Prerequisites
The following are required to be installed before the installation of the dotDefender Central Management interface, in order to enable its functioning:
- SQL Server – 2005
- Microsoft .NET Framework – V2.0 and above
- PDF Viewer
System Requirements
These requirements are the minimum necessary for the operation of the CM Interface
Hardware:
RAM: 512 MB
CPU: 1 GHZ single processor
Disk Space: 100 MB (Not including database)
Software:
Windows XP (32-bit)
Windows 2003 Server (32-bit)
dotDefender - Key Features and Capabilities
-
Software plug in
dotDefender is designed as an ISAPI filter for IIS, and as a module for Apache. Works as part of normal web server operation and process and is transparent to any external client accessing the website.
-
Plug and play
Installs in minutes on the web server. Once installed, automatically identifies, and provides immediate protection to all websites. Supports HTTP and HTTPS (SSL) traffic.
-
Multiple platform support
Deployed on IIS and Apache servers, 32 and 64 bit architectures. Supports MS-Windows 2003/2008 and various Linux flavors: RPM based, Debian based, FreeBSD.
-
Predefined rule base
Delivered with best practice security rules for website protection. The rules protect against many diverse attack types. Strong, accurate, finely tuned security rules result in low false positive rate.
-
Automatic update
Automatic updates include protection against zero-day attacks and emerging threats to ensure continuous protection.
-
Granularity
Easily customized security rules at multiple levels: field, form, application, website and server.
-
Flexible customization options
Ability to customize and fine tune the security parameters for each specific application. The regular expression based rules are easy to define and maintain.
-
Security profile per site
Each website may have its own security profile to suit specific application needs.
-
Optimized engine
Optimized engine designed for efficiency, consumes low CPU and I/O resources.
-
Comprehensive Logging
Logging of all blocked requests with full details: e.g., time and date, attack type, source of attack, blocking reason and many others. Provides real-time visibility of application security and allows for quick remediation.
-
Auditing
Keeps track of any changes made to dotDefender, including scheduled audits.
-
Notifications
Supports syslog notifications and e-mail notifications from central management.
-
Reports
Predefined set of reports: executive, standard and detailed including all information about attacks attempts. Dashboard for immediate system status. Customized and scheduled reports with unlimited flexibility and granularity. Standard reports for compliance with PCI, SOX, etc.
dotDefender Technology
Effective Web Application Security
dotDefender is a software based Web Application Firewall. dotDefender complements the network firewall, IPS and other network-based Internet security products by intercepting seemingly legitimate users attempting to use the web applications to commit fraud or gain unauthorized access to valuable and confidential information. dotDefender inspects the HTTP/HTTPS traffic for suspicious behavior. dotDefender protects websites against web application attacks.
dotDefender leverages breakthrough security technology to achieve unmatched levels of protection, dotDefender's unique security approach eliminates the need to learn the specific idiosyncracies of each application. The software focuses on analyzing the request and its impact on the application. Effective web application security is based on three powerful web application security engines:
- Pattern Recognition -- The Pattern Recognition web application security engine effectively protects against malicious behavior such as SQL injection and Cross Site Scripting. The patterns are designed efficiently and accurately to identify application-level attacks. As a consequence, dotDefender is characterized by an extremely low false positive rate.
- Session Protection -- The Session Protection web application security engine focuses on the user session. Session Protection prevents session cookie tampering and blocks attempts to crash the server or reduce server performance by flooding the application with multiple requests on the same session.
- Signature Knowledgebase -- This web application security engine uses signatures to detect requests from known malicious sources such as bots, zombies and spammers. It identifies bad user agents and prevents hacking tools from gathering information about vulnerabilities in Web applications.
dotDefender Central Management - Architecture
dotDefender Central Management is comprised of three decoupled components:
- Container -- MS-SQL server to be contacted locally or over TCP/IP
- Windows Service -- installed on the machine that will poll the dotDefender web servers
- GUI -- installed wherever there is a direct SQL connection to the DB
dotDefender Central Management communicates with dotDefender for IIS or Apache in the following manner:
- A Windows service residing on the CM server frequently polls the web servers using XML over HTTP Post requests
- The dotDefender ISAPI filter intercepts the above-mentioned requests and treats them as CM-issued commands
- The operations required by CM are carried out using the ISAPI filter, with a success indication sent as a response back to CM
- All information called back into CM is serialized as XML messages, and optionally encrypted using an SSL tunnel over the standard HTTP session
- Once it reaches CM, the data is converted into SQL queries to be sent into the MS-SQL server
- The dashboard / central log viewer crafts SQL queries according to the users' filtering/searching preference, and graphically displays the data
