Hello everyone, Do you have any recommendation which attach signatures set should be added to the policy as a best practice? I mean except it has been added by Server Technologies. For example, do i need to add SQL injection signature set to the policy in order to prevent those types of attack?
If your application relies on a back-end SQL DB then yes, you should add the SQL Injection signature sets to secure it. It sounds like Server Technologies are being automatically detected and added your policy. That's good because all you really need are the attack signatures for the OS, web server, application framework, and database which match your environment. This means you won't have to manage violations triggered by attack signatures which are not related to your infrastructure. Make sense?
If your application relies on a back-end SQL DB then yes, you should add the SQL Injection signature sets to secure it. It sounds like Server Technologies are being automatically detected and added your policy. That's good because all you really need are the attack signatures for the OS, web server, application framework, and database which match your environment. This means you won't have to manage violations triggered by attack signatures which are not related to your infrastructure. Make sense?
Thanks Erik! Yes Server technologies are automatically added to the policy with some signature sets as you know. By default, Generic Attach Signatures are already added and prevent some set of attacks such sql injection but also there is another set of signatures on the Change button and SQL Injection Signatures. Question is that, do i need to add these signatures to the policy, because default added generic attack signatures already blocked those types of attacks as i know.
As Erik is saying better talk with you dev and server teams about what is the database, what is the operational system on server, what programming languages are used as such things need to be asked.
