Firewall has always been synonymous with network and application security. In the rapidly changing information age, this once dominant master has become a misconception of information security today. Is firewall still secure? As we all know, today’s applications are gradually transitioning to the Web, what does this mean?

Traditional applications have different ports for different applications, and firewalls open different ports for different applications, as shown in the left figure. Today’s application is transitioning to WEB, and all different applications are hosted on the WWW port. Firewalls only need to open one port, which is the WWW (80) port, as shown in the right figure. The firewall on the left has multiple ports open, while the firewall on the right only has one port open (80), so is the firewall on the right more secure than the one on the left? Of course not, let’s try to approach it from another perspective. After the application is converted to WWW, the header information of each application becomes the payload of WWW applications today. If the firewall does not have a mechanism for deep packet detection, the transformation of applications to WEB will result in the firewall becoming meaningless. According to GARTNER’s prediction, if the firewall is still limited to state detection and does not have a mechanism for deep packet detection, it will soon face the fate of elimination.

Currently, there is a significant change in the attacks launched against data centers. Attackers use various attack techniques, forms, and approaches to launch attacks, often exploiting unknown vulnerabilities, which poses a serious threat to critical business operations. Although many organizations have deployed a single protection solution, such as Intrusion Prevention Systems (IPS), Network Behavior Analysis (NBA), Denial of Service (DoS) protection, and Web application protection. But this deployment not only increases costs and complexity, but also makes networks and services unable to defend against mixed attacks, exposing data centers completely to threats. Therefore, various organizations are seeking a security solution that can integrate multiple security technologies, be scalable, and be provided by the same vendor.

Radware Application Security Protection Solution

Radware (Nasdaq: RDWR) is a leading provider of intelligent solutions dedicated to ensuring fast, reliable, and secure delivery of network or web-based applications over IP. The company has completed interoperability testing between its AppDirector product and BEA’s WebLogic Server 9.0, with the aim of helping enterprise customers eliminate downtime on all BEA servers and achieve continuity in fault-tolerant applications. The Radware product line includes products developed and designed to meet the needs of IP application servers, firewalls, cache servers, and WAN links. Combining the rich feature settings in the market, we provide a fully scalable solution. Radware IAS devices optimize network performance for all companies, e-commerce enterprises, and major ISPs worldwide. And collaborate with major enterprise solution providers to provide customers with the most advanced technology and services.

The Radware application security protection solution can fully meet the security needs of users arising from the constantly changing network threats, help users comprehensively protect their network and data center infrastructure from the growing mixed threat attacks, and enable applications to achieve higher security in data centers. Based on Radware’s years of experience in application security and understanding of the market and user needs, Radware’s application security protection solutions provide users with comprehensive security protection from the network layer to the application layer, providing users with the best security protection for their core applications.

The Radware application security protection solution is mainly implemented by Radware DefensePro and Radware AppWall. DefensePro integrates different tools/modules, management and reporting functions, and each tool/module can provide users with the best detection and prevention of mixed threats at the network and application levels in a synchronized manner. AppWall ensures that user core applications are protected from attacks from the web application level through standardized detection of web applications, such as paralyzing web services, brute force cracking of web login pages, SQL Injection, online interception, Cross Site Stripping, and so on.

Scheme topology diagram

Radware DefensePro

Radware DefensePro is a real-time network attack prevention device that can protect your application infrastructure from network and application downtime, application vulnerability abuse, malware propagation, network anomalies, information theft, and other emerging network attacks.

289761-01 includes a set of security modules – DoS protection, NBA network behavior analysis, and IPS – to fully protect the network from known and emerging network security threats. DefensePro adopts multiple detection and prevention engines, including feature code detection, protocol and traffic anomaly detection, heuristic detection, and behavior analysis. The password weapon of DefensePro lies in its patented, behavior based real-time signature technology, which can detect and mitigate new network attacks in real time, such as zero minute attacks, DoS/DDoS attacks, application abuse attacks, network scanning, and malware propagation. All of these do not require manual intervention and will not block legitimate user traffic.

DefensePro adopts a dedicated hardware platform based on OnDemand Switch, and Radware is the first company to provide on-demand IPS scalability in its IPS model series, with a scaling range of 100 Mbps to 12Gbps. The device can defend against up to 10MPPS of DOS attacks without affecting normal application access. Based on its on-demand and “spending within your means” approach, when your network bandwidth increases, you can upgrade without the need for hardware replacement, ensuring savings in short-term and long-term capital and operational expenses, and achieving complete investment protection.

289761-01 attack prevention includes the following levels of protection (as shown in the figure below):

Layer 1: Network based protection against DoS/DDoS flooding attacks

Layer 2: Server based protection – defense against server resource abuse and server cracking

Layer 3: Client based protection – detecting infected clients and preventing the spread of malicious software on clients

Layer 4: State based feature code protection – preventing known attack vulnerabilities