The Firewall IPS (Intrusion Detection System) is a security tool designed to protect against various types of attacks targeting web applications. It analyzes incoming user input and request data to detect and prevent common web application attacks. Some of the attacks that the IPS aims to protect against include:
- Cross-Site Scripting (XSS) attacks: The Fraud Intelligence detects attempts to inject malicious scripts into web pages that can be executed by users' browsers.
- SQL Injection attacks: The Fraud Intelligence identifies attempts to manipulate SQL queries by injecting malicious SQL code, thereby protecting against unauthorized access to the database.
- Remote File Inclusion (RFI) attacks: The Fraud Intelligence detects attempts to include remote files into PHP scripts, preventing the execution of potentially malicious code from external sources.
- Local File Inclusion (LFI) attacks: The Fraud Intelligence identifies attempts to include local files into PHP scripts, guarding against unauthorized access to sensitive files on the server.
- Remote Code Execution (RCE) attacks: The Fraud Intelligence detects attempts to execute arbitrary code on the server, protecting against malicious users gaining unauthorized control over the application.
- Cross-Site Request Forgery (CSRF) attacks: The Fraud Intelligence identifies attempts to trick users into performing unintended actions on authenticated websites without their knowledge or consent.
- Directory Traversal attacks: The Fraud Intelligence detects attempts to access files and directories outside the intended scope of the application.
- Insecure Direct Object References (IDOR): The Fraud Intelligence helps prevent the manipulation of object references to access unauthorized resources or perform unauthorized actions.
Command Injection attacks: The Fraud Intelligence detects attempts to execute arbitrary system commands, protecting against unauthorized command execution.
We provide IPS logs in a dedicated section. You can review source IP, country, attack protocol, type, URL, date, score and more to enhance your web application security. This feature is detailed in another help article.
To suite your need, our technology may be activated in "Balanced" mode or "Ironclad" mode.
"Balanced" mode represents a balanced approach to security. It aims to provide a reasonable level of protection against a broad range of threats without overly impacting system performance.
In "Balanced" mode, the IPS may be configured to have a moderate level of stringency in its rules and policies. It seeks to strike a balance between robust security measures and the need to ensure that legitimate traffic is not unnecessarily blocked or slowed down. This mode is suitable for environments where maintaining a good level of security is important, but without sacrificing the efficiency and performance of regular operations.
"Ironclad" mode is a more robust and stringent approach to security hardening. This mode involves a higher level of strictness in the IPS rules and policies, aiming to provide maximum protection against potential threats. In "ironclad" mode, the IPS may be configured to enforce stricter rules, potentially leading to a higher number of false positives. False positives occur when legitimate traffic is incorrectly identified as malicious. While this may result in more blocked requests, it also ensures a higher level of security.
To ensure that legitimate backoffice users are not blocked by IPS (Intrusion Prevention System) and to establish the crucial first step in securing the backoffice, clients must add the IPs used by the team managing the website to the admin whitelist before any attempt to access the script's backoffice. This step is essential because many backoffice requests, especially during editing, may appear as potential attacks to security systems. By maintaining an admin whitelist, the system recognizes and permits the trusted IPs associated with the website management team, preventing unnecessary blocks and ensuring a smooth and secure backoffice experience.