How To Remove ‘Protected View’ Status From A File In Microsoft Office

Files downloaded from the internet aren’t always safe. While this usually means EXE files, documents too can be dangerous. This is why apps that can open documents, spreadsheets, or presentations, etc., are weary of items that were downloaded from the internet or copied from a different system. Microsoft Office will open files that came from the internet but it won’t enable editing unless you explicitly allow it to. While this is for your own protection, it also applies to documents you downloaded from your own email. If you want, you can remove the ‘Protected File’ status from a file.

Remove ‘Protected View’ Status

Open the folder containing the file that has ‘Protected View’ status. Right-click it, and select Properties from the context menu. In the Properties window, on the General tab, look for a Security section at the very bottom. Select the Unblock box and click the Apply button.

Open the file and you will no longer see the Protect View bar at the top. If you do see it, close the file, and open it again. On the second attempt, the bar ought to be gone.

This will apply only to that file alone. All other files that were copies of this file, or that you downloaded, or copied from a different system will still open in Protected View. You have to remove the ‘Protected Status’ from each file individually.

This works for all sorts of files that any of the apps in the Microsoft Office suite can open. If you have a spreadsheet or a presentation that opens in protected view, this will disable it.

If you have other apps that open files in some similar protected mode, this will likely disable it as well. If it doesn’t, it’s likely that the app is using its own protection mode to keep you safe. Check the app’s settings, or the file’s security settings to see if there’s an option to disable it.

Once removed, the protection can’t be added back. What you’re basically doing is editing the properties of a file so that it is no longer recognized as one downloaded from a different system. If you need to add some sort of protection to the document, you can check some of the options that Microsoft Office apps offer. There are ways to restrict people from editing a file and you can always add a password to make sure that no one without it can make changes to it.

Read How To Remove ‘Protected View’ Status From A File In Microsoft Office by Fatima Wahab on AddictiveTips – Tech tips to make you smarter

How To Check The Security Of A Linux PC With Lynis

If your Linux security is lacking, a good idea is to audit your system. A great way to run an audit is to use a program that tests security and offers concrete solutions. One such auditing tool is Lynis. It’s a a tool that can check the security of a Linux PC. It scans any Linux PC, tests its security, and prints out a list of possible issues and fixes. The best part of this tool is that it’s very simple to use and anyone can use it.

Ubuntu/Debian

Lynis has excellent support for Debian and Ubuntu through their own software repository. Enabling this software repository is a little different from other software sources, as it’s a traditional software repository. There are no PPAs or anything. This is so that Lynis works on both Debian and Ubuntu without issue.

To start the installation, launch a terminal window and download the correct GPG key.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C80E383C3DE9F082E01391A0366C67DE91CA5D5F

With the key working, add the new Lynis software source to the system.

sudo -s
echo '#Lynis repo ' >> /etc/apt/sources.list

echo 'deb https://packages.cisofy.com/community/lynis/deb/ stable main' >> /etc/apt/sources.list

The Lynis software repo needs a special package. This package will allow Ubuntu (or Debian) to interact with HTTPS software sources.

sudo apt install apt-transport-https

or

sudo apt-get install apt-transport-https

With the Apt-transport-https package working on your system, it’s safe to refresh the software sources. Run update in the terminal.

sudo apt update

or

sudo apt-get update

Finally, install Lynis.

sudo apt install lynis

or

sudo apt-get install lynis

Arch Linux

Like most programs, Arch has the Lynis security tool in the AUR. To install it, launch a terminal and install Git and the Base-devel packages. Then pull the code down and generate a new Arch package.

Note: please understand that installing software directly from the Arch AUR, rather than the official software sources means that sometimes dependencies do not install. You may need to install these packages manually if this happens during the Lynis installation process. Dependencies can be found at the bottom of this page here.

sudo pacman -S git base-devel
git clone https://aur.archlinux.org/lynis-git.git

cd lynis-git

makepkg -si

Fedora

Lynis has support for Fedora, though it requires a third-party software source to install it. Enable the software source by launching a terminal and using the touch and echo commands.

sudo -s

touch /etc/yum.repos.d/cisofy-lynis.repo
echo '[lynis]' >> /etc/yum.repos.d/cisofy-lynis.repo
echo 'name=CISOfy Software - Lynis package' >> /etc/yum.repos.d/cisofy-lynis.repo
echo 'baseurl=https://packages.cisofy.com/community/lynis/rpm/' >> /etc/yum.repos.d/cisofy-lynis.repo
echo 'enabled=1' >> /etc/yum.repos.d/cisofy-lynis.repo
echo 'gpgkey=https://packages.cisofy.com/keys/cisofy-software-rpms-public.key' >> /etc/yum.repos.d/cisofy-lynis.repo
echo 'gpgcheck=1' >> /etc/yum.repos.d/cisofy-lynis.repo

Next, update the following packages on your system:

sudo dnf update ca-certificates curl nss openssl -y

Finally, install Lynis with dnf install.

sudo dnf install lynis -y

OpenSUSE

The Lynis tool has a software repository available for all versions of OpenSUSE. Turn it on with the following commands in a terminal window.

sudo rpm --import https://packages.cisofy.com/keys/cisofy-software-rpms-public.key
sudo zypper addrepo --gpgcheck --name "CISOfy Lynis repository" --priority 1 --refresh --type rpm-md https://packages.cisofy.com/community/lynis/rpm/ lynis

With the repo on Suse, it’s time to refresh the system.

sudo zypper refresh

Finish up the setup process by using Zypper to install Lynis.

sudo zypper install lynis

 Generic Linux

The Lynis auditing tool has a generic Tarball for those on Linux distributions that don’t have direct support from the developer. Thankfully, this downloadable Tar archive requires no compilation of any kind. Instead, users just download it and run the program as is.

To install Lynis via a downloadable  Tar archive, use the wget tool and download the package, then extract it.

wget https://downloads.cisofy.com/lynis/lynis-2.6.8.tar.gz
tar -zxvf lynis-2.6.8.tar.gz 

cd lynis

Run the Lynis tool with:

./lynis

Using Lynis

Lynis is a simple tool with a lot of options. For the average user, basic options will do. The most basic (yet comprehensive) operation that the program can do is to do a complete audit of the system. To run the audit, open up a terminal and enter the following command into it.

lynis audit system

Running the above command without any Sudoer privileges will scan many aspects of the system. However, it won’t get everything. Running a full scan requires sudo.

sudo lynis audit system --pentest

Need to save the results for later? Pipe them to a text file.

sudo lynis audit system >> /home/username/Documents/lynis-results.txt

Scan Docker File

Docker is becoming increasingly popular on Linux systems. With all of the pre-made Docker images out there, security breaches are bound to happen. Thankfully, Lynis allows users to scan Docker files and test them for issues. To run a test, try the following command.

lynis audit dockerfile /home/username/path/to/dockerfile

Quick Scan

Lynis can do many different types of scans. A scan that may be useful if you’re in a hurry is the “quick” scan mode. This mode tests basic areas of the system, for fasts results.

Run a quick system audit with:

lynis audit system -Q

Read How To Check The Security Of A Linux PC With Lynis by Derrik Diener on AddictiveTips – Tech tips to make you smarter

Best FREE Network Vulnerability Scanners: Top 6 Tools That Don’t Cost Money

You wouldn’t want your network to become the target of malicious users trying to steal your data or cause damage to your organization. But how can you ascertain that there are as little ways as possible for them to enter? By making sure each and every vulnerability on your network is known, addressed, and fixed or that some measure is in place to mitigate it. And the first step in accomplishing that is to scan your network for those vulnerabilities. This is the job of a specific type of software tool and today, we’re glad to bring you our top 6 best free network vulnerability scanners.

We’ll be starting today’s discussion by talking about network vulnerability–or perhaps vulnerabilities–trying to explain what they are. We’ll next discuss vulnerability scanners in general. We’ll see who needs them and why. Since a vulnerability scanner only works as part of a vulnerability management process, this is what we’ll discuss next. Then, we’ll study how vulnerability scanners typically work. They are all different but at their core, there are usually more similarities than differences. And before we reveal what the best free vulnerability scanners are, we’ll tell you what to look for in them.

Vulnerability 101

Computer systems and networks are more complex than ever. It’s not uncommon for a typical server to be running hundreds of processes. Each of these processes is a program, some of them are big programs containing thousands of lines of code. And within this code, there could be all sorts of unexpected things. A programmer may, at one point, have added some backdoor feature to facilitate debugging and this feature might have mistakenly made it to the final version. There could be some errors in input validation that will cause an unexpected–and undesirable–results under some specific circumstance.

Each of these is a hole and there are numerous people out there who have nothing better to do than to find these holes and use them to attack your systems. Vulnerabilities are what we call these holes. And if left unattended, they can be used by malicious users to gain access to your systems and data–or even worse, your client’s data–or to otherwise cause some damage such as rendering your systems unusable.

Vulnerabilities can be everywhere on your network. They are often found on software running on your servers or their operating systems but they are also common in networking equipment such as switches, routers and even security appliances such as firewalls.

Network Vulnerability Scanners — What They Are And How They Work

Vulnerability scanners or vulnerability assessment tools as they are often called are software tools whose sole purpose is to identify vulnerabilities in your systems, devices, equipment, and software. We call them scanners because they will usually scan your equipment to look for specific vulnerabilities.

But how do they find these vulnerabilities? After all, they are usually not there in plain sight or the developer would have addressed them. Somewhat like virus protection software which use virus definitions databases to recognize computer viruses most vulnerability scanners rely on vulnerability databases and scan systems for specific vulnerabilities. These vulnerability databases can either be sourced from well-known security testing labs which are dedicated to finding vulnerabilities in software and hardware or they can be proprietary databases. The level of detection you get is as good as the vulnerability database that your tool uses.

Network Vulnerability Scanners — Who Needs Them?

The quick and easy answer to this question is simple: You do! No really, everyone needs them. Just like no one in his right mind would think of running a computer without some virus protection, no network administrator should be without at least some vulnerability detection scheme.

Of course, this is possibly something that could be theoretically done manually but practically, this is an impossible job. It would require a tremendous amount of time and human resources. Some organizations are dedicated to finding vulnerabilities and they often employ hundreds of people if not thousands.

The fact is that if you are managing a number of computer systems or devices, you probably need a vulnerability scanner. Complying with regulatory standards such as SOX or PCI-DSS will often mandate that you do. And even if they don’t require it, compliance will be easier to demonstrate if you can show that you are scanning your network for vulnerabilities.

A Word About Vulnerability Management

It’s one thing to detect vulnerabilities using some sort of software tool but it is kind of useless unless it is part of a holistic vulnerability management process. Just like Intrusion Detection systems are not Intrusion Prevention Systems Network vulnerability scanners–or at least the vast majority of them–will only detect vulnerabilities and point them to you.

It is up to you to have some process in place to react to these detected vulnerabilities. The first thing that should be done is to assess them. The idea here is to make sure detected vulnerabilities are real. Makers of vulnerability scanners often prefer to err on the side of caution and many of their tools will report a certain number of false positives.

The next step in the vulnerability management process is to decide how you want to address–and fix–real vulnerabilities. If they were found in a piece of software your organization barely uses–or doesn’t use at all–your best course of action might be to remove and replace it with another software offering similar functionality. In many instances, fixing vulnerabilities is as easy as applying some patch from the software publisher or upgrading to the latest version. At times, they can also be fixed by modifying some configuration setting(s).

What To Look For In Network Vulnerability Scanners

Let’s have a look at some of the most important things to consider when evaluating network vulnerability scanners. First and foremost is the range of devices the tool can scan. This has to match your environment as closely as possible. If, for example, your environment has many Linux servers, you should pick a tool that will scan these. Your scanner should also be as accurate as possible in your environment so as to not drown you in useless notifications and false positives.

Another important factor to consider it the tool’s vulnerability database. Is it updated regularly? Is it stored locally or in the cloud? Do you have to pay additional fees to get the vulnerability database updated? These are all things you’ll want to know before you pick your tool.

Not all scanners are created equal, some will use a more intrusive scanning method than others and will potentially affect system performance. This is not a bad thing as the most intrusive are often the best scanners but if they affect system performance, you’ll want to know about is and schedule the scans accordingly. And talking about scheduling, this is another important aspect of network vulnerability scanners. Does the tool you’re considering even have scheduled scans? Some tools need to be launched manually.

The last important aspect of network vulnerability scanners is their alerting and reporting. What happens when they detect a vulnerability? Is the notification clear and easy to understand? Does the tool provide some insight on how to fix found vulnerabilities? Some tools even have automated remediation of some vulnerabilities. Other integrate with patch management software. As for reporting, this is often a matter of personal preference but you have to ensure that the information you expect to find in the reports is actually there. Some tools only have predefined reports, some will let you modify them, and some will let you create new ones from scratch.

Our Top 6 The Best Network Vulnerability Scanners

Now that we know what to look for in vulnerability scanners, let’s have a look at some of the best or most interesting packages we could find. All but one of them are free and the paid one has a free trial available.

1. SolarWinds Network Configuration Manager (FREE TRIAL)

Our first entry in an interesting piece of software from SolarWinds called the Network Configuration Manager. However, this is neither a free tool nor is it a network vulnerability scanner. So you may be wondering what it is doing in this list. There is one primary reason for its inclusion: the tool addresses a specific type of vulnerability that not many other tools do and that it the misconfiguration of networking equipment.

SolarWinds Network Configuration Manager - Summary Dashboard

FREE TRIAL: SolarWinds Network Configuration Manager

This tool’s primary purpose as a vulnerability scanner is validating network equipment for configurations errors and omissions. It will also periodically check device configurations for changes. This can be useful as some attacks are started by modifying some device configuration in a way that can facilitate access to other systems. The Network Configuration Manager can also help you with network compliance with its automated network configuration tools that can deploy standardized configs, detect out-of-process changes, audit configurations, and even correct violations.

The software integrates with the National Vulnerability Database and has access to the most current CVE’s to identify vulnerabilities in your Cisco devices. It will work with any Cisco device running ASA, IOS, or Nexus OS. In fact, two useful tools, Network Insights for ASA and Network Insights for Nexus are built right into the product.

Pricing for the SolarWinds Network Configuration Manager starts at $2 895 and varies according to the number of nodes. If you’d like to give this tool a try, a free 30-day trial version can be downloaded from SolarWinds.

2. Microsoft Baseline Security Analyzer (MBSA)

Our second entry is an older tool from Microsoft called the Baseline Security Analyser, or MBSA. This tool is a less-than-ideal option for larger organizations but it could be OK for small businesses with only a few servers. Given its Microsoft origin, don’t expect this tool to look at anything but Microsoft products, though. It will scan the base Windows operating system as well as some services such as the Windows Firewall, SQL server, IIS and Microsoft Office applications.

The tool doesn’t scan for specific vulnerabilities like true vulnerability scanners do but it will look for missing patches, service packs and security updates as well as scan systems for administrative issue. The MBSA’s reporting engine will let you get a list of missing updates and misconfigurations

MBSA Report Detail Screenshot

MBSA is an old tool from Microsoft. So old that it is not totally compatible with Windows 10. Version 2.3 will work with the latest version of Windows but will require some tweaking to clean up false positives and to fix checks that can’t be completed. For example, MBSA will falsely report that Windows Update is not enabled on the latest Windows version. Another drawback is that MBSA won’t detect non-Microsoft vulnerabilities or complex vulnerabilities. Still, this tool is simple to use and does its job well and it could be the perfect tool for a smaller organization with only Windows computers.

3. Open Vulnerability Assessment System (OpenVAS)

The Open Vulnerability Assessment System, or OpenVAS, is a framework of many services and tools which combine to offer a comprehensive and powerful vulnerability scanning and management system. The framework behind OpenVAS is part of Greenbone Networks’ vulnerability management solution from which developments have been contributed to the community for about ten years. The system is entirely free and most of its component are open-source although some are proprietary. The OpenVAS scanner comes with over fifty thousand Network Vulnerability Tests which are updated on a regular basis.

OpenVAS 7 Software Architecture

OpenVAS has two main components, the OpenVAS scanner, which is responsible for the actual scanning of target computers and the OpenVAS manager, which controls the scanner, consolidates results, and stores them in a central SQL database along with the system’s configuration. Other components include browser-based and command-line user interfaces. An additional component of the system is the Network Vulnerability Tests database. This database is updated from either the fee Greenborne Community Feed or the Greenborne Security Feed. The latter is a paid subscription server while the community feed is free.

4. Retina Network Community

Thre Retina Network Community is the free version of the Retina Network Security Scanner from AboveTrust, one of the best-known vulnerability scanner. It is a comprehensive vulnerability scanner with many features. The tool can perform a free vulnerability assessment of missing patches, zero-day vulnerabilities, and non-secure configurations. User profiles aligned with job functions simplify the operation of the system. Its metro styled intuitive user interface allows for a streamlined operation of the system.

Retina Network Community Screenshot

Retina Network Community uses the Retina scanner’s database, an extensive database of network vulnerabilities, configuration issues, and missing patches. It is automatically updated and covers a wide range of operating systems, devices, applications, and virtual environments. Talking about virtual environments, the product fully supports VMware environments and includes online and offline virtual image scanning, virtual application scanning, and integration with vCenter.

The main limitation of the Retina Network Community is that it’s limited to scanning 256 IP addresses. While this is not much, it will be more than enough for several smaller organizations. If your environment is bigger than that, you can opt for the Retina Network Security Scanner, available in Standard and Unlimited editions. Both editions have an extended feature set compared to the Retina Network Community scanner.

5. Nexpose Community Edition

Nexpose from Rapid7 is another well-known vulnerability scanner although perhaps less than Retina. The Nexpose Community Edition is a limited version of Rapid7’s comprehensive vulnerability scanner. The limitations are important. First and foremost, you can only use the product to scan a maximum of 32 IP addresses. This makes it a good option only for the smallest of networks. Furthermore, the product can only be used for one year. Besides these limitations, this is an excellent product.

Nexppose Community Edition Screenshot

Nexpose can run on physical machines running either Windows or Linux. It is also available as a VM appliance. The product’s extensive scanning capabilities will handle networks, operating systems, web applications, databases, and virtual environments. Nexpose uses what it calls Adaptive Security which can automatically detect and assess new devices and new vulnerabilities the moment they access your network. This combines with dynamic connections to VMware and AWS and integration with the Sonar research project to provide true live monitoring. Nexpose provides integrated policy scanning to assist in complying to popular standards like CIS and NIST. The tool’s Intuitive remediation reports give step-by-step instructions on remediation actions to quickly improve compliance.

6. SecureCheq

Our last entry is a product from Tripwire, another household name in IT security. Its SecureCheq software is advertised as a free Microsoft Windows configuration security checker for desktops and servers. The tool performs local scans on Windows computers and identifies insecure Windows advanced settings as defined by CIS, ISO or COBIT standards. It will seek about two dozen common configuration errors related to security.

Tripwire SecureCheq Screenshot

This is a simple tool that is easy to use. You simply run it on the local machine and it will list al the checked settings with a pass or fail status. Clicking on any of the listed settings reveals a summary of the vulnerability with references on how to fix it. The report can be printed or saved as an OVAL XML file.

Although SecureCheq scans for some advanced configuration settings, it misses many of the more general vulnerabilities and threats. Your best bet is to use it in combination with a more basic tool such as the Microsoft Baseline Security Analyzer reviewed above.

Read Best FREE Network Vulnerability Scanners: Top 6 Tools That Don’t Cost Money by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

How To Disable The Root Account On Linux

Disabling the root account on a Linux system might seem crazy, but that’s where you’re wrong. As it turns out, the disabling of the root user is a solid security measure.  In fact, many Linux operating system developers agree on the root user subject, and it’s increasingly common disable the root account on these systems.

A system without a direct line to the root user isn’t immune to attack, though chances are are greatly reduced that an attacker can get in to the system and totally mess it up. This is mainly because even with access to sudo, certain areas of the system are not modifiable if you disable the root account on Linux.

Pre-requisites

Before going on to disable the root account on the system, a few things need taking care of. The first step in this process is to make sure that all users with the ability to run commands as sudo have a secure password. Having a weak user password will negate securing the root account, and that’s bad news.

The quickest way to secure a user account is to simply change the password. To do this, open up a new terminal and run the passwd command, along with your username. Doing this will force the system to reset to a new password that the user enters.

sudo passwd username

In the “enter new UNIX password” prompt, enter a system password that is memorable and not a dictionary word. Additionally, try not to reuse old passwords.

Having a hard time finding a good password to secure your user account? Try out Secure Password Generator. It specializes in making smart, secure passwords for free!

Now that usernames with access to sudo have secure passwords, it’s time to review the sudoers file. Check out our guide here and learn how to disable sudo access for any accounts you believe unworthy to run root-level commands.

Disable The Root Account

Disabling the root account requires some form of superuser access. Luckily, disabling and scrambling the password doesn’t specifically require logging in as the root user. Instead, any user on the system with access to sudo will work. To gain a root terminal shell without logging in as the root system user, do the following in a terminal window:

sudo -s

Running sudo -s allows any user with the correct privileges to access root and execute system-level commands, much like a root user can.

In the terminal, use the passwd command and disable the account so that no users on the system have the ability to log in to it.

passwd -l root

Locking the account is a solid way to secure the root account. However, it is not the only way to secure it. If you feel like locking won’t be effective enough, scrambling and giving the account an unusable password is the way to go. To scramble the root account, enter the following command in a terminal:

usermod -p '!' root

Scrambling the password is instant. As soon as the usermod command finishes, the root password is inaccessible.

Done locking the root account up? Exit the superuser shell with the exit command to finish up the process.

Re-enabling Root

Having the root account disabled is good security practice. Still, having access to it has its perks. Mainly, the ability to modify your Linux system to its full potential. If you’ve decided to turn the root account on your Linux PC back on, the process is easy to reverse.

In the terminal, run sudo -s, like last time. Doing this gives the terminal superuser access. From here, it’ll be possible to de-scramble the password.

Using the passwd command, unlock the Root account.

passwd root

Running the passwd root command forces a password reset. Be sure to set the new root password to something secure. When the password is done re-setting, log out of the terminal with the exit command.

Root – Best Practices

Disabling root (or at least securing the password) is a good start, but not enough in terms of security. If you want to truly protect your Linux system, try following these basic steps:

  1. Ensure that your root password is no shorter than 14 characters long. Having a long password makes it harder to guess.
  2. Never use the same password for a user account and the root account.
  3. Change passwords every month or so, on every account, including root.
  4. Always use numbers, as well as upper/lower case letters and symbols in passwords.
  5. Create special administrator accounts with sudoer privileges for users that need to run superuser commands, rather than giving out the system password.
  6. Keep your SSH keys secret and only allow trustworthy users to log in as root over SSH.
  7. Enable two-factor authentication during login to prevent your system from being tampered with.
  8. Make full use of the Linux firewall on your system.

Read How To Disable The Root Account On Linux by Derrik Diener on AddictiveTips – Tech tips to make you smarter

10 Best Web Application Firewalls (WAFs) Reviewed in 2018

Web Application Firewalls–or WAFs–are a relatively new kind of firewall. They don’t just block or allow traffic based on IP addresses and ports. They go a step further to analyze traffic and make decisions based on a set of predefined business rules. As their name implies, their main purpose is to secure web-based applications. Choosing a Web Application Firewall can be a daunting task. They exist either as a cloud-based service or as an appliance, each with its advantages and shortcomings. That’s why we’ve compiled this list of the 10 best Web Application Firewalls. It will help you evaluate product features from different vendors.

In this article, we’ll start off with a discussion on Web Applications Firewalls, what they are and what purpose they serve. We’ll then compare cloud-based and appliance-based systems and list the pros and cons of each. As you’ll see, it’s more than just a philosophical choice. After we’re done explaining the basics of WAFs, we’ll dive into the core of our subject and present not one but two lists. First, we’ll review the best five cloud-based WAFs and next we’ll have a look at the best five WAF appliances.

WAFs In A Nutshell

As we stated in our introduction a Web Application Firewall is a special kind of device. It can be used to secure web-based applications far better than what’s possible with standard firewalls. A typical WAF will protect a website against several types of attacks such as cross-site scripting, cookie poisoning, web scraping, parameter tampering, buffer overflow and many more types of vulnerabilities.

Contrary to traditional firewalls which base their decision to allow or block traffic on simple parameters such as IP address or port number, WAFs mostly base their decision on an in-depth analysis of the HTML data. They examine requests trying to recognize malicious behavior patterns. They will also decrypt HTTPS traffic to ensure no malicious code is inserted in encrypted packets. Web Application Firewalls will be on the lookout for known malware signatures but they will also intercept any malformed or non-standard requests for the best possible protection.

By itself, a Web Application Firewall will offer a good degree of protection but it is when you bundle it with other protection systems such as standard firewalls or virus protection software that you’ll get the best coverage against the greatest number of threats. More than ever, network administrators need to adopt a holistic approach to malware prevention.

Cloud-Based Or Appliance?

There are essentially two types of Web Application Firewalls. WAFs can be either cloud-based or run as an appliance. Cloud-based WAFs are hosted by the vendor. All requests to your website are redirected–through the magic of DNS–to your WAF instance where it is verified before being forwarded to your actual site.

Appliance WAFs are hardware devices. They are specialized computers, typically with no user interface such as a screen and keyboard that run a custom operating system and the Web Application Firewall software. They are typically installed within your data center and are located between your traditional firewall and your web servers where they intercept requests going to them.

Cloud-Based WAFs Pros And Cons

On the plus side, a cloud-based solution requires no maintenance as it is handled by the vendor. These solutions typically have built-in redundancy or high availability features. The vendor also typically handles system backups. Another advantage is that the WAF service can often be paired with other services from the same vendor. You could, for example, combine the content distribution and WAF features of a single provider for a seamlessly integrated solution.

But cloud-based WAFs also have a few drawbacks. One of the most important is that they could lock you with a single provider for many services. Since all traffic to your website has to be redirected to the cloud provider, you almost have no other option but to use their other security services such as a traditional firewall.

WAF Appliances Pros And Cons

The main advantage of WAF appliances is that you keep everything in-house. It gives you complete control over every detail of your infrastructure. It also means that you’re free to choose different components from different vendors.

On the downside, using an appliance means that you have to maintain it. And you’ll have to upgrade it as your traffic increases. Using a hardware solution also means a much higher upfront cost as all the equipment must be acquired from the start. Ultimately, the choice is up to you but you should possibly let your specific needs guide you rather than first picking one type of installation.

Our Top 5 Best Cloud-Based WAFs

We’ve compiled a list of the five best could-based Web Application Firewalls. They’re all from reputable suppliers and offer great value for your money. We can’t really recommend one over the others as they’re all excellent products.

1. Cloudflare WAF

Cloudflare WAF Screenshot

 

Cloudflare has gained an excellent reputation for protecting web servers against DDoS attacks. Its service offering also features a Web Application Firewall. The service already has a huge customer base and its servers currently handle close to three million requests per second. And if you visit Cloudflare’s website, you’ll see that over 400 million WAF rules were triggered on the last day.

One of the primary benefits of using a cloud service with such a broad customer base is that you can benefit from intelligence acquired from other clients. For instance, if an attack attempt is detected at another client, a new signature will be created and applied to all clients. Another benefit of Cloudflare’s solution is that they also offer content delivery and DDoS protection.

2. Akamai Kona Site Defender

Kona Site Defender

Akamai is the world leader in content delivery systems. Throughout the years, the company has added more functionalities to its offering. Kona Site Defender, as their WAF is called, is one of them. The Web Application Firewall integrates full DDoS protection. And of course, the WAF service can also easily be combined with other Akamai services such as the Content Delivery Network. Once your traffic is redirected to Akamai, you might as well take advantage of it and use as many services as you need.

Due to its size and client base, Akamai often discovers new exploits sooner than other vendors. As a Kona Site Defender user, you benefit from this competitive edge and effectively get a stronger protection with potentially better blockage of zero-day exploits.

3. F5 Silverline

F5 Silverline WAF Architecture

F5 is often better known for its BIG-IP appliances than its cloud services. In a nutshell, F5 Silverline is the online version of the company’s excellent BIG-IP ASM appliance reviewed below. It is available as a managed service or as what F5 refers to as an express self-service to protect web applications and data from ever-evolving threats. Subscriptions can have a one year or three-year duration. 24-hour live support is included with the service.

One major advantage of this cloud-based service is that it can protect a distributed or cloud-hosted infrastructure. The protection includes layer 7 DDoS shielding and will also block anonymized addresses like those which are part of the Tor network. The system also uses a live blacklist of known phishing practitioners and web scrapers. And since this blacklist is shared by all customers, you benefit from any intelligence gained with another client.

4. Amazon Web Services WAF

AWS WAF Diagram

Amazon Web Services–or AWS–is the universally-known online marketplace’s cloud-based hosting service. It capitalizes on Amazon’s huge distributed infrastructure to offer hosting services. If you’re a client of the Amazon Web Services, the AWS WAF might be for you. Amazon Web Service also offers load-balancing and content delivery service.

The pricing model of the Amazon Web Services WAF is different from other vendors. Instead of paying a predefined sum each month, you are invoiced for each security rule that you add to your service and for the number of web requests that are received each month. The best thing about this is that you don’t have to pay right away for some future growth. It is also very interesting to organizations with seasonal peaks.

5. Imperva Incapsula

Imperva Incapsula Screenshot

Imperva is another common name in the IT security field. The Incapsula cloud-based Web Application Firewall Imperva’s managed service for protecting from application layer attacks, including all Open Web Application Security Project top 10 attacks and zero-day threats. The service is PCI-certified and highly customizable. It is also highly effective and will block most threats with minimal false positives.

Incapsula is one of the cheapest cloud-based WAF solutions you can find. Plans start as low as $300 per month. One great feature of Incapsula is that in addition to a more “traditional” WAF, the system also surveys your servers and will send patches to address found issues providing a better protection for your web applications. You can, of course, schedule patches to be applied at whatever time you chose to reduce your operational impacts.

Our Top 5 Best WAF Appliances

Just like our top 5 cloud-based WAF solutions were all from well-known vendors, so is the case with our WAF appliances. They are from some of the most reputable security equipment vendors. And just like our previous list, this one has nothing but the best. Note that most vendors of WAF appliances also offer a cloud-based service.

1. Imperva SecureSphere

Imperva Securesphere

Imperva is one of the two vendors who made it into both of our lists. Its SecureSphere WAF targets smaller installations. The various units they propose vary in throughput from 100 Mbps to 10 Gbps with the smallest able to process 440 SSL transactions per second and the larger some 9000. A mid-tier unit, the X2020 has a throughput of 500 Mbps, will process 2000 SSL transactions per second and will set you back some $4200.

If you pick one of the top-tier models, you’ll be glad to learn that they are upgradable to the next bigger model. For example, the X821 can be upgraded to an X 10K, effectively doubling its capacity. And upgrading only requires purchasing proper software patch and license. No costly hardware upgrades are required.

2. Barracuda Web Application Firewall

Barracuda WAF

Barracuda is another well-respected name in the field of IT security. It proposes an excellent WAF solution which is perfectly suited for small and mid-sized organizations. The Barracuda appliances are somewhat more expensive than their competitor’s but they come with one year of free updates. And about updates, they take place frequently, whenever a new threat is identified.

The Barracuda WAF appliance also has a few extra features. For instance, it offers caching for faster content delivery. Load balancing between multiple servers is another available feature. You can even add full DDoS protection. Like most other WAF appliances, the Barracuda WAAF is available in several sizes. An average device like the Model 360 will cost you about $6350 and give you 25 Mbps of throughput and 2000 SSL transactions per second.

3. Citrix Netscaler Application Firewall

Citrix Netscaler MPX 7500

The Citrix Netscaler is an immensely popular load balancing appliance. If you’re already using them, you’ll be glad to know that you can also use some of them as a Web Application Firewall. The functionality is only available in the top NetSclaer MPX appliances or the NetScaler Cloud Service. And furthermore, you’ll need to purchase the top-tier Platinum license to get it for free although it is also available as an option with the Enterprise license.

The biggest advantage of the NetScaler WAF is that you get state of the art load balancing and security in one box. This is a premium system and it comes at a premium price. You can expect to pay around $4000 for the smallest model, the MPX 5550 with a throughput of 500 Mbps and up to 1500 SSL transactions per second.

4. Fortinet FortiWeb

FortiNet FortiWeb 100d

The FortiWeb appliance from Fortinet is better suited for smaller to mid-size organizations. The appliance integrates WAF, load balancing, and an SSL offloading functionality. One of the best–and newest– features of the FortiWeb appliance is the two-step AI-based machine learning which improves attack detection accuracy. it nearly creates a “Set and Forget” Web Application Firewall

The FortiWeb appliance will protect your infrastructure from the latest application vulnerabilities, bots, and suspicious URLs. And its dual machine learning detection engines keep your applications safe from all sorts of threats like SQL injection, cross-site scripting, buffer overflows, cookie poisoning, malicious sources, and DDoS attacks. There are eight different FortiWeb models to choose from, each with increasing capacity. They range from the entry-level 100D at 25 Mbps to the top model 4000E with 20Gbps of throughput.

5. F5 BIG-IP Application Security Manager (ASM)

F5 BIG-IP ASM 4200V

Last but not least is the F5 BIG-IP ASM appliance. You might know F5 as one of Citrix’s primary competitors. They’re well-known for their top-notch load balancers.  This is an appliance which targets larger businesses.

The F5 BIG-IP ASM threat protection uses deep threat analysis and dynamic learning, you barely have any configuration to do and yet you can be assured that your infrastructure is adequately protected. Another interesting feature of the F5 BIG-IP ASM is SSL offloading. The device will handle the SSL encryption and decryption on the fly, allowing your web servers to concentrate on what they do best, serve web pages.

In Conclusion

With so many products and services to choose from, picking the right WAF solution can turn out to be a handful. They are expensive systems and they often require considerable efforts–and training–to set up and configure correctly. This is probably not something you’ll want to do twice just to try many different products. Make sure you precisely identify your needs and your growth projection and chances are you’ll be in a better position to choose the WAF that suits you best.

Read 10 Best Web Application Firewalls (WAFs) Reviewed in 2018 by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter