Anti-DDoS Web Application Firewall

Anti-DDoS Web Application Firewall

Network Box's WAF-Scan is a multi-level Web Application Firewall that provides comprehensive protection for web servers and web applications. It effectively mitigates attacks and vulnerabilities at the web application layer, while simultaneously providing a load-balanced, fault-tolerant production environment.

Protects against OWASP Top 10

As a standard, WAF-Scan is preconfigured with rules to protect against the OWASP Top 10. It is highly-customizable with the ability to add/create rules to protect against attacks that target specific web applications. In addition, WAF-Scan is tightly integrated with our Anti-DDoS module, enabling it to track usage patterns and identity attack sources.

WAF-Scan includes a Secure Socket Layer (SSL) proxy that allows certificate validation policy to be performed and enforced at the gateway. SSL traffic is transparently identified, decrypted and then subjected to policy control and other such security functions. Without SSL Proxy technology, it is impossible to scan SSL encrypted data streams for malware, spyware, and other undesirable content.

Network Box's WAF-Scan has built in full IPv4/IPv6 translation capabilities. You can set up your servers with a public IPv6 IP address without having to change any settings on the servers themselves.

Features:

  • Built-in protection against OWASP Top 10
  • Request and response analysis
  • Protocol validation and policy restriction
  • Response filtering
  • Client authentication
  • Internal and external load balancing
  • SSL Scanning and Offloading
  • Support for major Content Management Systems, including Joomla, Drupal, and WordPress
  • IPv4/IPv6 compatibility and bi-directional translation

Web Browser and Application Security

  • Identifies, decrypts, and scans SSL traffic, subjecting it to security functions (e.g. anti-malware protection, content filtering, and organizational policy enforcement)
  • Granular policy management (e.g. ability to place restrictions on user, path, URL, etc.)
  • High performance rules engine capable of millions of rule-checks per second
  • Allows certificate validation policy to be performed and enforced at the gateway
  • Immediate installation of emergency virtual patches at the gateway
  • Full-integration with Anti-DDoS module
  • IPv4/IPv6 bi-directional translation

SSL Proxy

Aside from transparently identifying, decrypting, and scanning SSL traffic, the SSL Proxy also enhances security by allowing connections to secure servers on the Internet to be made with the highest common denominator security, rather than the lowest. For example, even if the certificate installed on the internal computer is known to be compromised, when a connection is made from that computer out to the Internet, a secure certificate is used in its place for the external connection.

SSL Offload and Upgrade

The system can be configured as a terminator for SSL traffic, offloading cryptographic computation workload onto the WAF-Scan, relieving web content servers of significant CPU stress. In addition to the standard SSL Offload feature, Network Box middleware software uses an up-to-date and actively maintained SSL software infrastructure, effectively upgrading a customer's secure website to the latest, most secure protocols.

  • Reduces CPU workload
  • Up-to-date and actively maintained SSL protocols
  • Administrative control over SSL connection properties

Multilayered Protection

Network Box's WAF-Scan supports five security models:

  • Vulnerability Protection
  • Outbound Protection
  • DoS/DDoS Protection
  • Negative Security Model
  • Positive Security Model