Which security strategy takes more time: configuration or coding?
Published Sep 29, 2008
Version 1.0Was this article helpful?
Well, there are some aspects of a WAF, really any security device, that really are zero configuration. Layer 4 & 7 DoS attacks, SYN floods, etc...are generally zero config.
But for the really cool stuff, the WAF has to learn or be told what URLs to protect, and then you either want to loosen or tighten up the restrictions on parameters depending on the app - all of which requires some configuration.
Hey, I think we actually agree on this one. I better check outside and see how cold it is... ;-)
Lori