Abstract: With years of experience application security technology and cloud computing, Inspur develops a new generation security product in domestic application security condition. Inspur adopts an innovative system frame, provides websites and important applications with real-time and sustaining security defense, and protects them from the hacker’s attack or being tampered with. With this product, we ensure the stable operation of business and users’ business value and the social credibility.
In 2012, there were 16,388 domestic websites being tampered with, among which 1,802 are government’s websites. Compared with 2011, the number increased by 6.1% and 21.4% respectively. As for websites being translated backdoor, the number increased by 213.7% and 93.1% respectively. In 2012, there were 1,022 large-scale DOS incidents with a daily average of attack traffic over 1G, which is twice more than that of 2011.
Websites are communication channels through which the government connects with the outside world, and are also important platforms for e-government and e- commerce. Once hackers attack the websites, he damages various important information and data, which causes great loss and negative social influences for each organization and institution, and even arouses political, financial and national problems.
Cloud computing technology has been widely recognized as the trend of future development, and has been rapidly spread around the world. Under the model of cloud computing, it is common to access various cloud application services, especially Web service, through browsers. Currently, a variety of industries, including e-government, e-business, social networks, on-line video are gradually migrating their services to cloud computing platforms. Against this background, to ensure security of the Web application services and privacy has become consensus of different industries.
Inspur WAF Website Security Defense Solution
Inspur WAF adopts multiple efficient detection engines and provides the best defense against Web application vulnerabilities and unknown threats. Each detection engine works independently yet cooperates with others, and makes overall analysis of HTTP/HTTPS and compressed data stream. This operation mode greatly improves the security defense ability and efficiency of Web applications.
Inspur WAF works in three-dimension (data direction, processing stage, defense style) defense model, which gives users overall website protection, and effectively defenses against Hackers’ attacks including SQL injection, cross-site attacks(XSS), Google Hacking, buffer overflow, DDOS attacks, session hijack, etc.
Inspur WAF is the application/data filter between browsers and Web servers. It is of high security and flexibility, with two connection models (cascade connection and parallel connection), which lead transparent integration with previous network of users.
Inspur WAF’s high security is reflected in standardization of the requests and security detection of the data. The system can find potential threats to websites, and then stop these malicious requests outside Web servers. Meanwhile, Inspur WAF also monitors and filters the data returned to the browsers by Web servers, which prevent sensitive information from leaking.
Target Users and Benefits
Inspur WAF is committed to solving security problems in applications and business operations. It can be widely used by government departments, financial corporations, taxation companies, business, transport industry, research institutes, e-commerce platforms, etc.
Inspur WAF effectively solve common security threats such as SQL injection, cross-site scripting attack (XSS), cross-site request forgery, files containing attack, configuration vulnerabilities, DDOS attacks, etc. Through the protection of Web applications, it ensures the continuity and security of services.