Secure with AppWall Whitepaper
Why a Web Application Firewall Makes Good Business Sense How to Stay Secure with AppWall Whitepaper Table of Contents Introduction...3 Living on the Edge: Your Unprotected Business is at Risk...3 The World
More informationAttack Vector Detail Report Atlassian
Attack Vector Detail Report Atlassian Report As Of Tuesday, March 24, 2015 Prepared By Report Description Notes cdavies@atlassian.com The Attack Vector Details report provides details of vulnerability
More informationDatacenter Transformation
Datacenter Transformation Consolidation Without Compromising Compliance and Security Joe Poehls Solution Architect, F5 Networks Challenges in the infrastructure I have a DR site, but the ROI on having
More informationBasic & Advanced Administration for Citrix NetScaler 9.2
Basic & Advanced Administration for Citrix NetScaler 9.2 Day One Introducing and deploying Citrix NetScaler Key - Brief Introduction to the NetScaler system Planning a NetScaler deployment Deployment scenarios
More informationlocuz.com Professional Services Security Audit Services
locuz.com Professional Services Security Audit Services Today s Security Landscape Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System layer.
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationIBM Protocol Analysis Module
IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network
More informationApplication Firewall Overview. Published: February 2007 For the latest information, please see http://www.microsoft.com/iag
Application Firewall Overview Published: February 2007 For the latest information, please see http://www.microsoft.com/iag Contents IAG Application Firewall: An Overview... 1 Features and Benefits... 2
More informationANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
More informationProxies. Chapter 4. Network & Security Gildas Avoine
Proxies Chapter 4 Network & Security Gildas Avoine SUMMARY OF CHAPTER 4 Generalities Forward Proxies Reverse Proxies Open Proxies Conclusion GENERALITIES Generalities Forward Proxies Reverse Proxies Open
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationBest Practices for PCI DSS V3.0 Network Security Compliance
Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with
More informationDDoS Protection on the Security Gateway
DDoS Protection on the Security Gateway Best Practices 24 August 2014 Protected 2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by
More informationIJMIE Volume 2, Issue 9 ISSN: 2249-0558
Survey on Web Application Vulnerabilities Prevention Tools Student, Nilesh Khochare* Student,Satish Chalurkar* Professor, Dr.B.B.Meshram* Abstract There are many commercial software security assurance
More informationWhite paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.
TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationHow NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
More informationWeb Application Defence. Architecture Paper
Web Application Defence Architecture Paper June 2014 Glossary BGP Botnet DDoS DMZ DoS HTTP HTTPS IDS IP IPS LOIC NFV NGFW SDN SQL SSL TCP TLS UTM WAF XSS Border Gateway Protocol A group of compromised
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationPAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ
PAVING THE PATH TO THE ELIMINATION A RSACCESS WHITE PAPER 1 The Traditional Role of DMZ 2 The Challenges of today s DMZ deployments 2.1 Ensuring the Security of Application and Data Located in the DMZ
More informationGlobal Partner Management Notice
Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with
More informationWeb Application Firewall
Web Application Firewall Getting Started Guide August 3, 2015 Copyright 2014-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
More informationSonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
More information