 web of defence is installed as a software plug-in into the existing Web server (e.g. Apache Version 2.0) and activated by configuration. Basic operating mode: http-requests are verified and rejected or processed (depending on present rule).
More questions and answers here:
|
|
How does wod work - respectively the plug-in behind? |
The plug-in verifies all incoming http-requests and a bulk of answers from the server.
With selected rules (e.g. for online-forms) requests will be either rejected or an information will be given to the user – including entries in logfiles respectively reports to the administrator. |
|
|
Which webserver is wod for? |
|
At the moment for Apache 2.0 and version 2.2 and IIS (state: June 2007) |
|
|
Which layer works wod at? |
|
Mainly at layer 7, in application level. (the most critical vulnerability when it comes to enterprise Web-Applications) |
|
|
Do you provide pattern-updates? |
|
Yes we do. Free of charge during the first year. |
|
|
Can the critical function GLOBAL ON be defended? |
|
Yes, via certain configurations. |
|
|
Is there a logging-function? |
|
Yes, an appropriate logfile is generated. |
|
|
How much performance does the plug-in cost? |
|
Depending on server. If the server is used insufficiently the performance deficit will be quite low but also vice versa! A previous test is suggestive. |
|
|
Will only incoming requests be verified or answers from the webserver as well? |
|
All incoming requests will be verified and mostly all outgoing requests. For the rest, a filter is to come. |
|
|
What size is the package? How does the installation work? |
|
The package is only a few MB and is installed quite simple as a package (Linux/Apache). For IIS there is an installation-program. |
|
|
What happens if the plug-in detects an attack? |
|
The request will be rejected either with an error page from the webserver (e.g. 403 or 404) or via redirection to another site. |
|
|
How about the plug-in's efficiency (or hit rate) if the application is not common? |
|
After a short „teaching period“ (approx. 3 days) 60% - 70% of all possible attacks will be detected. Nevertheless, prior analyses are recommended. |
|
|
How much larger is the Apache-Process with the plug-in deployed? |
|
The Apache-process will stay the same. |
|
|
Is there a revision control of the configuration, e.g. for internal documentation. |
|
Yes, the revision control is contained. |
|
|
