WebApp Sec mailing list archives
Re: Internal servers, web application firewalls, and learning modes
From: Thomas Wallutis <thomas () wallutis de>
Date: Wed, 3 Dec 2008 10:39:06 +0100
Hi, On Tue, Dec 02, 2008 at 08:14:25AM -0800, Dan Lynch wrote:
All other things being equal, is a web application firewall an effective way to protect an internal web server from attack?
What kind of attack do you expect? What asset do you want to protect? Its difficult to give an answer when the question is not clear.
Is ISA Server a useable WAF for an organization with little internal expertise?
As far as i understand what a WAF should do i would not call ISA a WAF. But you can publish internal web servers and do the authentication at the ISA server and not at the web server. My personal opinion is that you really need a redesign of your internal net. Separate the customers web servers from your domain. You are working on the symptoms, not on the problem. Greetings Thomas ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Internal servers, web application firewalls, and learning modes Dan Lynch (Dec 02)
- Re: Internal servers, web application firewalls, and learning modes Preston Connors (Dec 02)
- RE: Internal servers, web application firewalls, and learning modes Erwin Geirnaert (Dec 02)
- Re: Internal servers, web application firewalls, and learning modes yelukati mahendra (Dec 02)
- Re: Internal servers, web application firewalls, and learning modes Thomas Wallutis (Dec 03)