Imperva WAF: On-premises Configuration

Table of Content

  1. Introduction Imperva – On Premise
  2. Gartner Magic Quadrant
  3. Key features of Imperva
  4. Benefits of using Imperva
  5. Technical details on Imperva
  6. On Premise WAF Architecture
    • Dashboard – Overlook of Site, Server Group, Services, Application
    • Application Server Vulnerabilities:
    • Protection Layer
  7. Conclusion

Introduction – On Premise Solution

Imperva Web Application Firewall (WAF) is a security solution that aims to protect web applications and websites from cyber threats such as SQL injection, cross-site scripting (XSS), and other types of attacks. It is a software or hardware-based solution that sits between a web application and the internet, and monitors incoming traffic for malicious activity. The WAF analyzes each incoming request and compares it against a set of predefined security rules and policies to determine whether the request is legitimate or not. If the WAF detects a potentially malicious request, it can block it, log it, or take other action as specified by the security rules. Imperva WAF can be deployed on-premises, in the cloud, or as a hybrid solution, and can be used to protect a wide range of web applications and websites, including those built on popular platforms such as WordPress, Joomla, and Magento.

Gartner Magic Quadrant

Imperva WAF has earned recognition in the Gartner Magic Quadrant for its exceptional capabilities in safeguarding web applications against cyber threats. This acknowledgement highlights Imperva’s commitment to delivering effective security solutions.

Key features of on Premise Solution

Imperva WAF (Web Application Firewall) is a security solution designed to protect web applications from cyber threats such as SQL injection, cross-site scripting, and other attacks. Some of the key features of Imperva WAF are:

  1. Threat Intelligence: Imperva WAF uses threat intelligence to identify and block threats in real-time. It leverages machine learning algorithms to analyze traffic and identify potential threats.
  2. Application Profiling: Imperva WAF uses application profiling to learn the normal behavior of web applications. This allows it to identify and block abnormal behavior, such as attacks or exploits.
  3. Custom Policies: Imperva WAF allows administrators to create custom security policies based on their organization’s specific security requirements. This allows organizations to tailor their security policies to meet their unique needs.
  4. Real-time Alerts: Imperva WAF provides real-time alerts when it identifies potential threats. This allows administrators to quickly respond to potential threats and take appropriate action.
  5. Integration with SIEM: Imperva WAF integrates with Security Information and Event Management (SIEM) systems, allowing administrators to monitor security events across their entire organization.
  6. PCI DSS Compliance: Imperva WAF is PCI DSS compliant, meaning it meets the requirements set forth by the Payment Card Industry Data Security Standard (PCI DSS). This makes it an ideal solution for organizations that handle payment card information.
  7. Scalability: Imperva WAF is designed to scale to meet the needs of large organizations. It can handle high volumes of traffic and can be deployed in a distributed environment to provide protection for multiple applications and locations.

Benefits of Imperva on Premise Solution

Imperva WAF (Web Application Firewall) offers several benefits for organizations that use it, including:

  1. Advanced Threat Protection: Imperva WAF provides advanced protection against various types of cyber threats such as SQL injection, cross-site scripting, and other attacks, ensuring that web applications are secure and protected.
  2. Reduced Downtime: With its ability to identify and block potential threats in real-time, Imperva WAF reduces the risk of downtime due to security breaches or attacks. This ensures that web applications are available and accessible to users at all times.
  3. Customizable Security Policies: Imperva WAF allows organizations to customize their security policies to meet their specific security needs. This ensures that security policies are tailored to the organization’s unique requirements.
  4. Easy Integration: Imperva WAF is easy to integrate with other security solutions, making it a valuable addition to an organization’s security infrastructure.
  5. Compliance: Imperva WAF is compliant with various security standards such as PCI DSS, HIPAA, and GDPR, ensuring that organizations meet their compliance requirements.
  6. Enhanced Visibility: Imperva WAF provides administrators with enhanced visibility into web application traffic, allowing them to monitor and analyze traffic patterns and identify potential security threats.
  7. Scalability: Imperva WAF is designed to scale to meet the needs of large organizations, making it a suitable solution for organizations with high web traffic volumes.

Technical details on Premise Solution

Imperva WAF (Web Application Firewall) is a software-based solution that is deployed on servers, typically in a reverse proxy configuration, to protect web applications from cyber threats. Here are some technical details of Imperva WAF:

  1. Architecture: Imperva WAF uses a multi-layered architecture that consists of multiple security modules, such as protocol validation, input validation, and output validation, to provide comprehensive security for web applications.
  2. Deployment: Imperva WAF can be deployed on-premises or in the cloud, depending on an organization’s requirements. It can be deployed on physical servers, virtual machines, or in containers.
  3. Integration: Imperva WAF integrates with other security solutions, such as SIEM systems, for better security monitoring and management. It can also integrate with DevOps tools and automation frameworks for improved agility and efficiency.
  4. Threat Intelligence: Imperva WAF leverages machine learning algorithms and threat intelligence feeds to identify and block potential threats in real-time. It also provides administrators with detailed threat analysis reports for better threat management.
  5. Policy Management: Imperva WAF provides administrators with an intuitive user interface for creating, managing, and deploying custom security policies. It also supports policy versioning and rollback, allowing administrators to easily manage policy changes.
  6. Logging and Reporting: Imperva WAF provides detailed logging and reporting capabilities, allowing administrators to monitor web traffic, identify potential threats, and generate compliance reports.
  7. High Availability: Imperva WAF is designed for high availability, with features such as automatic failover and load balancing to ensure that web applications are always accessible.

On Premise WAF Architecture

The domain protected by On-Premises WAF contains the following basic elements:

  • Sites: A physical site or sites, where server groups are installed (for example, data centers).
  • Server Groups: Contain physical servers, services, and actual applications.
  • Services: The HTTP service. A service is characterized by the port used, collection of relevant plug-ins, character sets, encryption and includes a collection of applications.
  • Applications: Web applications. Besides the physical representation of the protected domain (using sites, server groups, services, and applications), On-Premises WAF provides a logical representation of the protected domain. The logical representation is focused on the application level and enables unlimited hierarchical grouping of applications.

Dashboard

The Imperva on-premises dashboard is a web-based graphical user interface (GUI) that provides administrators with a centralized view of their Imperva WAF (Web Application Firewall) and other security solutions that are deployed on-premises. The dashboard displays real-time data on web application traffic, security events, and threat intelligence feeds, allowing administrators to quickly identify potential threats and take appropriate action.

In this lets see how to add the WEB APPLICATION to the Imperva

Logins

Overlook

The “Sites” tab in Imperva WAF (Web Application Firewall) is a section of the dashboard where administrators can view and manage the web applications that are being protected by the WAF.

Site Creation: To create a site in Imperva WAF, navigate to the “Sites” tab in the dashboard and click on the “Add Site” button. Enter the necessary information, including the site name, domain name, and IP address.

Server Group Creation: To create a server group in Imperva WAF, navigate to the “Server Groups” tab in the dashboard and click on the “Add Server Group” button. Enter the necessary information, including the group name, description, and servers’ IP addresses..

Service Creation: To create a service in Imperva WAF, navigate to the “Services” tab in the dashboard and click on the “Add Service” button. Enter the necessary information, including the service name, protocol, and port number.

Application Definition Creation: To create an application definition in Imperva WAF, navigate to the “Applications” tab in the dashboard and click on the “Add Application” button. Enter the necessary information, including the application name, site name, server group name, and service name.

Application Server Vulnerabilities:

  • Sensitive data transmitted in clear text by the application
  • Use of authentication method to the database, resulting in clear text credentials
  • Lack of transport or application layer encryption
  • Insecure network-hardware administrative interfaces
  • Weak perimeter network and firewall configurations
  • Superfluous ports open on the internal firewall
  • Lack of IPSec policies to restrict host connectivity
  • Unnecessary active services
  • Unnecessary protocols
  • Weak account and password policies
  • Unpatched servers
  • Running unnecessary services
  • Unnecessary filters and extensions

Protection Layer

These layers encompass the following functionalities:

  • Protocol Validation: Filters out HTTP protocol violations and identifies attacks that exploit vulnerabilities within the HTTP protocol. For instance, it detects attempts to trigger a buffer overflow by employing an excessively large header in an HTTP request.
  • Web Services (Attack Signatures): Identifies known attacks targeting applications, platforms, and networks. Imperva On-Prem WAF maintains a comprehensive database of over 6500 attack signatures, regularly updated by the experts at the Application Defense Center (ADC).
  • Data Leak Prevention: Detects the presence of sensitive information, such as credit card data or personally identifiable information, as it leaves the web application. While this could be a legitimate usage, there is a possibility of data leakage. On-Prem WAF monitors the outgoing sensitive data and allows administrators to verify its legitimacy.
  • Application Profile: Compares the actual usage of the application with the expected usage defined in the model, enabling the identification of suspicious occurrences or abnormal user behavior.
  • Web Worm Detection: Utilizes advanced algorithms to proactively prevent zero-day web application attacks, safeguarding against previously unknown vulnerabilities.
  • Correlation Engine: Employs event correlation and automated baselining techniques to provide robust vertical integration and data analysis capabilities. The Correlated Attack Verification engine enhances On-Prem WAF’s ability to identify and respond to attacks by correlating multiple events and patterns of attack behavior.

Conclusion

In conclusion, Imperva Web Application Firewall (WAF) is a powerful security solution that can help organizations to protect their web applications and websites from cyber threats. It offers advanced protection against a wide range of attacks, including SQL injection, cross-site scripting (XSS), and others, by analyzing each incoming request and comparing it against predefined security rules and policies. The WAF can be deployed on-premises, in the cloud, or as a hybrid solution, making it suitable for organizations of all sizes and types. Additionally, it can be used to protect a wide range of web applications and websites, including those built on popular platforms such as WordPress, Joomla, and Magento. Implementing a WAF solution like Imperva can provide an organization with an additional layer of security, and can help to comply with regulatory requirements and industry standards. Overall, Imperva WAF is an essential tool for any organization looking to protect their web applications and websites from cyber threats.

Leave a Reply