Use IPS to build an Enterprise Web Security Protection Network

Source: Internet
Author: User
Tags sql injection attack

We know that the WEB server can be divided into three layers, and any layer of the server may cause security threats to the entire website. Therefore, when deploying a WEB server security policy, enterprise security management personnel should comprehensively build an Enterprise Web security protection network. To effectively implement web security protection.

Build Enterprise Web Security Protection 1: Each layer may have Security Vulnerabilities

Here I want to tell you a very unfortunate message. In the three-tier architecture of the Web server, any layer has a large or small vulnerability. At the operating system level, no matter whether Windows or Linux operating systems are used, security vulnerabilities that hackers can exploit remotely are discovered from time to time. In contrast, Linux is much safer than Windows. On the middle layer, such as IIS, ASP, and SQLServer, there are also "vulnerability vulnerabilities" from time to time. At the top of the page, there are even more vulnerabilities. For example, the famous SQL Injection Attack Vulnerability occurs in the Web application layer.

Although there are many security protection products, it is a pity that they are usually only targeted at a specific level. In other words, the protection technologies of many websites are not very good. For example, many enterprises deploy a firewall outside the Web server. However, due to Web Server attacks, many attacks are initiated directly against vulnerabilities in the application layer. They can directly perform attacks through port 80. In this case, even if the firewall is used, it will not help. When any layer is cracked, even if the other two layers are well protected, the final result is only one, that is, failure.

In short, each layer of the Web server has serious vulnerabilities. To ensure the security of Web servers, you must build a three-dimensional protection network.

Building Enterprise Web Security Protection 2: Using IPS to build a three-dimensional Web Protection Network

IPS is a comprehensive defense system that integrates functions such as intrusion prevention and detection, virus filtering, bandwidth management, and URL filtering. For Web servers, it basically covers the content of the top, bottom, and bottom layers. With the help of IPS technology, you can build a three-dimensional Web Protection Network for Web servers.

As we all know, firewalls and other devices focus primarily on the basic security of the network layer, rather than the application layer. For example, SQL injection attacks usually occur at the application layer. Therefore, it does not contribute much to the security of Web servers. Unlike firewalls, IPS can go deep into the application layer. The IPS defense system detects each byte from the packet header to the packet load, and compares the data stream with the attack feature byte to effectively discover attack packets hidden in normal data streams. The IPS system can be used to build a three-dimensional protection network for Web servers.

The theoretical knowledge of the IPS defense system can be viewed in specific books. This is not the content that I will focus on here. What I need to emphasize here is what we should pay attention to when deploying an IPS system.

Build Enterprise Web security protection 3: select a brand when purchasing IPS, depending on technical strength

Unlike common security products, IPS focuses on technology. Specifically, it is the detection engine. Although there are many vendors that provide IPS products on the market. However, according to my understanding, the effect is not hierarchical. Some IPS products, although under the ISP flag, basically do not provide the IPS function. This is mainly because of core technologies such as the detection engine, which are highly valued by various manufacturers. Some companies with weak technical strength cannot develop perfect detection engines. However, due to the lack of this core technology, the IPS function becomes only a decoration.

Therefore, when purchasing an IPS defense system, enterprises need to focus on the technical strength of the vendors. Simply put, you need to select a brand. Several manufacturers in China have strong technical strength, and the detection engine upgrade is also relatively fast. Suspicious attack behaviors can be found in the shortest possible time.

Building Enterprise Web security protection 4: IPS needs to be concerned with the layers involved during purchase

At the beginning of this article, I mentioned that Web servers can be divided into three layers: top and bottom. If a vulnerability exists at any layer, it will bring a fatal blow to the server. Therefore, when selecting an IPS defense system, we also need to pay attention to whether the selected product can constitute a three-dimensional defense system for these three layers.

For attacks against Web page programs, the administrator needs to assess whether the product will analyze each HTTP request of the Web page program ud, and matches the Attack Characteristics of HTTP requests submitted by each client based on common web vulnerabilities. If suspicious requests are found, the attack packets are automatically blocked and an alarm is triggered.

For the middle layer, the IPS defense system is required to analyze and track the Attack Characteristics and Common Vulnerabilities established on the middle layer of the Web server, and implement core protection measures in the IPS system. For example, for the SQLServer database server, the IPS system must determine whether the SQLServer server has a vulnerability that can be attacked based on the existing information.

For the underlying operating system, the IPS system must be able to provide protection for it. For example, the system needs to analyze every vulnerability that can be remotely exploited by a common operating system, analyze the cause of the vulnerability, and use the common means of the vulnerability to attack. The attack features are analyzed from the historical attack cases. Then match the result with the existing data stream to determine whether there is any attack.

During the selection, security technicians need to assess whether IPS can provide sufficient security technical support at the above three levels. If you cannot perform tests at the technical level, you should at least check whether the tests have passed the relevant international certifications. For example, if the operating system layer is fireproof, you can check whether it has passed Microsoft's MAPP authentication. As long as this authentication is passed, the vendor can obtain Microsoft's vulnerability information in advance (before Microsoft officially releases the vulnerability Statement ). For security protection, sometimes time is life. If you know system vulnerabilities in advance, you can take protection measures before attackers initiate an attack.

In addition, the IPS defense systems provided by some vendors are not very comprehensive. For example, only the content on the middle layer and Web page program layer is stored. They believe that the security at the operating system layer can be implemented by the system administrator or by Microsoft's Update Service. Although this is true, it will increase the workload of management personnel. Web server security needs to be enabled on multiple platforms at the same time. This is not ideal.

Build Enterprise Web Security Protection 5: select products of different specifications based on the size of Web servers

Web Server is a special application. There are hundreds of millions of customers, but a few of them may only have hundreds (for example, a B/S-architecture OA application ). This poses an additional challenge to the selection of IPS. Because all communications need to be detected by the IPS system. Therefore, its performance will certainly be affected to a certain extent.

When the number of concurrent accesses to Web services is relatively high, this negative impact will be very serious. At this time, you need to use a relatively high configuration for the IPS server to shorten the time occupied by the detection process. For small-scale applications, the traffic itself is not very large, and the configuration can be used at the bottom. After all, you have to pay for the goods. High configuration and low configuration may not differ much in the final result, but they may differ a lot in performance. Of course, in terms of price, it is also a heaven and a ground.

In short, when selecting an IPS defense system, you need to select an appropriate specification based on your enterprise's Web scale. At this time, we mainly consider the throughput of IPS, that is, the performance. A basic principle is to minimize the negative impact on users due to the use of the IPS system.

  1. Eight reasons why hackers use Web Attacks
  2. Prevent intrusion starting with Web Application Security Vulnerabilities
  3. Enterprise Web security in the Social Network Era
  4. Overview principles and dangers of webpage Trojans
  5. My past and present

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.