Zeus Application Firewall Module - How it works

Zeus Application Firewall Module Architecture

Zeus Application Firewall Module is an additional module for the Zeus Traffic Manager (Application Delivery Controller). It runs on the same server, and Zeus Traffic Manager 'hands off' requests and responses to the application firewall module for more detailed inspection and sealing according to a range of tests and security measures:

Zeus Application Firewall Module applies a number of tests and operations to web traffic:

• The starting point is the Baseline Protection Wizard which checks all traffic against a set of common attack signatures. Updates to the signature database are issued regularly.
• Sanity checks are performed against HTTP requests to intercept and disallow common HTTP syntax attacks such as smuggling and excessive request sizes.
• Encryption cabilities can be applied to cookies, form parameters, and URLs, and a cryptographically-secure user-specific cookie used to manage user sessions.
• Zeus Application Firewall Module can inspect and mask out sensitive data in outgoing traffic. For example, the Payment Card Industry Wizard uses this capability to mask any PAN (Primary Account Numbers) to comply with PCI DSS section 3.3.
• In total, approximately 40 different handlers can be applied to validate and seal requests and responses, leading to a sophisticated security policy that can be tuned to the precise needs of your web applications.

Configuration Strategy

Zeus Application Firewall Module follows a 'deny-all' policy by default, whereby all traffic is rejected by a 404 Not Found error unless a configuration exists to process it.

Zeus Application Firewall Module is configured by way of Applications - a service (or simlar group of service) identified by a set of hostnames. Any traffic that matches these hostnames is evaluated against the application's Ruleset.  Rulesets define the security policies and parts of a ruleset may be applied conditionally - against URL prefixes for example, or disregarded for certain IP ranges.

A ruleset declares which security handlers (from a selection of over 40 different functions) are applied to the application traffic. Rulesets are initally configured using easy-to-use Wizards, then refined by modifying the individual handler configuration directly in 'Expert' mode.

Tests are applied to traffic bidirectionally - to responses as well as requests.  It not only permits or rejects traffic.  It can also modify requests and responses to encrypt or obscure sensitive data and content if necessary.

Installation

Zeus Application Firewall Module is co-installed with Zeus Traffic Manager software and performance scales linearly with the Zeus Traffic Manager cluster.

• Read more: Using Zeus Application Firewall Module

In this Section

• Application Firewall
• How it works
• Using Zeus Application Firewall Module
• PCI DSS
• Tech Specs

Related Links

• Application Firewall Brochure
• PCI DSS Compliance
• Traffic Manager Brochure
• What is an Application Delivery Controller?
• Options
• Software