Navigation

    ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Jimmy9008
    J
    • Profile
    • Following
    • Followers
    • Topics
    • Posts
    • Best
    • Groups

    Jimmy9008

    @Jimmy9008

    273
    Reputation
    999
    Posts
    1421
    Profile views
    2
    Followers
    1
    Following
    Joined Last Online
    Location Camden Town, London, United Kingdom Age 33

    Jimmy9008 Follow

    Posts made by Jimmy9008

    • RE: Virtual WAF

      @Dashrender said in Virtual WAF:

      @DustinB3403 said in Virtual WAF:

      @Jimmy9008 said in Virtual WAF:

      If this forum is not one that is able to help and would rather comment on structures that are entirely outside of my control, ill go elsewhere.

      This is the place to discuss this sort of thing. @Dashrender is just trying to ruffle feathers. Ignore him.

      You may see it that way - I see this is a shift of - they no longer have money, so they are going to pawn off the responsibility to someone else - that's at minimum seemingly disrespectful.

      It is. For sure. I get what you are saying. 100%. But that is the situation we are in, disrespectful or not. Until 2022 I will not have budget to put something perhaps more solid in place, so I need to put something in place for now until then. Discussing the situation wont help, I am at the stage of seeing what is possible to get us somewhere better than nothing.
      If that makes sense?

      posted in IT Discussion
      J
      Jimmy9008
    • RE: Virtual WAF

      @Dashrender said in Virtual WAF:

      @Jimmy9008 said in Virtual WAF:

      @Dashrender said in Virtual WAF:

      @Jimmy9008 said in Virtual WAF:

      @VoIP_n00b said in Virtual WAF:

      Cloudflare Pro has a WAF but it's $20/month.

      I don't think that would be a direction we would use. I like CF but it just wont happen here.

      They can't afford $20/m to protect this? does whatever they are doing even make sense to do?

      Currently correct, no budget for this. What they want to do makes sense for them, but not for an IT perspective. The applications are demo environments which are shown to potential customers. We have many of these environments to demo the solutions globally.

      The product team have decided they want to cut their budget this year and have cut out the WAF which sits in front of their demo applications. I believe they had some form of Citrix solution which sat in front of the webservers to do the higher layer checking like XSS/SQL Injection and stuff like that. Due to their decision, this now sits with IT.

      Essentially, this is not in the IT budget and it is rigid. So most likely will be until 2022 until any budget is allowed at all for this. Crazy I know.

      Hence, wanting something between the internet and their now less protected application at no real cost. ModSecurity or something like that looks like a good start.

      So they believed they needed good security - hence why they looked/had Citrix stuff before (didn't know they did that), but now, because of budget, they no longer care about it... this is completely the wrong way to do things.. wow.

      Now that's not to say they shouldn't reevaluate what they are doing - and find a solution that is more cost effective, but to go from a hugely expensive system (Citrix) to a free one is just asking to be hacked.

      Also, you said this is now for IT to manage - uh.. what? It's always been for IT to manage.

      Perhaps in other companies, yes. But not here, until now. The teams are very well defined and IT here is kept to core infrastructure only. As this infrastructure interacts with customers it is with a different team. That team has decided to cut their budget out and remove the component, and has said "IT, its now your problem" which until now had not been the case.

      I am not here to discuss the particulars of where this should sit or not. I am asking for any thoughts on what WAF options are available, ideally at no direct cost.

      If this forum is not one that is able to help and would rather comment on structures that are entirely outside of my control, ill go elsewhere.

      posted in IT Discussion
      J
      Jimmy9008
    • RE: Virtual WAF

      @Obsolesce said in Virtual WAF:

      @Jimmy9008 test or demo environments should never be any less secure than production.

      Yes, I agree. Hence wanting to put something in place.

      posted in IT Discussion
      J
      Jimmy9008
    • RE: Virtual WAF

      @Dashrender said in Virtual WAF:

      @Jimmy9008 said in Virtual WAF:

      @VoIP_n00b said in Virtual WAF:

      Cloudflare Pro has a WAF but it's $20/month.

      I don't think that would be a direction we would use. I like CF but it just wont happen here.

      They can't afford $20/m to protect this? does whatever they are doing even make sense to do?

      Currently correct, no budget for this. What they want to do makes sense for them, but not for an IT perspective. The applications are demo environments which are shown to potential customers. We have many of these environments to demo the solutions globally.

      The product team have decided they want to cut their budget this year and have cut out the WAF which sits in front of their demo applications. I believe they had some form of Citrix solution which sat in front of the webservers to do the higher layer checking like XSS/SQL Injection and stuff like that. Due to their decision, this now sits with IT.

      Essentially, this is not in the IT budget and it is rigid. So most likely will be until 2022 until any budget is allowed at all for this. Crazy I know.

      Hence, wanting something between the internet and their now less protected application at no real cost. ModSecurity or something like that looks like a good start.

      posted in IT Discussion
      J
      Jimmy9008
    • RE: Virtual WAF

      @VoIP_n00b said in Virtual WAF:

      Cloudflare Pro has a WAF but it's $20/month.

      I don't think that would be a direction we would use. I like CF but it just wont happen here.

      posted in IT Discussion
      J
      Jimmy9008
    • RE: Virtual WAF

      @DustinB3403 said in Virtual WAF:

      @Jimmy9008 I've not used this before but it appears in multiple search engines near the top.

      https://modsecurity.org/

      Appears to have both free and paid options, and is open source.

      That did pop up from an initial search online. Seems like a good point to start with. Thank you

      posted in IT Discussion
      J
      Jimmy9008
    • RE: Virtual WAF

      @Obsolesce said in Virtual WAF:

      @Jimmy9008 said in Virtual WAF:

      We will soon have a few webservers/applications

      Running on which webserver(s)?
      What kind of web apps, what language?

      As I understand the handling of web traffic is handled directly in the application using HTTP.sys and the application is written in ASP.NET

      posted in IT Discussion
      J
      Jimmy9008
    • Virtual WAF

      Hi folks,

      Would anybody be able to recommend some virtual Web Application Firewalls? I have not looked at this before and want to see what options are available from you pro's before doing more online research.

      We will soon have a few webservers/applications sitting behind HAProxy, which sits behind our ASA. Ideally we would be able to stick a WAF between HAProxy and the ASA. No budget for a physical box.

      Probably no budget for a paid for virtual solution either. I hope to see something like HAProxy where it is free to use with a paid option.

      Cheers

      posted in IT Discussion
      J
      Jimmy9008
    • RE: Security Information Event Management (SIEM)

      We use Dell SecureWorks MDR. Has been good so far. We get quarterly meetings and whenever anything questionable is seen in logs/scans/user usage, we are contacted.

      posted in IT Discussion
      J
      Jimmy9008
    • RE: TeamCity/Apache Tomcat

      Yes, my firewall guys have said we have the license available but do not use the feature.

      posted in IT Discussion
      J
      Jimmy9008