Posts

Protect Web Applications Running Private, Public or Hybrid Cloud Environments

With the number of attempted web attacks ranging up to millions over the course a year, you need to ensure web application security. You need a solution that protects both your public and internal web properties.

Why you need a web application firewall

Today’s businesses strive to provide the highest possible service experience and engagement through different types of interactive web applications and user-friendly mobile applications. Over half of the world population uses the internet. Ninety three percent of them now go online, and perhaps stay online longer, using their mobile devices as opposed to their computers.

With the addition of the Internet-of-Things (IoT), we have now added tens of billions of devices already connected, communicating and exchanging data through web and mobile applications today — from TVs, digital wearables, cars, gaming consoles and vending units, to all sorts of smart appliances. This makes web applications more critical now than ever before. You need keep them all online and safe.

What makes a good web application firewall?

An ideal   solution requires a comprehensive foundation for application security, data leak prevention, performance and management. With most web servers vulnerable to a wide spectrum of web-based exploits, you need a dynamic web application firewall to provide continuous real-time protection for web properties, whether they are hosted on-premises or in the public cloud. A best-practices WAF solution requires feature-rich web security tools and services to keep web properties safe, undisrupted and in peak performance every single day.

SonicWall Web Application Firewall

Our award-winning solutions give you a defense-in-depth strategy to protect your web applications running in private, public or hybrid cloud environments. It offers you a complete, out-of-box compliance solution for application-centric security that is easy to manage and deploy.

The SonicWall WAF series arms you with advanced web security tools and services to protect your data and web properties against modern, web-based threats. It applies deep packet inspection of Layer 7 web traffic against a regularly updated database of known signatures, denies access upon detecting web application threats and redirects users to an explanatory error page.

In addition, the SonicWall WAF baselines regular web application usage and behavior, and identifies anomalies that may be indicative of attempts to compromise the application, steal data and/or cause a denial of service (DoS).

SonicWall WAF employs a combination of signature-based and application profiling deep-packet inspection, and high-performance, real-time intrusion scanning engine, to dynamically defend against evolving threats, as outlined by the Open Web Application Security Project (OWASP), as well as more advanced web application threats like denial-of-service (DoS) attacks and context-aware exploits.  Moreover, it learns, interrogates and baselines regular web application usage behaviors and identifies anomalies that may indicate attempts to compromise the application, steal data and/or cause a denial of service.

The WAF series gives you economy-of-scale benefits of virtualization. You can deploy it as a virtual appliance in private clouds based on VMWare or Microsoft Hyper-V; or in AWS or Microsoft Azure public cloud environments. This gives you all the security advantages of a physical WAF with the operational and economic benefits of virtualization, including system scalability and agility, speed of system provisioning, simple management and cost reduction.

Acceleration features include load balancing, content caching, compression and connection multiplexing to improve performance of protected websites, and significantly reduce transactional costs. A robust dashboard gives you an easy-to-use, web-based management interface featuring status page overview of all monitoring and blocking activities, such as signature database status information and threats detected and prevented since boot-up.

The is available in four models that represent their inspection capacities and can be deployed on a broad range of public cloud, private cloud and virtualized deployment use cases.

To learn more about protecting web applications, explore our latest solution brief, “Best Practices for Web Application Firewall.”

BlackNurse DDoS Attack Can Interrupt your Network; Discover how SonicWall Blocks

Whenever there’s talk of a DDoS (distributed denial-of service) attack, network administrators think of multiple systems flooding a network device from various locations on the internet. However, when it comes to BlackNurse, a new & quite different type of DDoS, a single laptop can launch the attack to bring down the gateway firewall!

Last week the TDC SOC, Security Operations Center of Denmark Telecom, updated its report stating how BlackNurse, as a non-traditional DDoS attack can harm your network. Typically, a normal ping attack is based on an ICMP Type 8 Code 0, whereas BlackNurse is ICMP Type 3 Code 3. The attack will overload the firewall CPU which, as a result, causes an increase in dropped packets.

Unlike traditional ICMP flood attacks, BlackNurse can consume low-bandwidth pipes and disrupt the operations of your organization. Whether your uplink speed is 100Mbps or even 1Gbps, BlackNurse is effective even at bandwidths as low as 15Mbps.

The typical impact observed on firewalls is high CPU loads. In such cases users on the company’s local network will no longer be able to send or receive traffic to and from the internet. That’s because the firewall is busy processing the heavy load of incoming packets from the attack.

Now as a SonicWall firewall owner the first question coming to your mind is: Am I protected against BlackNurse?

The answer is: YES. All you need to do is to guarantee “ICMP Flood Protection” is enabled in Firewall Settings in user interface (see image below). In order to gain more information on configuring ICMP Flood Protection please refer to the SonicOS admin guide.

Screenshot of ICMP Flood Protection screen

According to Akamai’s September 2016 security report DDoS attacks are on the rise with 70 percent year over year. Security of our customers is our top priority, and SonicWall takes every measure to protect your network against all threats, DDoS included.

Please stay informed and updated with our SonicWall Threat Research updates here.