Imperva Cyber Community

https://unsplash.com/photos/Xr1Lwph6eGI

Open source tools make security management easy for customers who manage multiple sites.

Imperva security products have earned an excellent reputation helping organizations mitigate cybercrime risks and defend against malicious bots.

Imperva’s Cloud WAF solution has proven itself to be a powerful tool for managing and customizing protection states for web assets. Although it does its job extraordinarily well, specific use cases can always call for improvements.

One of the use cases we commonly encounter is the security professional managing multiple sites in a single Cloud WAF instance.

The more sites you add to your Cloud WAF instance, the more time-consuming it can be to quickly identify discrepancies in your websites’ protection states. There is a considerable difference between manually checking protection states for a handful of websites and checking states for several dozen.

This is where open source tools on the Imperva GitHub repository can help. The one we’re going to talk about today is called site-protection-viewer. It gives you the ability to quickly view a summary of your entire catalog of protected websites using the Cloud WAF API.

How Site-Protection-Viewer Works

The fundamental premise of site-protection-viewer is giving security professionals an all-in-one overview of the security status of every website under protection. It presents this data in table format, making it easy to pinpoint discrepancies and identify areas that need additional attention.

To get a more in-depth look, watch this webinar on Cloud WAF Reports, and a Tool that Simplifies the Usage of the Reputation Intelligence Service
 

Some of the items of information that site-protection-viewer shows include:

• Fully Configured. This section tells you whether the corresponding website has been fully configured or not. 

• Block Bad Bots. Easily see whether the corresponding website has been configured to block malicious bots automatically.

• Challenge Suspected. Find out if the corresponding website is set to automatically challenge suspicious users with Javascript requests or CAPTCHAs.

• Backdoor Protection. Quickly see if the corresponding website is configured to transparently detect, isolate, and disable backdoor shell attacks and exploitation attempts.

• Remote File Inclusion. This section shows whether the website is configured to protect against vulnerabilities that rely on dynamically referencing external scripts.

• SQL Injection. This section shows whether the corresponding website is configured to protect against malicious attempts to use SQL code to manipulate back-end databases.

• Cross Site Scripting. Find out if your website applications are protected against attacks that rely on injecting client-side scripts into web pages viewed by legitimate users.

• Illegal Resource Access. Easily discover whether your website has been configured to protect against users with illegal access to vulnerable or administrative pages, or the ability to view and execute system files.

• DDoS Activity. Here you can see whether your website is configured to protect against distributed denial-of-service (DDoS) attacks.

• Volumetric DDoS. Imperva uses special mitigation services for volumetric DDoS attacks. You can check whether these services have been configured here.

• Origin Server Protected. Discover whether your origin server is exposed to direct-to-origin DDoS attacks.

You can view more comprehensive information about all of your websites by tagging the showFullDetails flag to “true” in the settings file. This will show you additional data about your settings, the origins server protocols, and the codes generated by direct-to-origin attack attempts.

Ensuring Protection Against Direct-to-Origin Attacks

This is an easy way to make sure that all of your websites are protected against direct-to-origin attacks. Even though all of your website’s Cloud WAF-directed traffic is inspected, scrubbed, and verified before being sent to your servers, there are still ways to bypass these defenses.

Site-protection-viewer makes it easy to determine whether your origin server is protected, and whether your websites are restricting traffic from non-Imperva networks or not.

With Imperva Cloud WAF, all legitimate website traffic comes from Imperva’s servers. IP Protection ensures that attackers with access to your original server IP address cannot trace you down and attack your websites by circumventing the cloud WAF.

How to Install site-protection-viewer

Installing site-protection-viewer is easy. First you need to install nodejs. This open-source, cross-platform JavaScript framework ensures that you all of the resources you need to run the application and make API calls through Imperva’s Cloud WAF software.

Once you have installed nodejs, download the project files from the site-protection-viewer github repository and save them on a local directory.

Open a command prompt inside the project directory and run ‘npm install’. The command prompt will require you to configure some parameters in order to finish the installation.

Once you finish this step, run the ‘node spv’ command in the same project directory. This will output site-protection-viewer files in the configured directory, making it ready to use.