Written by: Gábor Marosvári, Product marketing lead, Balasys
Key new features that have been added to the product since the 1.0. release
In the past period, intensive development and background work have shifted our focus inward, resulting in poor communication when it comes to Proxedo Network Security news. We’re sorry about that! I would like to emphasize that the development of PNS is nevertheless ongoing! Thanks to these efforts, Balasys’ highly flexible, proxy-based network security suite now boasts an updated architecture, a renewed GUI and several new features. In this post, I’d like to summarize the key new features that have been added to the product since the 1.0. release.
Proxedo Network Security was one of the first IT security products to support the latest TLS 1.3 cryptographic protocol. You can encrypt non-encrypted or legacy internet protocols with the most advanced encryption standard currently available on the market. The security of the communication can be further improved by requiring strong authentication from the user. Based on this feature set, you can implement highly secure web browsing, mailing or even e-banking/e-commerce services over your less-secure internet infrastructure. Another potential use is the strong encryption of data stored in cloud services.
Based on the integration with Apache ModSecurity WAF, PNS can now inspect and analyze the content of encrypted and non-encrypted internet traffic to verify that it conforms to the standards of the HTTP(S) in use. Beyond detecting advanced attack vectors, it can also hide the vulnerabilities or development errors of the web servers. This is a reliable tool for protecting your organization's public internet services.
The PNS can now support the Internet Content Adaptation Protocol (ICAP). Thanks to ICAP support, PNS can integrate with several third-party security solutions such as DLPs, IDS/IPS and anti-malware tools, including multi-scan engines and sandbox-technologies. The above integrations can also be implemented via encrypted channels. This feature empowers you to build a custom and comprehensive threat management environment to protect your enterprise network.
Many websites (e.g. facebook.com) don’t have a fixed IP address, yet you still need to control access to them. In addition, sometimes you are not allowed to inspect certain types of encrypted traffic (from privacy or other reasons), but you may still want to gain some control over this traffic tool. In such cases, hostname-based decisions can help you: you can control the access to these sites based purely on their hostnames. Essentially, this is a special URL-filtering capability helping you set up rules solely based on the domain name information, without knowing the IP address or the outgoing traffic content. For example, you can leverage this function in the following cases:
Proxedo Network Security offers a rule for limiting network connection rates. This feature comes in especially handy when your site is under (D)DOS attack or there are enormous peaks in the everyday traffic. You can configure the product to prioritize the requests in such cases by serving more important transactions first, while limiting the bandwidth for others.
PNS can automatically recognize certain protocols and services and can selectively handle these based on preconfigured connection rules. Currently, the supported protocols and services are as follows: HTTP, SSH, server certificate and Sever Name Indication (SNI).
The PNS 1.0.5 supports form-based authentication in HTTP protocol. It can be presented to the user with an editable ‘form’ to fill in and submit in order to log into a given web application or service. You can even integrate it with your existing AD/LDAP database. Form-based authentication is a platform-independent and customizable solution to unify the web-based authentication process across your company, customers and partners.
We are continuing the development of Proxedo Network Security to make it the most customizable, reliable and resource-efficient network security suite available on the market today. From now on, we are going to post some important news about Balasys and the Proxedo product family on a regular basis. Stay tuned!
Ez a blogposzt a Creative Commons Attribution-ShareAlike 4.0 International (CC-BY-SA 4.0) License feltételei mellett licencelődik.
Szilárd Pfeiffer: API security: there is nothing new under the sun
With the incredible amount of data flowing through them, the security of APIs is becoming a growing concern in the IT industry. What are the best practices and proven solutions that organizations can follow in order to ensure the security of their APIs? There is really nothing new under the sun: APIs are secured by exactly the same precautions as anything else you publish on the internet.
Gábor Pék: Trusted Types: A world without XSS
XSS, or cross site scripting, is one of the most widespread security problems today, as confirmed by statistics from bug-hunting companies such as Hackerone. Although our defenses have been significantly strengthened in recent years, this attack vector is still with us. As we move away from server rendered pages towards SPAs (Single Page Applications), we are being forced to deal with a new type of XSS attack: the DOM XSS. Gábor shares the story of the creation of Trusted Types, a new browser-based protection mechanism, and his experience with implementing it into Avatao’s Angular code base. According to a study conducted by Google, the company "has zero DOM XSS among applications migrated to Trusted Types." A great result, to be sure! But is it worth the effort?
Csaba Krasznay: Wars and Cyber Warfare in the Age of APIs
A new chapter in the security of our world opened on 24 February 2022. The term ‘our world’ must also include cyberspace, as the Ukrainian-Russian war has openly demonstrated our dependence on information systems and the vulnerability of this ecosystem. Although the news of the war is still concerned with conventional armed clashes, more and more information is available concerning the activities and tools of the various state and non-state hacker groups. Companies can prepare for the re-emphasis on cyber operations as the battles in physical space subside, with the difference that perhaps less significance will be placed on financial gain and far more on destruction. Most of enterprise IT has already migrated to the cloud and solutions that exchange data through APIs, which have have become widespread. However, the rapid transition has focused on efficiency rather than cybersecurity. It is no coincidence that, according to Gartner, APIs are expected to be the most attacked interfaces in 2022.