In SOX, HIPAA, GLBA, and CA SB-1386 the implementation of security standards such as the age of the network, a successful attack will give your business website to bring much to lose? Legal protection of business sensitive data need to address the following questions:Web resources, protection of critical resources which method? protect these valuable resources applications require much investment? How do I know we've got protection, in particular, the application itself can only provide limited security record? how we customizedapplication for protection?
Web browser is now the application of internal and external access and a standard user interface, compared to the preparation of fertilizer for each application client, Web means significant savings in investment, and therefore, Web application in the IT industry has been spread rapidly.
Initially designed using Web browser Web application purpose is to share information or access to static, and not focus on safety design.Relative safety of the fat from the transition to a less secure client browser - thin client to bring two challenges: the reduction of application security and security needs, such as upgrading to spend a higher cost.A lot of exposure to front-end web applications in development time did not even take into account the situation of being attacked..
In this context, a new technology, Web application firewall produced.It can effectively reduce the cost of the implementation of site security.The Barracuda Application Firewall is the leading product in this new product.
The old method does not work
Early in the deployment of static DMZ Web server is a standard security model, Web data center build outside the corporate firewall so that visitors can visit the Web site free, but they can not freely access the enterprise's internal network and systems.Now, through the Web to access the Web application is not only internal users, it is directly exposed to the Internet, so Internet users to access, the traditional concept of DMZ area has does not apply to current security needs.
Today, Web application security on the development of the best ways to protect the small number of key Web services applications.That the best way to summarize in one sentence - fix the code.Totally dependent on the security of Web applications developers constantly update the program.
However, unless developers can find the hackers and timely repair before the program loopholes, otherwise the web is always in the system under the threat of hackers.When the program is fewer, the patch application security maintenance mode is possible; but if an application has hundreds of hundreds of applications, the cost of repair work of the code would be extremely expensive, this security model is almost maintenance work.However, Web application firewall can prevent unknown application vulnerabilities, thereby reducing maintenance costs to improve availability.
Reduce the losses caused by unsafe
Given the complexity of procedures, especially those systems that process huge number, Web application developers can not or unable to recognize and repair all bugs.The vast majority of enterprises, whether for internal or external users to access, run the program is running, often have a number of security vulnerabilities.Losses due to unsafe code in the case of the media reports almost every day, in addition to these public messages, and many did not report the attack.In addition, even more attacks did not detect --- which may have very important information obtained by hackers.
By blocking those used by hackers to access the application method, application firewalls to prevent hacking into those vulnerable program, without changing the application's code! This:
◆ reduce customer data, trade secrets, employee information, financial information and other sensitive data leakage possibilities.
◆ reduce the disclosure of information arising from the possibility of legal action.
◆ reduce the security problems caused by stock price fell, the image damage, reduce the credibility of the possibility of customers.
◆ earlier regulations on the corporate network comply with security regulations such as: (SOX, GLB, HIPAA, CA SB -386)
The method used by hackers to attack to stop to avoid the need for immediate repair procedures, and procedures to prevent the biggest attack to reduce losses.
Used to speed up application
Currently, a new web application vulnerability detection tools need to go through the test before you can use.Usually such tests can always find loopholes in many applications, but more important is that this may result in loss of customers.If no application firewall, you must be a loophole for each program to repair, and then repeated the test, until sure no holes, the application only to the market; which could lead to missed opportunities.If deployed application firewall, you can immediately test to be applied if we find loopholes in firewall protection, you may first release the application without fear of being attacked, then you could easily arrange rehabilitation program vulnerabilities, and fixed in later versionsThese vulnerabilities.This means that you can be released earlier application, while generating economic benefits of these applications earlier.
Just think, invest 50 million yuan to develop a web application, put into use as early as 3 months will bring you what the economic effects?
Easy to maintain
If the economic value of an application, it will upgrade and solidified into a product.Application firewall for application upgrades and products of the two important roles:
First of all, obviously, the application firewall can prevent attacks on the system.Secondly, if you are attacked or you through the audit and assessment, found loopholes in your system, you may need to apply the system offline until the flaw is fixed, patches are tested and applied.But if application firewall to protect your vulnerability, you can repair the system while continuing to run applications.For example: By law, the German financial industry users need to patch after 7 days of testing.So as to avoid the application of the patch is black.Only applications that comply with the firewall rules can be applied without interruption.
Another example is an old application, if the original development team has gone to maintain it, if at a later audit or test found a serious flaw, then the cost of repairing the flaw may not be high to bear.But if there are application firewall protection, we can continue to use the online application looks hopeless fix.
Optimize operations
Patch Management
Software platform providers (such as OS, DBMS, App Server, packaged applications) need to constantly provide security for their products, patches, and sometimes these patches are very important need to upgrade now, or they will suffer great cause significant loss of broken ring, the applicationfirewall to protect these applications until the vulnerability can be fixed.This way, you do not have 7 * 24 hours of fear, could easily set using the windows patch upgrade programs such as the plan manager.
Log consolidation and management
Web application firewall can log all data traffic: the legal record or block the attack.These logs are in descending order, with time stamp and data tag.This makes the data safe.Its advantage is that you have your application together with a log, so when you do not have to query each server log query log.You may therefore be possible to solve every 2-3 hours of work time.Moreover, the low security level log its accuracy is worth your trust?
Hidden internal structure, easy to publish applications
Web application firewall address translation by the directory into the internal access to external address, without the need to reconfigure the internal exposure or the domain name.The address is converted to the internal no external name associated with the malicious visitors will be difficult to know the access path and the target.So that you can launch applications faster.
Effective management of security policies
The new service will add it to web applications automatically inherit the system security policy, and the new web application security policy, you can copy and paste the other application's security policy, and then make the appropriate changes on the line, improve the management of security policyefficiency.
SSL Management
Barracuda web application firewall with SSL encryption and decryption functions.
SSL initialization
Barracuda application firewall can encrypt application settings is very simple, look initialize SSL-enabled features, the application of this function will be SSL encrypted.This way, you do not have to be modified in the application to support SSL, do not have to increase through to the server hardware to solve, but it will not cause the service to respond to slow down.
Certificate Authority Certificate of merger &
Barracuda web application firewall can post and manage SSL certificates.You can buy a public certificate Barracuda for release for the Internet and internal systems are not required to be purchased separately.You can use the certificate issued to your business partners so that they can use SSL to access an authorized application.
Barracuda Web Application Firewall feature
Barracuda described above is the general application firewall features, in addition, its high-end models of the product NetContinuum also has special properties.
ASIC-based architecture
Application of high-end firewall Barracuda series - NetContinuum is currently on the market the only ASIC-based application firewall configuration will bring very high:
◆ greatly enhanced performance, capable of supporting more traffic, increase availability, ensure the system is stable, integrated SSL acceleration.
◆ Another way is to install the software on Wintel architecture in commercial operating systems, but the performance will bring down the system itself will be more loopholes.
◆ will be scattered in the security management of multiple servers together in one piece of equipment, greatly facilitates the management, offers the best security.
◆ network device management.Its operation is similar to the management of network devices, is relatively simple; and not as complex as server management.
◆ integrated load balancing, support for caching to provide high performance and high throughput.
Enhancements
Barracuda by NC-1000 is the only ICSA-certified firewall and network firewall application.It contains a complete firewall, FTP, and SSL security support for FTP, for data centers, it is the only support Layer 2-7 firewall security.
NC-1000 supports traffic management functions, so that web can facilitate the expansion of data center servers and applications, to rapidly improve performance.Meanwhile security has been strengthened.
Conclusion
Today, whether internal or external, to access the application server using a browser into the mainstream, Barracuda is a web application firewall can return to your site the best network security equipment.