- Chinese Internet censorship: An inside look
- Desktops of the future here today
- What network CEOs really make
- DoD sold counterfeit network gear
- Sci-Fi's goofiest gadgets and technology
Crackin' the Kraken bot. Listen now!
Wireless dangers at airports. Listen now!
Migrating to a new messaging system is a tedious, complex and risky process. And since this isn’t something you do everyday, you need to know "best practices" to ensure a successful migration.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Discover the benefits of paravirtualization in this informative webcast today. This server virtualization-themed webcast not only explores how to improve virtualized server performance, but provides real-world user examples, explains how to optimize workloads and discusses the future of server virtualization. Focus on only the themes that interest you or watch all six consecutively for a full picture of how you can lower your costs significantly through consolidation and virtualization. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
A BMCO report on Mobile TV released in May 2008 supports the common view that mobile TV has been slow...- Amitabh
"Web application firewall" is a simple term, but understanding what it means is proving so difficult for customers that an industry consortium is publishing advice on how to make a choice among the many devices that fall into this category.
Last week, a document called "Web Application Firewall Evaluation Criteria" was published by the Web Application Security Consortium, a group formed a year ago that includes users, vendors and consultants.
Web application firewalls examine HTTP and HTTPS traffic at the application layer, looking for attacks masquerading as legitimate application traffic. They defend against attempts to tap information stored on Web application servers, such as credit card and Social Security numbers, and proprietary corporate information.
So many methods try to accomplish this goal that it is difficult for potential customers to figure out what product best suits their needs, says Mark Kraynak, director of product marketing for WAF vendor Imperva, who served on the Web Application Security Consortium committee that wrote the document. Other vendors include Citrix, F5 Networks and Protegrity.
No single WAF device is appropriate for all networks, says Ivan Ristic, who headed the evaluation effort for the consortium. He also runs Thinking Stone, a Web application security-consulting firm. "You need to look at your security requirements and business goals. Create a short list of features you need," he says.
For example, a business that needs to document all HTTP transactions for regulatory purposes may need a WAF with very few features, Ristic says. Or a business with a single Web server might only need application firewall software that can run on the server itself and not a separate WAF, he says.
The range of features is broad. A WAF can deal with SSL traffic by terminating it, examining it and passing it on, or capturing it and decrypting it but not terminating sessions. Similarly, if a WAF needs to block traffic, it can terminate network-protocol connections and not pass on malicious traffic or it can sever suspicious connections.