This is a feature firewall which comes with Load bal¬ancing and web acceleration capabilities. It can be implemented as a filtering gateway to validate requests to a web server. Profense also provides protection against CSRF (Cross Site Request Forgery) and session hijacking attacks with the use of validation through cryptographic tokens. The firewall uses web server isolation and cloaking techniques to protect a web server, ie no direct requests are sent to the original web server, it only forwards HTTP/HTTPS requests to the back-end servers. Also from the responses sent from the backend servers, firewall removes information such as the web server version, details of as etc, before sending responses to the client; as attackers often use this information to perform targeted attacks. Another unique feature present in Profense is 'HTTP header compliance checking, ' where you have two types of compliance checking, strict header compliance and pragmatic HTTP head¬ers compliance checking. In Strict header, the firewall validates all re¬quests coming from clients against a valid list of HTTP headers; this helps to prevent attacks that aim to exploit web app vulnerabilities. However, pragmatic compliance uses much lighter access policy as compared to the Strict method, and allows non-standard headers to pass through.

Name: Profence.jpg Views: 339 Size: 35.1 KB

Profense web firewall supports both positive as well as negative security models. The Positive security model protects against unknown threats by determining only allowed requests and blocks everything else, whereas the Negative security model can be used along with Positive model as it provides protection against known attacks through signature matching.

Profense can be downloaded from download_software.html. Currently it's avail¬able in a CD ISO image and virtual appliance format. We boMed the machine with the ISO image and found that the machine automatically formats the hard drive and installs Profense web app firewall on it. During installation it asked for IP addresses for network interface. Once installed, Profense can be accessed through its web management interface. initial configuration of is easy and it first asks the user to define virtual proxy for the original web server. Its web interface also has tools to test network connectivity, take backups, reboot firewall, etc.