Which security strategy takes more time: configuration or coding?

One of the arguments against the deployment of web application firewalls (WAF) is that it takes time to configure these devices to fit each individual environment. This is allegedly one of the reason...
Published Sep 29, 2008
Version 1.0
application delivery
application security
applications
availability
configuration
design
firewall
internet
security
us
Lori_MacVittie's avatar
Lori_MacVittie
Icon for Employee rankEmployee
Sep 29, 2008
Heh, good one Mike.

 

 

Well, there are some aspects of a WAF, really any security device, that really are zero configuration. Layer 4 & 7 DoS attacks, SYN floods, etc...are generally zero config.

 

 

But for the really cool stuff, the WAF has to learn or be told what URLs to protect, and then you either want to loosen or tighten up the restrictions on parameters depending on the app - all of which requires some configuration.

 

 

Hey, I think we actually agree on this one. I better check outside and see how cold it is... ;-)

 

 

Lori