Item 6: Web Application Firewall

pyknicassortedSecurity

Nov 3, 2013 (3 years and 5 months ago)

118 views


Page 1
1

of
13


Item 6: Web Application Firewall

Installation, configuration, implementation, & any needed service or management
Software & Hardware. For Appliance Based web application firewall solution with
following specs.

6.1

Web Security



Dynamic Profile (White List se
curity)



Web server & application signatures



Reputation



HTTP RFC compliance



Normalization of encoded data

6.2

Application Attacks:



Anonymous Proxy Vulnerabilities



Brute Force Login



Buffer Overflow



Cookie Injection



Cookie Poisoning



Corporate Espionage



Cre
dit Card Exposure



Cross Site Request Forgery (CSRF)



Cross Site Scripting (XSS)



Data Destruction



Directory Traversal



Drive
-
by
-
Downloads



Forceful Browsing



Form Field Tampering



Google Hacking



HTTP Denial of Service



HTTP Response Splitting HTTP



Verb

Tampering Illegal Encoding



Known Worms



Malicious Encoding



Malicious Robots



OS Command Injection



Parameter Tampering



Patient Data Disclosure



Phishing Attacks



Remote File Inclusion Attacks


Page 1
2

of
13




Session Hijacking



Sensitive Data Leakage (Social Security N
umbers, Cardholder Data, PII, HPI)



Site Reconnaissance



SQL Injection



Web Scraping



Web server software and operating system attacks



Web Services (XML) attacks



Zero Day Web Worms


6.3

HTTPS/SSL Inspection



Passive decryption or termination



Optional HSM for S
SL key storage

6.4

Web Services Security



XML/SOAP profile enforcement



Web services signatures



XML protocol conformance

6.5

Content Modification



URL rewriting (obfuscation)



Cookie signing



Cookie encryption



Custom error messages



Error code handling

6.6

Platform Security



Operating system intrusion signatures



Known and zero
-
day worm security

6.7

Advanced Protection



Correlation rules incorporate all security elements (white list, black list) to detect complex,
multi
-
stage attacks

6.8

Authentication




All authentication methods suppo
rted transparently and inspected in bridge and non
-
inline
monitor modes. Can actively authenticate users in proxy mode.




Support for RSA Access Manager for two
-
factor authentication



Support for LDAP (Active Directory)



Support for SSL client certificates

6.9

De
ployment Modes



Transparent Bridge (Layer 2)



Reverse Proxy and Transparent Proxy (Layer 7)



Non
-
inline sniffer


Page 1
3

of
13


6.10

Management



Web User Interface (HTTP/HTTPS)



Command Line Interface (SSH/Console)

6.11

Administration



Logging/Monitoring



SNMP



Syslog



Email



Integrated grap
hical reporting



Real
-
time dashboard

6.12

High Availability



IMPVHA (Active/Active, Active/Passive)



Fail open interfaces (bridge mode only)



VRRP



STP and RSTP

6.13

Enterprise Application Support



SIEM/SIM tools: ArcSight, RSA enVision, Prism Microsystems, Q1 Labs, TriGe
o, NetIQ



Log Management: CA ELM, SenSage, Infoscience Corporation
.


6.14

Training



Training in the appliance administration for 2 people Min.