[Phase 1 outpatient highlights] discussing the integration of Web Application Security Protection

The technical clinic is a BKJIA Community brand topic. A visiting expert is invited every week to answer questions from technical netizens. From popular technologies to cutting-edge knowledge, from technical Q & A to career planning. One topic for each issue, leading the latest and most popular technology!

This clinic invited F5 network companyWu JingtaoLet's discuss with you about WEB Application Security Issues and precautions during application security product and solution deployment.

View the highlights of this clinic: http://doctor.51cto.com/develop-278.html

Featured questions and answers from current users for your reference.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/0A92141Z-0.jpg "border =" 0 "alt =" "/>

Q: Hello, teacher. I want to ask, How can I protect my servers like small companies? That is, if a company has only one server and does not invest much money in security maintenance, what measures can the company take on its own initiative?

A: In the open-source Linux system, there are already many methods to implement security protection. As long as there is continuous research, it can also achieve better security protection effects with a small procurement investment. For small companies, it may be better to adopt the security outsourcing method, and adopt some systems or even legal methods to protect them.

In addition, some technical means, such as data backup and regular inspection, can also be used to quickly restore services in the case of security incidents.

Q: Dear teacher:

Some companies choose tools such as NGINX, keepalived, and lvs to replace F5 because of the cost. I hope that you will share with me the advantages and disadvantages of doing so for the enterprise. What else do you think about the resulting cost savings.

I have always wanted to learn how to use F5. Is there any good method. We know that F5 costs are a little high. How should we know the people who are just getting started?

A: This is not uncommon.

In fact, the key lies in the importance of background applications.

If it is a very important business system, we recommend that you use the F5 professional solution provider to help users solve all aspects of application delivery, ensure the normal services of customers' important business systems. Therefore, NGINX and other open-source software are insufficient in terms of function richness and reliability, which will affect the normal services of the background business system.

If it is just a few less important systems, such as a simple information publishing platform on the Intranet, you can consider using open-source software such as LVS.

Using free open-source software seems to save some cost, but in the long run, this is not the case. To give a simple example, if the open-source LVS is used up and the customer needs to solve the problem, the customer needs to have a deep understanding of LVS. Otherwise, this invisible loss caused by service downtime is very large.

F5 currently has a lot of online teaching materials and many forums, such as www.adntech.com. We will also regularly release some new technical materials in these areas.

 

Q: What information does a network drive a trojan get from a computer? Always depressing

A: Some scripts or trojan programs are mainly placed on the webpage. When the victim accesses these webpages, these scripts or programs will be automatically executed, then the Trojan can control the victim's computer and then obtain various information about the victim's computer.

Therefore, the protection end also has two aspects: one is from the server side, protection is required to prevent web pages from being infected with Trojans. A lot of WAF can do this)

On the other hand, protection is also required from the client to prevent unknown programs or scripts from running. Many anti-virus software can do this)

 

Q: How can I ensure the security of my website architecture? The requirements of each website are different. What are the necessary considerations.

A: The security of website architecture is complicated. From Network Security to application security, identity authentication, permission management, transmission security, and compliance are also considered, from the perspective of protecting website services, protection against malicious attacks is not at the cost of sacrificing the user experience of legitimate users.

 

Q: Hello, Miss Wu! I would like to ask how to use the application delivery network manager to handle the instantaneous traffic under high traffic pressure of the website to avoid network congestion and server downtime!

A: There are many processing methods for application delivery devices to help websites cope with high traffic pressure. Common methods include:

1. bandwidth control: reduces the pressure by controlling the upstream traffic of the client or the back traffic of the server.

2. cache: The application delivery controller can cache static content or some pseudo-dynamic content and directly return it to the client from the memory, reducing the application server and database pressure.

3. queue: reduces the impact of abrupt peaks by queuing requests.

4. Connection aggregation: Aggregates multiple client connections into a few server connections to reduce the overhead of the server for establishing and disabling TCP connections.

5. SSL/compress Offload: uninstalls SSL encryption, decryption, compression, and other high-computing tasks to a professional hardware chip on the application delivery device for processing, reduce the overhead of the server in this part of simple computing.

6. Multi-center/Multi-link Parallelism: Multi-link and multi-center parallel services are implemented to provide overall service capabilities under high traffic and pressure.

7. Dynamic Resource Allocation: works with the backend server management system to dynamically increase and reduce the computing resources of the server when the pressure changes, so as to make reasonable use of the resources.

There are other unconventional methods that can be used to program traffic processing through iRules, or multiple methods such as implementing linkage responses through iControl and servers to protect network bandwidth usage and server pressure.

 

Q: Hello, Miss Wu:

I would like to ask, how can I determine the quality of WEB application protection products? From what perspectives?

Also, how can we determine which web security risks exist for a website?

A: The current types of attacks are endless, and new types of attacks may appear every day. Therefore, when evaluating Web application protection products, you can refer to them:

1. Is there sufficient flexibility? For some of the latest attacks, that is, the 0-day attack, is there any means to protect them before the policy is updated.

2. Are there sufficient capabilities and convenient methods to handle SSL traffic when key services are currently processed using HTTPS/SSL.

3. In the case of a DDoS attack, can the attacker and normal visitor be quickly identified to provide services to normal visitors as much as possible.

There may be many other comments, which can be determined based on the actual situation of the website.

The question of how to determine which Web security risks exist for a website is too large, involving many problems such as the operating system, Web server software, application server software, program code, and database security. It can only be said that the simplest and quickest way is to scan software or services for quick judgment. However, this method sometimes fails to be scanned and requires manual verification.

Web security can never be said to be 100%. As long as services are provided externally, there are security risks.

 

Q: Hello, Miss Wu. I am honored to ask you some questions about WEB Application Security Protection:

1. What are the differences between the importance of traditional firewalls and intrusion detection devices in network security protection and F5y application exchange networks?

2. There are about five or six servers as servers of a medium-sized enterprise.) Are there any other protection measures besides necessary patches and anti-virus software?

3. What aspects should enterprises consider when formulating security protection measures or systems? Thank you!

A: 1. In addition to network-layer protocol attacks and network-layer DDoS attacks, F5 can also defend against various application-layer attacks, such as injection attacks, cross-site scripting attacks, CC attacks, and DNS spoofing; at the same time, F5 security protection fully supports IPv6

2. Based on the service type of the server, we recommend that you add security hardware to the front-end of the server to protect the protection performance while avoiding the negative effects of malicious attacks at the network layer and application layer.

3. Starting from protecting the normal operation of the business, compliance and classified protection are good reference solutions.

This article is from the "BKJIA technical clinic" blog, please be sure to keep this source http://doctor.blog.51cto.com/939235/1125685