|
Posted by Will on March 21, 2008, 6:12 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> usc@noemail.nospam says...
>> > usc@noemail.nospam says...
>> >> The attack is usually different. The user inside the network using
>> >> a
>> >> browser goes to a page with a trojan and it is embedded as an
>> >> Active/X,
>> >> for
>> >> example. So a defense against that would be to inspect the active/x
>> >> binary
>> >> during download for metainformation as well as checksum that might
>> >> identify
>> >> it and then block it.
>> >
>> > Actually, blocking ActiveX completely is the best method. There is no
>> > reason to allow ActiveX except from known good sites that require it
>> > for
>> > your business.
>>
>> Agreed and that is for the web browsers behind our firewall.
>>
>> I'm trying to protect a web server, so blocking Active/X at the browser
>> isn't addressing my need.
>>
>> What I am looking for is a web application firewall that is commoditized
>> as
>> an appliance for low-end servers, similar to what Fortinet has done with
>> their 50B and 60B firewall appliances for small businesses.
>
> If a web server is all you want to protect, then a simple NAT router
> will do all you need if you properly secure the server and web services.
How is an NAT box going to inspect a URL request and block SQL injections or
any other known vulnerability of a web server.
Of course you configure the server as well, but that's not mutually
exclusive with a web application firewall, and the two complement each
other.
--
Will
| 
XML site map