In December 2017, the report of the law enforcement inspection team of the Standing Committee of the National People's Congress on inspecting the implementation of the network security law and the decision on strengthening the protection of network information was submitted to the 31st meeting of the Standing Committee of the Twelfth National People's Congress for deliberation. In order to understand the network operation, the law enforcement inspection team entrusted China Information Security Evaluation Center to conduct remote penetration test and vulnerability scanning on 120 randomly selected key information infrastructures (60 portals and 60 business systems).

The report shows that among the 120 key information infrastructures in the remote test, there are 30 security vulnerabilities, including 13 high-risk vulnerabilities. Among them, there are three high-risk vulnerabilities in the Internet supervision comprehensive platform of a provincial department, such as ultra vires uploading, ultra vires downloading and ultra vires deleting files, which seriously threaten the security of the system and server, and there is also a serious risk of user information disclosure. Remote detection also found that there was a risk that the pages of several municipal government portals divided into districts were tampered with.

Article 7 of Decree No. 82 of the Ministry of public security expressly stipulates that Internet service providers and Internet users shall implement the following technical measures for Internet Security Protection:

1. Technical measures to prevent computer viruses, network intrusion, attack damage and other matters or behaviors endangering network security;

2. Redundant disaster backup measures for important databases and main equipment of the system;

3. Record and keep the technical measures of user login and exit time, calling number, account number, Internet address or domain name and system maintenance log;

4. Other safety protection technical measures that should be implemented according to laws, regulations and rules.

According to IDC's statistics, 75% of the attacks on the current network are aimed at web applications. With the increasing number of web applications, security problems such as web abuse, virus flooding and hacker attacks occur frequently, resulting in web applications being tampered with and data being stolen or lost.

The web security attacks faced by government agencies and units mainly include the following:

one   SQL injection;

two   Cross Station XSS;

three   Directory traversal;

four   Web page tampering;

five   Sensitive data disclosure.

Traditional network boundary protection products, such as firewall and IPS, only focus on IP, port services and single traffic analysis, and can not track user activities and complete session traffic. General WAF is based on feature library protection, which is easy to be bypassed, and library brushing behavior is common.

Palladium next generation web application firewall (ngwaf) is a new generation data protection system developed by Hangzhou Palladium Network Technology Co., Ltd. Ngwaf can accurately identify web applications and content access, and has complete security protection capabilities, analysis and identification. Monitor and record the operation status in real time, various behaviors of accessing web services, find abnormal access to services in real time, and block them in time. Through the unique automatic learning function of web application web page, that is, whitelist modeling, it is tailored for the customer business system. Only the access traffic conforming to the whitelist can be released to learn and understand the customer's business. The modeling from fine-grained to parameter content can effectively reduce the problem of false positives and completely solve the problem of false positives, so as to build an absolute business security system.

Based on mature technology, ngwaf adopts modular design and efficient data processing concept. It can meet the requirements of various large flow and high concurrency web business systems, support series and bypass deployment, support 100% blocking, high performance and low delay, and can automatically trigger bypsss after failure. The reverse proxy mode deployment does not need to change the network topology, supports 100% blocking, supports load balancing in the cluster environment, and can adapt to various network environments.

Deployment mode

Site access control

In view of the user scenario that some paths of some web sites only allow certain IP access, and some paths are not restricted by access IP, ngwaf only allows access to the specified host name through explicit configuration, which avoids the permission abuse caused by this hidden danger from the level of security policy configuration, and the access control is more strict.

Online protection against web page tampering

Filter the mixed web page tampering attack traffic in HTTP requests in real time (such as SQL injection, XSS, etc.). Afterwards, automatically monitor the integrity of all pages to be protected on the website, detect that the web page has been tampered with, block it in time, still display the normal page before tampering, and users can visit the website normally.

Web hanging Horse online protection

When a user requests to access a page, Palladium ngwaf will online detect the web page content responded by the server side, judge whether malicious code is implanted, automatically filter the malicious code, and protect against various attacks against web applications such as sensitive information disclosure.

Avoidance of legal liability

Meet compliance requirements.