Brute force WAF NGAF

views: 1241 | comments: 11 | added to Favorites 0

Lights on | 提示：支持键盘翻页<-左右->

Topic

admin last was approved 07 Mar 2024 08:51

favianbayu

Created: 05 Mar 2024 18:05

Summary:

Hi there, So we are implementing WAF on our NGAFThe issue is Bruteforce is not enforced on our Sangfor. We set for brute force on Web-based Login password setting on the WAF policy template Basical ...

Reply

Newbie290036 Posted 15 Mar 2024 03:25

To enforce Brute Force protection on your Sangfor NGAF, follow these steps:

1. Log in to the Sangfor NGAF web interface.
2. Navigate to the "Security" module and then click on "Web Application Firewall (WAF)".
3. In the WAF management page, select the "Policy Template" option from the left sidebar.
4. Find the policy template you wish to modify or create a new one if needed.
5. Click on the "Edit" button associated with the selected policy template.
6. Under the "Security Policy" section, locate the "Web-based Login Password" option.
7. Enable the "Brute Force Protection" feature by clicking the checkbox or moving the toggle to the "On" position.
8. Configure additional settings, such as the number of failed login attempts before the protection kicks in, the lockout duration, and the allowed login speed, as per your requirements.
9. Click "OK" to save the changes.
10. Apply the updated policy template to the relevant interfaces or zones within your NGAF configuration.

Farina Ahmed Posted 14 Mar 2024 13:49

If brute force protection is not being enforced on your Sangfor NGAF (Next-Generation Application Firewall) despite configuring it in the WAF (Web Application Firewall) policy template for web-based login passwords, it's essential to ensure that the settings are properly configured and activated within the NGAF's interface. Double-check that the WAF policy template is correctly applied to the relevant web-based login services and that the brute force protection parameters, such as threshold limits and blocking actions, are appropriately configured to trigger enforcement actions upon detection of suspicious login attempts.

pmateus Posted 12 Mar 2024 19:34

Hi,
DDOS is not supported, but you can apply some configuration that will help you, like:
•  Limit Failed Login Attempts
•  Complex Password Policies
•  Two-Factor Authentication (2FA)
•  Monitor and Alert
•  VPN Path Configuration
•  Endpoint Protection

Hope this helps,

Zonger Posted 12 Mar 2024 18:46

More information is required, however, to be precise DDOS is not supported by Sangfor NGAF

Newbie517762 Posted 12 Mar 2024 17:41

This is facing an issue with brute force detection not working effectively after changing the cookie structure on their Sangfor WAF. They are solutions and best practices to mitigate brute force attacks.

Solutions:

Update cookie validation logic to consider the updated cookie structure.
Check cookie expiration time to ensure effectiveness in detecting ongoing attacks.
Implement IP address-based blocking as an additional security measure.
Enable two-factor authentication (2FA) for user accounts.
Use rate limiting to restrict login attempts from a single source.
Incorporate CAPTCHAs to distinguish legitimate users from automated bots.

Best Practices:

Use strong passwords and enforce regular password changes.
Implement account lockout policies after failed login attempts.
Monitor logs for suspicious activities and investigate anomalies.
Keep software and security patches up to date.
Educate users about security best practices.

Prosi Posted 12 Mar 2024 16:32

Use Strong Passwords.
Limit Login Attempts.
Monitor IP addresses.
Use Two-Factor Authentication (2FA).
Use CAPTCHAs.
Disable Root SSH Logins
Use Web Application Firewalls (WAFs)

Enrico Vanzetto Posted 12 Mar 2024 16:25

Hi, try to follow this steps:

Identify the Login Page URI and User Identification Method:
Determine the specific Uniform Resource Identifier (URI) for your login page.
Choose whether user identification will be based on usernames or IP addresses.

Create a Web Application Firewall (WAF) Policy:
Set up a WAF policy specifically for your login page URI.
Define the rules and actions that will govern traffic to this page.

Configure a Brute-Force Rule:
Within the WAF policy, create a rule to detect and handle brute-force attacks.
Set a threshold (e.g., 5 login attempts within 1 hour) for triggering this rule.
Specify a blocking action (e.g., temporary IP block) to prevent further malicious attempts.

Consider Enabling IP Reputation Filtering:
If you have a Next-Generation Firewall (NGAF), explore enabling IP reputation filtering.
This feature helps block traffic from known malicious IP addresses.

Rate Limiting Rules (Optional):
Extend your WAF policy by configuring rate limiting rules.
These rules can further restrict login attempts based on specific criteria.

Set Session Timeouts:
Implement session timeouts within your web application.
Define how long a user session remains active before automatic logout.

Christian Ni Posted 12 Mar 2024 16:05

Can you please give more information about the problem. The DDOS of WAF is not like the full blown DDOS solutions.

Mar Estonido Posted 12 Mar 2024 16:04

DDOS is not supported by Sanfor WAF. The only supported is DOS

mdamores Posted 12 Mar 2024 14:15

Hi,

Have you the below configuration?

1. Identify your login page URI and user identification method (username or IP).
2. Create a WAF policy for the login page URI.
3. Within the policy, configure a brute-force rule with a threshold (e.g., 5 attempts within 1 hour) and a 4. blocking action (e.g., temporary IP block).
5. Consider enabling IP reputation filtering on your NGAF to block malicious IPs.
6. Try to configure rate limiting rules on the WAF policy to further restrict login attempts as an option
7. Set session timeouts on your web application.

If all else fail, you may consider consulting Sangfor WAF documentation or Sangfor support for specific configuration instructions and available brute-force protection features.

Sangfor Community Terms of Use

Last updated: July 2020

Sangfor Technologies ("Sangfor") welcomes you.

The Sangfor Community ("Community"), developed by Sangfor, is provided to enable users to share knowledge, exchange comments and suggestions on Sangfor products.

This Terms of Use is an agreement between you and Sangfor Community on requirements for users during access to the Community and on liability held by Sangfor on managing user's access. Please read the Terms of Use carefully. If you do not agree to all the terms, you may not access the Community. By registering on the Community site, using or visiting the Community, you agree to all the terms in this Terms of Use.

Requirements for Posting Topic

1. Topic Title is Clear
You are expected to write a topic title clearly to make it easy to understand, rather than offering a meaningless or ambiguous title.
2. Question is Specific
The content is specific and detailed when you are posting a topic or reply. The more detailed the topic, the more easily and accurately others can understand.
3. Such a Topic Does Not Exist
Before posting a question or suggestion topic, check whether similar topic already exists. You may post a second one if the existing answers are unsatisfying.
4. Topic Category is Accurate
Check whether the topic is categorized correctly. Choosing a correct category can help you receive a satisfying answer more quickly.
5. Choose A Best Answer
If there is any answer that you think is the best, choose one.
6. Show Gratitude
You are expected to show gratitude to the members who have replied to your question. Pick a best answer and make positive comments on other replies to show your respect for their help.
7. Mutual Respect
Post a topic in a friendly tone, instead of in a blaming or reproaching tone. You may not mock or look down upon repliers but appreciate them in writing answers sincerely.

Contents Approval and Block

1. Blocked Contents
Topics or replies containing any item listed below will be blocked:
a) Content related to product price and specification that are offered through presale hotline or other where online. i.e., How much is an IAM-1200 unit? How high a bandwidth is supported?
b) Contact information, i.e., contact me through QQ account 12345678.
c) Tendency to sell, resell, buy commodities or give gifts, i.e., Any one wants to buy a second-hand device?
d) Misleading or derogatory remarks related to ethnic minorities.
e) Duplicate contents submitted in a short period of time.
f) Job recruitment or hunting contents.
g) Real product information such as customer name, IP address of device, etc. i.e., Customer: XXX Company, Device IP address: 1.1.1.1

2. Prohibited Contents
Postings (topics, posts, comments and articles) containing any items of the following are prohibited and will be deleted.
a) Contents involving pornography, violence or terror, including:
Any content that describes sex organs, behaviors or psychology in detail.
Any content that propagates pornographic images or materials.
Any content that describes violent behaviors, experience and feelings in detail.
Any content that describes terrorist incidents and subjective opinions in detail.
Any content that induces others to meet face to face and have sex or to engage in prostitution.
Any content that tries to hire or induce others to engage in violent activities.
Any content that threatens others.
Any hyperlink linked to any item above.

b) Advertising, massive or duplicate contents linked to a same website, with any of the following purposes:
Boosting web traffic by guiding others to visit certain website or forum.
Engaging in transactions of any item (including virtual commodity, currency, etc.) in the name of certain profit organization or individual.
Advertising or organizing pyramid selling.
Any hyperlink linked to any item above.

c) Reactionary contents, including:
Any content that shows negative views on the current laws and regulations governing the nation.
Any content that disturbs public order or provokes dispute against a nationality, race, religion, region, etc.
Any content that attacks government sectors and officials, propagates feudal superstition and evil cults.
Any hyperlink linked to any item above.

d) Content involves personal attack, defamatory and fraudulent information, including:
Any content that infringes on legal rights of others such as rights of portrait and privacy, humiliates others and cause physical and mental harm to them.
Any content that impairs the reputation of social communities or organizations.
Any hyperlink linked to any item above.

e) Content violates ethics rules, including:
Any content that violates ethics rules and propagates negative values.
Any content that induces others to commit suicide or describes methods of committing suicide in detail.
Any content that discriminates against and disparages the weak, such as the disabled, the elderly and the poor.
Any content that teaches others how to infringe on other's rights, for example, how to hack others' computers, how to cheat others.
Any content that propagates or encourages unethical acts such as teacher-student love affairs, extramarital affairs, incest, etc.
Any content that makes others repulsive or unpleasant.
Any hyperlink linked to any item above.

f) Malicious, meaningless, irrelevant contents, including:
Malicious, meaningless or irrelevant discussion topics.
Replies contain contents or format of contents that make others unable to browse posts.
Duplicate question topics posted in a short period of time.
Duplicate replies to different question topics, which are irrelevant.
Meaningless questions or answers.
Repetitive and valueless coin transfers from one ID to another.
Other irrelevant and meaningless contents.

g) Content involves crime and violation of laws or propagates criminal offenses, including:
Any content that induces or gathers others to engage in gambling activities or propagates bribery.
Any content that contains fraudulent information.
Any content that goes against laws or regulations of the People's Republic of China.
Any hyperlink linked to any item above.

h) Other contents that may violate any law or regulation
Such as content that violates regulations prescribed in Measures for Security Protection Administration of the International Networking of Computer Information Networks, Administrative Measures for Internet Information Services, Management Provisions on Electronic Bulletin Services in Internet, Decision of Preserving Computer Network Security, Administrative Provisions for the Internet News Information Services, or disseminate, spread or transmit any kinds of the following information by other means, including:
Any content that is against the basic principles prescribed and set by the Constitution in the People's Republic of China.
Any content that undermines state security, discloses state secret, subverts government or impairs national unity.
Any content that harms the reputation and interests of the nation.
Any content that incites ethnic hatred or ethnic discrimination or harms the national unity.
Any content that destructs the state's religious policies or propagates evil cult and feudal superstition.
Any content that spreads rumors, disrupts public order, or endangers social stability.
Any content that spreads obscenity, pornography, gambling, violence, murder and terror, or instigates others to commit any crime.
Any content that insults or slanders others or infringes upon legal rights of others.
Any content that incites unlawful assembly, association, procession, demonstration, or gather crowds to disturb public order.
Any act of participating in or organizing activities in the name of unlawful non-government organizations.
Any fraudulent, harmful, threatening, harassing, slandering, vulgar, obscene, or repulsive content.
Other contents restricted or prohibited by any or applicable laws or regulations and effective conventions in the People's Republic of China.

i) Other improper contents

Account Management

Sangfor reserves the right to delete accounts with which users conduct any of the following inappropriate acts:
1. Posting topic or reply that contains any item listed in Blocked Contents or in Prohibited Contents.
2. Discourteous acts, including but not limited to copying, personal attack, disguising as administrator or damaging administrator's reputation, disguising as other members or stealing others' accounts, or using others' signatures, or contents or format of contents in post that make others unable to browse posts properly, or other acts that disturb public order.

Criticisms and Suggestions

Sangfor strives to create an open and integrated platform with joint efforts of all the members and welcomes valuable suggestions and advice, as well as criticisms on Sangfor and Sangfor products. Your feedback in the Community will be replied in time and forwarded to specific department of Sangfor and be solved as soon as possible. However, prohibited contents of deliberate attack against Sangfor and Sangfor products, once discovered, will be deleted immediately.

1. Constructive Suggestions and Criticisms
a) Point out existing bugs or issues of a certain product.
b) List strengths and weaknesses of Sangfor product by comparing with other vendors' products and give rational comments or suggestions.
c) File complaints against Sangfor products.
d) Describe emotional disappointment on Sangfor product because of issues or defects in that product.
2. Non-constructive Suggestions and Criticisms
a) Valueless and subjective attacks against Sangfor and Sangfor products.
b) Compare Sangfor products with those of other vendors in an unfair, unjust and unopen manner, with a purpose of deliberately denigrating Sangfor and Sangfor products or promoting other vendors' products.
c) Attack Sangfor and Sangfor products for other commercial purposes.

Privacy Policy

Sangfor Technologies (Hong Kong) Limited (collectively, "We" and "our") attaches great importance to the security of your personal data seriously. Collecting, using, sharing or transferring of your personal data may be conducted upon you visit our website, use our products and/or services based on your consent, contract relationship or any applicable legal ground.

SANGFOR Privacy Policy (hereinafter referred to as "this Policy") represents how we collect, use, store, transfer your personal data as well as your legitimate rights to access, update, delete, and protect your personal data.

You are required to get fully understanding of this Policy before submitting your personal data to SANGFOR. This Policy applies to SANGFOR websites, products, services that display or provide links to this Policy.

SANGFOR will ensure that any personal data we collect about you will be held and processed strictly in accordance with the European General Data Protection Regulation (GDPR) which become effective on 25th May 2018.

Considering SANGFOR provides various kinds of products and services, this Policy may not cover all possible scenarios for personal data processing. Any specific data relating to the processing of personal data in the context of SANGFOR's products or services may be described in the privacy policy of related products or services or may be released in any notice that is given during the collection of data.

1. Collection and use your personal data.

"Personal data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The aforementioned personal data maybe be collected by your behavior of using of our products, services, or when you interact with us, such as visiting our website, registering relevant accounts, participating in our events. Besides, by using cookie and other similar technologies, our websites may indirectly record your personal data. When you use SANGFOR website, we may collect certain data automatically from your computers or devices (including mobile devices). The data we collect automatically may include your IP address, device type, operating system, unique device identifiers, browser-type, browser language, geographic location and other technical information. We may also collect data about how your device has communicated with SANGFOR Website, including the pages viewed, the links clicked, the amount of time spent on particular pages, mouse hovers, the date and time of the interaction, error logs, referring and exit pages and URLs, and similar information. We use this information only for our analytical purposes, and to improve the quality, relevance, and security of SANGFOR website.

Our website collects and uses personal data through the following methods:

1) Tracking

Our website uses analytics tool such as Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how you found us, how you are using our website and to see the journey you took through the website. All of these are used only in the purpose of improving our website to provide you with the best user experience. Disabling cookies on your internet browser will stop Google Analytics from tracking any part of your visit to pages within this website.

2) Registration Form

When you choose to use SANGFOR community rather than just browsing, you are required to fill in a registration form to create a community account, the data that you supply includes names, usernames, phone numbers, email addresses and region information associated with your account, will be submitted to our database on AWS and under full protection of AWS encryption. AWS is based in the USA and is EU-US Privacy Shield compliant. A backup server of SANGFOR Community is based in Hong Kong only for the sake of disaster recovery.
AWS (Privacy Policy)

3) Email Newsletters

If you choose to join our email newsletter or if provided with your email during an event or other circumstances, the email address that you submit to us will be forwarded and stored in MailChimp which provide us with email marketing services. The email address that you submit will not be stored within this website's own database or in any of our internal computer systems, except for the purpose of importing the data into Mailchimp.

Your email address will remain within MailChimp's database for as long as we continue to use MailChimp's services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter. While your email address remains within the MailChimp database, you may receive periodic newsletter emails from us.

We use several third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the GDPR legislation. All two of these third parties are based in the USA and are EU-US Privacy Shield compliant.
1) Mailchimp (Privacy policy)
2) SurveyMonkey (Privacy policy)

We may collect your personal data for the business purposes such as sending solicited information about a specific item or information about products or Company, perform market research & analytics to improve our services & product offerings. Besides, we may supply such above personal data to third parties for business purposes or marketing based on your consent.

Should the purposes of using your personal data are not included in this Policy, we will obtain your prior consent before we implementing the relevant purpose. Moreover, you are entitled to withdraw your consent at any time in compliance with the laws and regulations, but this maybe cause the function limitation of the website, product or service.

Please be fully noted that we are entitled to collect and use your personal data without your prior consent under any of the corresponding circumstances in compliance with any applicable laws and regulations.

2. Cookies and Other Similar Technologies

Like most sites, we use technologies that are essentially small data files placed on your computer, tablet, mobile phone, or other devices (referred to collectively as a "device") that allow us to record certain pieces of data whenever you visit or interact with our sites, services, applications, messaging, and tools, and to recognize you across devices.

The specific names and types of the cookies, unique identifiers, and similar technologies we use to collect data (e.g. about the pages you view, the links you click, and other actions you take on our Services, within our advertising or e-mail content) may change from time to time. To help you better understand this Policy and our use of such technologies we have provided the following limited terminology and definitions:

Cookies - Small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. Cookies allow a website to recognize a particular device or browser.

Similar technologies - Technologies that store personal data in your browser or device utilizing local shared objects or local storage, such as flash cookies, HTML 5 cookies, and other web application software methods. These technologies can operate across all your browsers, and in some instances may not be fully managed by your browser and may require management directly through your installed applications or device. We do not use these technologies for storing personal data to target advertising to you on or off our sites.

We may use the terms "cookies" or "similar technologies" interchangeably in our policies to refer to all technologies that we may use to store data in your browser or device or that collect data or help us identify you in the manners described above.

3. Rights to your personal data

If you submit your personal data to us, please ensure the accuracy of such data. If your personal data has changed (for instance, your address has been changed), you are obliged to update your personal data in a timely manner.

For requirements by applicable laws, you may: (1) have access to your personal data we have held; (2) update or correct any of your inaccurate personal data; (3) restrict or object to allow us to process your personal data; and (4) require us to erase your personal data, and (5) require us to comply with your request for data portability (6) withdraw your consent at any time which will not affect the lawfulness of processing based on consent before (7) lodge a complaint with the corresponding supervisory authority.

When you claim the said rights, we may require you to submit a written request and may verify your identity. Usually, we do not charge anything for such processes unless your request goes beyond the limit of conventional requirements.

4. Protection and Storage of Personal data

We recognize the need to ensure that personal information gathered via this website remains secure. Our site has security measures in place to protect against the loss, misuse, and alteration of the personal information under our control. Our security measures include the use of a hardware firewall to prevent unauthorized access. You acknowledge that although we exercise adequate care and security, there remains a risk that information transmitted over the Internet and stored by computer may be intercepted or accessed by an unauthorized third-party.

Your Personal Data will be stored on our database as long as you continuing use your community account. With your consent, any data we use for lawful purpose(s) for which it was obtained will be kept with us until you notify us that you no longer wish to use the functions of SANGFOR community and would like to delete your account permanently.

5. Cross-border Transfer of Personal data

Generally, we will process your personal data in the country/region where you use our products or services. However, we may transfer your personal data to Hong Kong China, Malaysia and USA that may have different laws for the protection of personal data.

6. Breach Notification

In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant Data Protection Authority (DPA) will be informed within 72 hours, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, Sangfor informs the supervisory authority of the reasons for the delay. This will be managed in accordance with our Information Security Incident Response Procedure which sets out the overall process of handling information security incidents.

7. Update of this Policy

This privacy policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes.

8. Contact Us
If you have any question about this Policy or have any request or query for your personal data, please send an email to community@sangfor.com to contact us.