AppFW vs IDS / IPS (or DPI) - which is the right solution for you

AppFW vs IDS / IPS (or DPI) - which is the right solution for you

9:03 PM
AppFW vs IDS / IPS (or DPI) - which is the right solution for you -

I had some customer visits very interesting and interactive lately and some questions came about IDS / IPS vs. AppFW. I think we could talk all day about if I did not have other meetings to attend. So why not blog about it :-)

Deep Packet Inspection (DPI) is the best for non-Web protocols where it is not necessary to be a proxy to operate .

  • intrusion detection systems (IDS) are normally passive systems that detect problems and Admins alert users about them
  • Intrusion Prevention Systems (IPS) has such as IDS functionality, but is sitting normally in line with the traffic flow and can also be active in stopping the attacks.

When you deal with the Web application firewall is needed because ...

  1. you must be able to parse through HTTP requests, standardize inputs, and in some cases, make calculations such as credit card numbers, etc.
  2. You must sensitivity of the context of when to allow anything from the block. For example, "O'Brien" is a valid name, but '; select 1 = 1; 'Is not.
  3. You need flexibility with signatures of well-known exact reasons, in addition to the whitelist effectively provide comprehensive protection such as the hybrid model that can provide NetScaler AppFW. View hybrid blog for details.
  4. Need specific actions such as stripping comments in each response versus matching attack signatures against traffic coming exactly like the models.
  5. You can worry impediments as Cross Site Request Forgeries (CSRF), XSS and SQL injection attacks that may not be available in some DPI products. NetScaler can provide complete protection with and without signatures. Not only block malicious requests, but also change the attacks to make it safe or harmless.
  6. You have a security team that is so overly concerned about PCI compliance for auditing, reporting, etc. View PCI compliance blog for details.
  7. Aside from the network status (keeping track of who asked and answered), you want to ensure that the forms, content, cookies, etc. are not altered in transit . An example is what is returned by the server is what is stored at the client and possibly the subsequent application.
  8. You care about forms of protection or integrity of the form of support, then not only will offer NetScaler consistency of form fields, but it is less session. See the blog for details without session

Bottom line :. This is not a against the other; it is to choose the right tool for the right job and good environment.

Next
« Prev Post
Previous
Next Post »
0 Komentar

Subscribe to: Post Comments (Atom)