Out of the Web application firewall to understand the misunderstanding-to be proactive and passive

It takes a process to play a role

No two network architectures and running on the above application will be exactly the same, so, any security products to really play its role, can not simply put it into the network, it is necessary to constantly adjust the security policy according to the actual situation. The same is true for Web application firewalls.

To make the Web application firewall work well, a complex "process" is needed to gradually adapt to and identify the user's network environment and the various Web applications that may be involved, as well as determine what attacks may exist in the network, what security risks may be encountered, and then block them.

If this process is done manually by the enterprise's IT managers, it will be a very long and terrible process, not only time-consuming and laborious, but usually a lot of forgotten corners.

Active mode simplifies deployment

In line with the principle of ease of deployment, Barracuda Web application Firewall at the beginning of user deployment has done a lot of optimization, in addition to the intervention, but also increased the automatic mode, so that the product can automatically learn the background server architecture, and even automatically recommend reasonable deployment or protection of the user model.

The Barracuda Web application firewall is easy to use and is also embodied in its powerful logging capabilities. Through the log, users can see why a certain network browsing behavior is blocked, why is allowed, this action may block the number of attacks, such as detailed information. In addition, the WAF product log in the Barracuda provides user-focused information, as well as suggestions for feasibility, such as what parameters to modify, how to optimize, to block attacks by angered or to avoid miscalculation. In the process of using the Barracuda Web application firewall, the user keeps looking at the log information and constantly modifies the optimization so that it will soon be fully functioning.

Passive mode can correct policy

For some important Web applications, if you constantly adjust the Web application firewall strategy, Non-stop testing, it is likely to affect the normal use of key applications, and even generate user complaints and other undesirable consequences. Therefore, the automatic mode is good, but it does not necessarily fit every network environment.

So, in the deployment process of the Web application firewall, is there a more secure model to minimize the risk of deployment, in addition to manually adding the strategy yourself, or by learning from the system to provide the recommended strategy?

It is because of this level that the Barracuda Web application firewall provides a passive mode of operation in order for users to have a smoother application of Web application firewalls. In passive mode, the Web application firewall only logs, records the possible attacks in the access, and does not take any blocking behavior, does not affect the user's normal use. After a certain amount of time, the user can view the log to determine whether the previously established policy has a problem and whether it needs to be modified until it is clear that the problem does not occur.

Passive mode only lets the user know what is on the network, lets the user understand what kind of attack or the threat may receive in the normal use, facilitates the user to examine the initial configuration to be accurate, thus sets the best protection strategy. Otherwise, if the user's policy starts with a angered or misjudgment problem, the initial work pressure will be very large, but also may add a lot of unnecessary trouble.

In fact, security itself is a management process, only the continuous optimization strategy to achieve the best protection effect.

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Firewall/