NSFOCUS WAF Syslog Introduction
março 3, 2023
In computing, syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the type of system generating the message, and is assigned a severity level. Computer system […]
Introduction to NSFOCUS WAF REST API
fevereiro 17, 2023
WAF REST API is known as the secondary development interface, and can be called by third-party platforms/software for adding, deleting, modifying, and querying WAF as wells its site, policy, and other configurations. Basic Conventions Format conventions: WAF REST API requests and responses are in JSON format: The attribute (primary key) name and character string of […]
NIPS V5.6R10 Policy Matching Mechanism
fevereiro 3, 2023
The NIPS policy matching mechanism is blocking first. That is, when traffic is matched against all policies, if one policy is matched whose action is set to block, traffic is blocked. When configuring IPS policies, it is recommended that they should not be overlapped. For example, security zones should not be overlapped, and address objects […]
NSFOCUS NTA Syslog Introduction
janeiro 27, 2023
Computer system designers may use syslog for system management and security auditing as well as general informational, analysis, and debugging messages. A wide variety of devices, such as printers, routers, and message receivers, across many platforms use the syslog standard. This permits the consolidation of logging data from different types of systems in a central […]
SSL Certificate Replacement on NSFOCUS ADS
janeiro 20, 2023
A Secure Sockets Layer (SSL) certificate is digitally signed and issued by a trusted certificate authority (CA) to an organization for authentication of server identities and encryption of data in transit. Therefore, SSL certificates can protect user privacy and information security. For a website with an SSL certificate issued by a CA, the browser marks […]
NSFOCUS WAF Website Certificate Generation Method
janeiro 13, 2023
To protect HTTPS websites, the certificate used by these websites needs to be uploaded to NSFOCUS WAF. These certificates may be in different formats, such as .pfx, .crt, and .pem. NSFOCUS WAF, however, supports .cer certificates only. Therefore, the customer needs to extract the certificate information and private key from the original certificate file and […]
NIPS V5.6R10 Rule Types
janeiro 6, 2023
NIPS V5.6R10 has five types of rules to detect DDoS attacks, local privilege elevation, information gathering, suspicious network behaviors, and network monitoring events, respectively. They are described as follows. 1. Information gathering Information gathering is the first step of network intrusion. Attackers use various methods to scan and probe target hosts and identify paths to […]
NTA Traffic Troubleshooting
dezembro 30, 2022
Common Problems (1) Choose Monitor > Router, and find that no data is displayed or the router traffic data size is greatly different from that in the real situation.(2) The traffic of some region IP addresses is not monitored.(3) Before upgrading to NTA V4.5R90F02SP06, the router can monitor traffic data, but after the upgrade, no […]
Introduction to NSFOCUS WAF Web Decoding Function
dezembro 22, 2022
WAF web decoding function can decode base64-encoded data. After that, WAF performs attack detection by identifying attack signatures and provides prevention. The web decoding function is configured per website. Web Decoding Configuration Step 1. Choose Security Management > Website Protection, select a website group, click Web Decoding, and then click Create in the upper-right corner […]
Security Concept for Software Supply Chain (Part 2) — Assessable Capabilities of Software Supply Chain Compositions
dezembro 14, 2022
To deal with threats from supply chains and ensure the security of their own IT infrastructure, companies shall set a list of software compositions to sort out the supply chain products, identify and manage key software suppliers, control security risks through security assessments at all stages of the life cycle of supply chains, and reduce […]
