- This line was added.
- This line was removed.
- Formatting was changed.
Best pratices are essential to maintain an efficient web security level of your infrastructure and to be protected from threats of every day.
Here are listed several best practices recommended by DenyAll :
Have the latest supported product version
Maintain i-Suite up to date with the latest supported version to have new security updates, mostly system, but also to have the latest bugfixes.
Available on your my.denyall.com space.
Have the latest version of security patterns
Web technologies are constantly evolving and web applications are greatly diversified, this lead to new vulnerabilities and new exploits every day.
Deny All regularly publishes security patterns updates to improve detection, to avoid false positives and to block new attacks.
The latest version of security patterns is available on your my.denyall.com space.
We invite you to see your best practices to perform an efficient security patterns update : Updating security rules
Have the latest OpenSSL update
Cryptographic protocols are the center of the communication security. Vulnerabilities can be critical and have to be patched as quickly as possible.
The latest OpenSSL version is available on your my.denyall.com space.
Use secure protocols and strong ciphers
Take care about the use of the SSLv3 protocol which is deprecated (remember the POODLE attack). Favor only TLS 1.1 or and TLS 1.2 protocols with strong ciphers.
You will find best practices for SSL configurations (protocol and ciphers) in the FAQ section : What cipher and what protocol do I need to accept?
Watch security logs regularly
Security logs identify all attacks blocked by the security policies. Watch the security logs regularly to detect any strange behavior like increasing blocked requests, on which tunnel...
Some strange behaviors and blocked requests can help you to adapt your security policies quickly.
Have a recent configuration backup
To prevent any crash (product, hardware...), it is essential to keep a recent backup in order restore configurations quickly.
Backups can be automaticaly generated and exported with.
Use our use cases
To help you to protect your applications, some use cases are available to meet specific needs.
DenyAll recommends the implementation of the following use cases to help you to optimized the security of your applications :
It is important to keep in mind that the activation those use cases can be ponctual according to events (like cyber-attacks).
Those use cases should not be deployed without studing impacts and avoid unavailability issues on your applications.
- Access Restrictions - Restriction by IP geolocation
- Access Restrictions - Restriction by date and time
- ICX - Control SQL injection in key names
- Request Limiter - DOS Application layer vs DOS Network layer
- Basic bots, scripts and scanners detection
After the announcements of attacks for the 15th January 2015, the ANSSI (Agence Nationale de la Sécurité des Systèmes d'information) have published documents (FR only) describing recommendations and best practices for cybersecurity :
|Table of Contents|