December 10 – Set up a Web Application Firewall

Today, our tip #10 for a secure Christmas is to set up a web application firewall. A Web Application Firewall, or WAF, is a module that inspects the actual HTTP traffic for known security issues. Some products update their signatures automatically in a similar way to an antivirus, while some require you to create your own policies. Let’s say there is a new vulnerability for Apache Struts that can be exploited by using a certain string in a HTTP packet or URL; having a WAF in front of that would then stop those attacks if you either had created a policy for this on your own or subscribed to a provider that have created a rule set of this for you, once the exploit was known. A free and open source alternative is to use mod_security in Apache.


Previous security tips from our Christmas calendar

December 1 – Protect your servers with firewalls

Like we have mentioned in our previous blog post about our Christmas calendar, we will give you 24 tips for a secure Christmas, a new tip every day until Christmas. Remember to make sure to follow our tips from this Christmas calendar for a chance to win a Christmas gift! Today, we open our Christmas calendar with this blog post, and are happy to give you our security tip #1 for a secure Christmas. We want to start talking about firewalls because an important part of security is to have a firewall set up to protect your servers.

For an enterprise server environment, it’s recommended to do this on the network layer, while all users on the internal network should also have a software firewall in order to protect them from various malware that could infect them. It’s easy to just think about protecting yourself against inbound traffic (you may only allow certain IPs to SSH to the machine), but you should also protect yourself against outbound traffic (so it’s not possible to SSH to an unauthorized external machine for example) in order to protect your environment.