hyperguard


Main Menu

hyperguard 30 Tage testen?


Cloud AppSec

Cloud computing was not designed for security, although organizations such as Cloud Security Alliance (CSA) and Open Web Application Security Project (OWASP) are making great strides in helping the industry solve the myriad security problems confronting cloud computing. The benchmark guidelines established by the CSA in the document, Guidance for Critical Areas of Focus in Cloud Computing, is a great first step. This white paper is intended to pick up where the CSA guide left off in terms of defining what a distributed web application firewall (dWAF) should look like in order to meet the standards set within the CSA document.

 

Get the Cloud AppSec Whitepaper here

Home  Products  hyperguard  Variety of protection levels

Detection mode

When an application is in detection mode , only the detection ruleset is active. hyperguard monitors all requests as configured by the rules of the detection ruleset and writes all incidents to the log files. However, hyperguard does not block any traffic and does not interfere with your web application in any way.

Detection mode is typically used in the following scenarios:

  • You want to use hyperguard for monitoring purposes only.
  • You have added a new ruleset or modified an existing ruleset, and now want to test this ruleset without running the risk that it blocks any desired traffic by mistake.

Protection mode

When an application is in protection mode , the rules of the ruleset are actually enforced. This means that requests are actually denied in the case of an attempted attack. In this mode, too, all actions are logged in the log files for future analysis and documentation. Protection mode is typically used only after you have tested a ruleset for some time in detection mode, and now want to protect a web application with the help of this ruleset.

One ruleset or two rulesets?

  • When an application is in detection mode, there is only one working ruleset: the detection ruleset.
  • When an application is in protection mode, however, there can be up to two working rulesets in parallel:
    • the protection ruleset
    • a second ruleset, which works in the background as an additional detection ruleset

This enables you to "test drive" a new ruleset before you make it the new protection ruleset. While your current protection ruleset is still working, you can run the new ruleset as a detection ruleset at the same time. It writes all actions to the log files but does not block any traffic. You can then analyze the log files to see whether the new rules behave as intended, or whether they would have also blocked any desired traffic. When the new ruleset is technically mature, you can define it as the protection ruleset without any risk.

Proactive security features

The Url Encryption Handler implements session-specific encrypted URLs. If the first request within a session is onto a page which is not included in a defined entry point list the Url Encryption Handler redirects the request to a defined main page. The handler dynamically encrypts all links to pages that are located below this main page in the directory structure. As a result, users will only be able to access the entry point pages or the main page directly. Other pages can only be accessed via a link within your web application. This link is encrypted. The encrypted URL depends on the individual session, so two users will never see the same encrypted URL and the encrypted URL becomes invalid when the session ends.