Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  What are Imperva best practices?

    Posted 12-29-2021 21:18
    Edited by Oliver Naabay 12-29-2021 21:18
    Hi,

    Is Imperva have any link to check for best practices/recommendations? Like for the below list.

    1. Deny Ping/ICMP from Internet and Intranet
    2. Allow only HTTPS access to WebUI and SSH only to CLI
    3. HTTP WebUI redirection


    Thank you.
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Oliver Naabay
    Engineer
    Makati
    ------------------------------


  • 2.  RE: What are Imperva best practices?

    Posted 01-26-2022 09:40

    Hi Oliver,

    Thank you for posting. Here are the recommended steps and links. I hope this helps.

    1. Deny Ping/ICMP from Internet and Intranet

    Ans : The default ping function should be disabled and you could try to ping the appliance internally see if it's successful, and below KB articles are for your reference about it.

    https://docs.imperva.com/howto/96be137c
    https://docs.imperva.com/howto/a068d155

     

    1. Allow only HTTPS access to WebUI and SSH only to CLI

    Ans: http access is typically closed to the appliance - you can check this with the nmap tool and scan for open ports.

     

    For SSH related, you may refer to below KB for your reference, you could disable the weak cipher to enhance the connection.

    https://docs.imperva.com/howto/520a2ccf

     

    1. HTTP WebUI redirection

    Ans: Upon checking, the appliance(MX) UI doesn't have a http redirection function, instead of it, users must use Https to reach the site for a more secure connection. 

    Thanks,




  • 3.  RE: What are Imperva best practices?

    Posted 01-26-2022 10:00

    THanks, Gerard.

    @Oliver Naabay - Just a heads up that we have a great webinar on WAF Gateway tomorrow that you may find interesting. You can RSVP below...

    WAF Gateway for Cloud-Native Environment


    ​​

    ------------------------------
    Sarah Lamont(csp)
    Digital Community Manager
    ------------------------------



  • 4.  RE: What are Imperva best practices?

    Posted 01-27-2022 07:40
    Edited by Oliver Naabay 01-27-2022 07:41
    Hi @Gerard Auld

    Thank you very much.


    Hi @Sarah Lamont

    This is noted. Thank you.




    ------------------------------
    Oliver Naabay
    Engineer
    Makati
    ------------------------------



  • 5.  RE: What are Imperva best practices?

    Posted 02-07-2022 09:48
    Edited by Jaired Anderson 02-07-2022 09:48
    Hi Oliver,

    The SecureSphere appliances are hardened by default. (for example, by default the appliances do not respond to ICMP)

    The additional details on hardening are not published publicly, however, if you open a support ticket you may receive additional details.


    Thanks.