Web Server Protection

Web Server Protection

Do you host your own websites or offer Exchange, SharePoint, Lync / Skype, FTP or any other kind of web service to your external users? If so, you need web server protection.


Protect your web facing servers





Solution Features & Benefits



> Secure web gateway solutions

> Check to confirm your Internet-facing servers, websites and web apps are up-to-date and securely configured against Internet attackers

> Protect your externally facing servers and applications

> Protect physical and virtual servers

> Prevent breaches & maintain uptime

> Harden web apps against current & emerging threats

> Find and mitigate vulnerabilities

> Add security without modifying web apps

> Stay on top of the latest Security Patches
> Reverse proxy with web application firewall, SSL offloading and authentication

> Auto-discover active servers

> Mitigate DDoS attacks

> Simplify Compliance

> Address compliance requirements such as PCI DSS 6.6 that require web app firewalls

> PCI Compliance Reporting

> Block access from prohibited countries

> Restrict transmission of sensitive types of content or files


DDoS mitigation

> Check and protect against OWASP Top 10 (Open Web Application Security Project)

> Attack protection from L7 DDoS, SQL injection and secure the latest interactive JSON payloads and AJAX applications.

 


Web Server Load Balancing

> Deliver your web applications to users in a reliable, secure, and optimised way.

> Ensure application availability 




Reverse Proxy

Reverse Proxy Authentication

> Replacement feature for Microsoft’s discontinued Forefront TMG 

 


Web Application Firewall

WAF Versus IPS


A signature-based IPS has very little understanding of the underlying application. It cannot protect URLs or parameters. It does not know if an attacker is web-scraping, and it cannot mask sensitive information like credit cards and Social Security numbers. It could protect against specific SQL injections, but it would have to match the signatures perfectly to trigger a response, and it does not normalise or decode obfuscated traffic. One advantage of IPSs is that they protect the most commonly used Internet protocols, such as DNS, SMTP, SSH, Telnet, and FTP.

> Continuous Real-Time Assessment of Web Applications

> Secures web applications in traditional, virtual, and private cloud environments

> Secure the latest interactive web applications web 2.0

> Application-specific XML filtering and validation functions that ensure that the XML input of web-based applications is properly structured


> Ensure application availability

> Intercept traffic to your servers - protect against hacking, tampering and attacks

> Protection against including SQL injection, cross-site scripting and directory traversal

> Anti virus scans all inbound files and content



Cloud-Based Application Protection

Cloud Application Firewall

Large-scale applications developed specifically for a cloud are often very complex, with a design focus on access speed and scalability. Many cloud applications also provide flexibility for third-party development through an open API. For example, Salesforce.com, Google Docs, Facebook, and Twitter, are all good examples of APIs exposed to allow access from custom applications. These ‘as a Service’ applications are developed in two ways today: (1) by moving on-premise applications to the cloud, and (2) by developing and operating applications directly in the cloud.

Applications that migrate out of your internal company network and into a public cloud infrastructure carry the risks of exposing protected software to external threats that they were not designed to handle. Common security threats include injection attacks, and cross-site scripting or cross-site request forgery.


Server Hardening

URL & form hardening

 
> Validates the information submitted by visitors via forms on your web sites.


> Enforces the requests that a visitor is allowed to make; restricting them to valid ones only. This  means if you have left a directory open, misconfigured a script / application, or otherwise left your site open to exploitation, this feature will act as a shield.


> Form hardening ensures malicious scripts and code cannot be entered.


> Prevent database exploitation and cookie protection makes sure cookies are signed to prevent tampering.


> Securing Citrix and Windows Terminal Servers


 

Server Configuration Change Detection

> Detects improper change, including additions to, deletions from and modifications of file systems. It also determines what changed and where and when the change was made. In addition, it helps support change management processes, audits and data forensics by identifying the source of improper change through correlating event logs.

> Alerts to improper change when and where needed with alerts sent in multiple ways–email, syslog, SNMP traps, XML and HTML output.




SSL Offloading

> Enable secure remote connectivity to your web servers

> Secure we traffic over the internet with HTTPS

> Inspect SSL sessions

> Fully terminate SSL connections to identify potentially hidden attacks - and do this at high scale and high throughput. 

 


Authentication

Secure unified global web access


> Enable BYOD, identity federation, secure accelerated remote access, virtual desktop infrastructure (VDI), Exchange migration, SharePoint deployments, and web access management, with OAM (Oracle Access Manager), XenApp, Exchange, and VMware View to reduce infrastructure and management costs.

 

Server Patching


> Identify and alert to web server vulnerabilities - what needs updating

> Virtual patching for zero day / multi blend vulnerabilities (virtual, so that you are not changing the configuration of Production Assured Servers) 


 
Application Discovery and Cataloging

Find New and unknown web apps in your network


Web applications can be put onto your network by almost anyone in your organisation – and can just as easily be forgotten (large organisations can have hundreds or even thousands of apps). Reduce risk by automatically finding the official and “unofficial” apps that may be hiding in your environment.


Audit & Reporting

> You get a full transaction log of all activity in readable format. Daily activity reports and usage graphs are available on-box without the need for separate reporting products.

> Know if you're PCI compliant - before your audit. 

You can check whether your systems are PCI compliant at any time, allowing you to address issues early and submit quarterly PCI results once you know you've already passed. 
 


Solution Deployment options

> Hardware, software, virtual or even in the cloud

> Fully managed 24x7x365 fast deployment for public or private cloud apps

> (Amazon EC2 or VMware vCenter)


No special hardware to buy or maintain. Instead, virtual machine images containing WAF sensor software are deployed alongside your web applications (SSL or plain text) in either your public or private cloud environment. 






Contact us today to discuss your requirements in more detail.



P: +44(0)7714 209927

S: +44(0)1273 329753

info@securenetconsulting.co.uk