Web Application Firewall Subscription on Cyberoam UTM

CyberoamWeb Application Firewall follows the positive security model to secure websites and Web-based applications against attacks like SQL injection, cross-site scripting (XSS), URL parameter tampering, and more, including the OWASP Top 10 Web application vulnerabilities. It is available as a subscription module on Cyberoam UTM appliances.

Cyberoam Web Application Firewall Protection against Web-based Application Attacks

Cyberoam Web Application Firewall is deployed to intercept the traffic to and from the web servers to provide an added layer of security against attacks before they can reach the web applications. Its Intuitive Website Flow Detector intelligently “self-learns” the legitimate behavior and response of web applications. This information is used by the Web Application Firewall’s security engine to ensure the sanctity of web applications, protecting them against web application attacks. Cyberoam Web Application Firewall looks at every request and response within the HTTP/HTTPS/Web Service layers. It is effective at repelling attacks from a wide range of commercial and open-source automated vulnerability scanners (e.g. Nessus, WebInspect), as well as hand-crafted attacks.

WAF subscription available on following CR series :

50ia, 100ia, 200i, 300i, 500ia, 750ia, 1000ia, 1500ia

Cyberoam WAF Features

Positive protection model without Signature Tables

The Cyberoam Web Application Firewall enforces a positive security model through Intuitive Website Flow Detector to automatically identify and block all application-layer attacks without relying on signature tables or pattern-matching techniques.

Comprehensive business logic protection

The Cyberoam WAF protects against attacks like SQL injection, cross site scripting (XSS), and cookie-poisoning that seek to exploit business logic behind Web applications, ensuring they are used exactly as intended.

HTTPS (SSL) encryption Offloading

Attackers cannot bypass the Cyberoam WAF protection measures through an HTTPS (SSL) connection, mostly used in the financial services, healthcare, e-commerce, and other industries that process sensitive data. The WAF not only secures encrypted connections, but also reduces latency of SSL traffic with its SSL offloading capabilities.

InstantWeb server hardening

The Cyberoam WAF instantly shields any Web environment (IIS, Apache, WebSphere®, etc.) against more than 14,000 common server misconfigurations and an ever-expanding universe of known 3rd-party software vulnerabilities.

Reverse proxy for incoming HTTP/HTTPS traffic

The Cyberoam WAF follows a reverse proxy model for all incoming HTTP and HTTPS traffic which provides an added level of security by virtualizing the application infrastructure. All incoming Web application requests from the Web client terminate at the WAF. Valid requests are submitted to the back-end Web server, hiding the existence and characteristics of originating servers.

URL, Cookie, and Form hardening

Application-defined URL query string parameters, cookies, and HTML form field values (including hidden fields, radio buttons, check boxes, and select options) are protected by the Cyberoam WAF. Attempts to escalate user privileges through cookie-poisoning, gain access to other accounts through URL query string parameter tampering, and other types of browser data manipulation are automatically identified and blocked.

Monitoring and reporting

Cyberoam Web Application Firewall provides alerts and logs that help organizations with information on types of attacks, source of attacks, action taken on them, and more that help comply with the PCI DSS requirements.

Additional Features :

• Block/alert known bad IP addresses
• Customizable user messages for blocked requests
• Rate-based connection safeguards

Feature Specifications :

Web Application Security Brute Force Attacks Mitigation Cookie Protections Measures Session Attacks Mitigation Cryptographic URL and Parameter Protection Strict Request Flow Enforcement HTTPS (SSL) encryption offloading HTTP-based worm/virus protection Banner-grabbing protection Hidden field manipulation protection SQL injection protection OS command injection protection Cross-site scripting protection (XSS) Dangling pointer protection Stealth commanding protection Buffer overrun protection URL Hardening engine Form field meta data validation Directory traversal prevention Response control - Block client - Reset connection - Redirect - Custom response Outbound data theft protection - Credit card numbers - Social Security numbers - Custom pattern matching (regex) Protocol limit checks File upload control

Protocol Support HTTP/S 0.9/1.0/1.1 XML Management Web-based configuration wizard Role-based Access control Firmware Upgrades via WebUI Cyberoam Central Console (Optional) NTP Support Web 2.0 compliant UI (HTTPS) UI Color Styler Commandline interface (Serial, SSH, Telnet) SNMP(v1, v2c, v3) Multi-lingual support: Chinese, Hindi, French, Korean   Reporting Real-time network, HTTP alerts Detailed activity log Web notification Full transaction log of all activity in human readable format System log Web Firewall log Access log Audit log   Compliance CE FCC

 

Specifications |	| Backend servers supported |	| HTTP requests per second |	| WAF Protected Throughput (Mbps)
50ia	5	80	35
100ia	5	100	60
200i	10	300	100
300i	15	350	150
500ia	25	500	300
750ia	50	600	350
1000ia	100	700	425
1500ia	200	1000	500