We Optimized Your Assets

Web Server Protection

June 28th, 2013 by

Web Server Protection

Attackers can easily take advantage of your web server’s weaknesses to steal data, obtain unauthorized access and infect systems. They simply have to do something the web server doesn’t expect. Manually protecting the web server against these threats requires specialized expertise.

Sophos Web Server Protection eliminates this need. We use a reverse proxy to protect your web server and web applications against the unknown. A clear administrative interface simplifies policy setting.

Web Application Firewall
Hackers can use a number of attack methods to silently test your site and applications for security holes. Our Web Application Firewall keeps hackers at bay by scanning their activity and identifying probes and attacks.

The Sophos Web Application Firewall adds a scanning engine and attack pattern recognition to the Web Server Protection suite of tools. Easily create a security profile and in minutes your servers are protected from attacks like SQL injection and cross-site scripting (XSS). Patterns are downloaded and applied in real time to keep you protected automatically.

The Sophos Web Application Firewall identifies and prevents attacks against your web servers and applications:

  • Over 350 patterns are dedicated to this single area of protection
  • Live-updated in real time using Sophos Up2Date technology
  • Can be configured by any administrator, no special training is required
  • Support for multiple profiles, which can be applied to different servers separately
  • No complex regular expressions to master
  • Reduces the risk of data theft and site tampering

Antivirus Scanning
Our dual scanning engines operate in parallel at the network gateway, scanning all traffic to and from your web servers. Visitors are unable to upload infected content, and your servers are protected from exploits. Making sure they don’t hand out malicious files and infected content to your customers.

Malware is most commonly carried via the web and also in emails. Our solution stops malicious content before it enters the network. Our dual-scanning system scans files, messages and website objects twice with different engines. Reducing the risk of new and emerging threats from entering the network undetected.

Our antivirus includes the following features and capabilities:

  • Dual, independent virus scanners with multiple detection methods
  • Virus signatures
  • Heuristic analysis
  • Scans HTTP and HTTPS, traffic to and from your servers
  • Compares content to a huge signature database
  • More than 800,000 virus signatures
  • Frequent automatic updates
  • Features flexible management
  • Can specify to scan uploads, downloads or both

Form Hardening
We inspect and validate the information submitted by visitors via forms on your websites. This stops users from submitting invalid data that can damage or exploit your server.

Form hardening is designed to prevent website visitors from submitting unexpected information via web forms. We check the data for each field to make sure it is valid. For example, if a user is offered a ratings dropdown with a possible value of “1-5,” any other number is invalid. Sophos Form Hardening rejects the form so your web server and applications remain protected.

Sophos Form Hardening technology gives you control of the data submitted via forms on your site with:

  • Form data analysis
  • Legitimate response awareness
  • Encrypted response packaging
  • Rejection of tampered forms
  • Rejection of forms that remove the form hardening package

URL Hardening
When your web server tries to interpret a crafted URL, it can create a hole that can be used to obtain access to your server. Our URL Hardening technology enforces the requests that a visitor is allowed to make, restricting them to valid ones only.

URL Hardening enforces the requests a client is allowed to make of a web server. It makes certain that the user’s next click is one the web server is actually expecting. This protects your web server if you have left a directory open, misconfigured a script/application or otherwise left your site open to exploitation. Simply define the “ingress” points for your website (i.e., www.sophos.com).

Sophos auto-whitelists’ the users next available “moves” by examining the valid links and navigable points the web server issues. Thus, URL Hardening regulates users’ activity to known paths and areas of expected access.

Sophos URL Hardening lets you keep visitors on proper paths as they move around your site(s):

  • Define and manage allowed entry URLs
  • Prevent unwanted “deep-linking” to your site and control entry points
  • Inspect the objects returned from a server in response to a user request and enforce that the next thing they request is on that list
  • Prevent users from passing commands to your servers that can exploit or overwhelm them
  • Keep visitors from accessing areas of the site not meant for them, like an /admin directory that is not appropriately secured
  • On-the-fly inspection and building of object and URL whitelist customizes the feature per-user

Cookie Protection
Hackers can exploit cookies and put your website visitors at risk. Our Cookie Protection ensures that the cookies given to visitors by your web servers have not been tampered with. Each cookie is digitally signed so the integrity of the information can be verified.

Attackers can exploit the contents of cookies for their own gain. You can prevent cookie tampering by becoming an expert on cookies and how they can be used against users. Or you can prevent cookie tampering with Sophos Cookie Protection. Each cookie is digitally signed. Any attempt to tamper the cookie invalidates the signature. The server can verify that the cookie is valid before it is processed.

Sophos Cookie Protection prevents hackers from changing the contents of a cookie distributed by your web server(s) to your users:

  • Digitally signs each cookie
  • Tampering with the cookie invalidates the signature
  • Cookies declared invalid by Sophos Web Protection are not be handed to the web server
  • Protects against cookie poisoning techniques and other creative attacks that exploit these common data points