I’ve always wondered what a Distributed Denial of Service (DDOS) really looks like. Fortunately, there is now this pretty awesome video illustration of what it looks like:
Protect Your Website Vulnerabilities With a WAF – New Compairson Report – CloudFlare vs Incapsula vs ModSecurity
A new report came out in February, put together by Zero Science Lab, in which they compare the effectiveness between CloudFlare and Incapsula. In it they did the same thing Philip Tibom of Sweden did last year in his comparative report in which he concluded that Incapsula was the superior product. In this new report they included the use of TrustWave’s ModSecurity solution. The thing that website owners have to understand however is that comparing the three is a bit misleading.
Incapsula and Cloudflare are the two leading WAF solutions set up as a software as a service (SaaaS) designed to help every day website owners. CloudFlare probably trumps Incapsula actually in their marketing prowess. ModSecurity, although powerful, is the opposite. It’s something you’d have to configure and maintain on your web servers. It functions the same in that it filters the incoming traffic, but don’t be fooled, it has to be installed and configured and if you don’t know what you’re doing you will likely not render the results they present. That should not take away from its use, in fact I know Cloudflare uses it as part of their solution, not 100% on Incapsula. For the every day website owner, especially those on shared environments, unless you configure your own reverse proxy, ModSecurity will be of little value to you.
Given that ModSecurity is free, we signed up for both CloudFlare and Incapsula paid Business plan. They have noticeably different prices for their paid plans. CloudFlare Business Plan is $200/month (the WAF is also available in the
Pro Plan, for $20/month). Incapsula Business Plan is $59/month. – Zero Science Lab
This post is really designed for my family and friends. I write it because in the business that I am in I get to see hear the detrimental impact web based threats have on people. I hear horror stories of lost data, the amount of information they have lost and the impacts it has had on them and their businesses.
I by no means will cover all the things that you should do, but it will help better situate your online security posture.
Good security posture is about risk reduction…
Understand that when reading this there are many variables that have to be accounted for when talking about protecting yourself and not everything is under your control. The web is such that we have grown accustomed to what it offers us and now we have to learn to adapt.
My Chileno brother from another mother, Chris Lema, put out a great guest post on WPEngine yesterday talking about WordPress and the Enterprise. He talks to the how and why of it’s emergence in the enterprise scene, but in the process makes a number of statements that very clearly explains the challenges we face as information security professionals. That, however, does not take away from the great points he makes around why it is a good enterprise platform.
Quick side note:
If you’re not familiar with Chris Lema, he’s perhaps one of the most engaging and insightful people you’ll meet and loves to write. WP Engine on the other hand is one of the premiere managed WordPress hosting providers in today’s market specializing in the ability to make your website grow wings, yes like Red Bull.
Of the various things I do at Sucuri, the one I am fondest of, is the ability to lead our incident / intrusion handling team. This is an unadvertised service that we provide enterprises. At a high-level we perform forensic analysis of the incident, outline the impacts of the compromise and perform offensive countermeasures to attacks if so required. It’s in this capacity that I have gained a unique perspective on this subject. I can attest to its arrival in the enterprise, and I’d argue that it’s no longer sneaking in – that was perhaps 2 years ago.
I have been interested in the Web Application Attack and Audit Framework (W3AF) since I first heard about it last summer, 2012. It was unfortunately not the most straight forward installation, it contains a number of dependencies and not something I was willing to invest into. I was also a bit more novice than I am today and didn’t completely understand what I was doing or needed to do. Today things are a bit different and this evening I decided to take another stab at it.
Note: If you run BackTrack 3.0 you’ll find it prepackaged, not sure about earlier versions, so just skip this entire post.
My biggest challenge was that I was trying to install it on a xUbuntu NIX distribution. If you’re not familiar with it, it’s a child of the Ubuntu family as implied by the name, but it’s light weight. By light weight I mean that it comes with the bare necessities only, if you want something on the box you have to install it and that includes all its dependencies. That’s perhaps where I ran into the most issues. Most of the documentation you find, to include what w3af says once installed, states that python 2.6 is required. That, fortunately is not the case. You can definitely get it running with 2.7 and that’s what I’ll provide here.