The application case of Barracuda Web application firewall in bank customers

Source: Internet
Author: User
Keywords Data center firewall Barracuda data center

To provide more convenient and diversified services, banks are moving more and more businesses to the web, the online business represented by online banking, while greatly improving the efficiency of the banking system, also poses a great challenge to the security of the banking systems: providing adequate protection to the users ' information and funds is the basis of all banking business.

Like ordinary Web sites, the bank's online business is facing a variety of http://www.aliyun.com/zixun/aggregation/10370.html "> cyber attacks, represented by the OWASP ten threats (OWASP Top 10). Depending on the object of attack, we can generalize malicious attacks into four categories: injection, Session, Denial-of-service, and other types of attacks. An injection attack is performed as a malicious attack command passed through a legitimate data entry area. Specifically including SQL injection, cross-site scripting, remote file injection, System command injection, and so on-it is worth noting that injection attacks are the main cause of user information disclosure, and that the session attack is a forgery or tampering with the user's access rights, This could result in substantial real property damage to the target victim, common attacks include session eavesdropping, session hijacking, Cross station request forgery, and so on; the purpose of a denial-of-service attack is to maliciously consume and consume system resources so that the site does not provide basic services for normal users, including length attacks, rate control attacks, and session based attacks, etc. ; Other attacks include brute force cracking, password blocking, log tampering, buffer overflow, and so on.

On the other hand, the banking business also has its particularity. At present, the bank's network business, especially the online banking, is generally based on SOAP/WSDL/UDDI Web services, at its core is the expression of XML, so in addition to the general Web site applications, bank users also need to have specifically for the protection of XML content. In addition, because banks face a wide range of users, and they provide a lot of business level, in order to respond to network access, banks need to rank web assets and provide good identity and access control.

Preventing web attacks, having XML firewalls, and providing comprehensive identity and access control are the main requirements for a bank's security equipment on its web site. After extensive comparison and careful evaluation, the bank eventually chose the Barracuda Web application firewall after an in-depth exchange with the Barracuda Engineer. The customer quickly completed the installation and deployment of the Barracuda Web Firewall within a day, and a variety of Web applications, including the bank's Web site, are under the protection of Barracuda, and it only takes a little time to maintain each week. Since its deployment, the Barracuda Web application firewall has been able to withstand a variety of cyber attacks, providing a sound security guarantee for the bank's online business. "The Barracuda Web application firewall eliminates all our worries," the bank CIO said.

In this case, the main reasons why customers choose Barracuda include:

§ Easy to use

§ High performance in actual test

The brand and reputation of barracuda

§ The richest product features

§ Reliable hardware Platform

§ Recommendations from other users

The main attacks against the Barracuda Web application firewall since deployment include:

§sql Injection

§ Cross-site scripting attacks

§ Denial of Service attacks

§ Non-authorized person attempts to access company assets

(Author: Yang Editor: Xu Jinyang)
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.