Protecting Your Web Servers from Attack

Increasingly business are relying on Web technology to reach customers, partners, and employees. Whether the Web Servers are supporting Intranet, Internet, or Extranet applications they have become part of your critical infrastructure. Whether the Web Servers are accessible from the Internet or restricted to closed corporate networks, they are vulnerable to attack.

Using a WSA to isolate a single Web Server or a Web Server farm from the network (Internet, private network, or LAN) can reduce the Servers' vulnerability without affecting the Servers' ability to support your business. Please consider the following:

• The WSA offers the maximum level of protection in those situation when you need access control for the entire Web Site. In this case, only authenticated, authorized users can get a packet through the WSA to the Web Servers. Therefore, the community with the ability to attack your server is highly restricted and in many cases well-known by you.

• The WSA also includes a set of firewall rules, which are especially suited for controlling the traffic to and from Web Servers. For each type of traffic (e.g. UDP, broadcast, etc.) the WSA administrator can select whether or not the traffic can flow to or from the Server. The WSA firewall features protect the Web Server(s) from attacks that leaked through perimeter firewalls or attacks originating within the local network.

• The WSA terminates all TCP connections with the browsers. Under typical configurations, the WSA does not allow external TCP connections directly to the Web Server(s). This means that the WSA terminates most of the common denial of service attacks, and the attacks will never reach the Server(s). The WSA is especially designed to shed packets from most common denial of service attacks.

For additional discussion on the WSA's role in protecting your Web Servers, please see the white paper: Security Benefits of the WSA.