1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Web Application Firewall/Security audit question

Discussion in 'Security' started by abrodski, Mar 6, 2012.

  1. #1
    Hello!

    I run a Joomla site and I went to one of the famous commercial sites that deal with vulnerabilities. They have a free security audit for malware.
    I ran it on my site. And I got a reply that "Host is not alive". I have Admin Tools WAF turned ON. They recommend to shut it down temporarily, so their scanner can check everything. But to me that doesn't make any sense. Because, in my opinion, if their scanner couldn't get through, it means that the site passed the audit fine.
    SEMrush
     
    abrodski, Mar 6, 2012 IP
    SEMrush
  2. djacobs

    djacobs Well-Known Member

    Messages:
    238
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    140
    #2
    No what you're saying is, if I can not get into your house through the front door, than you must not need a security system. Not like I can break a window or get through the back door right? There's more than one way to break into your site. You should also understand what WAF does, because I dont think you do.

    WAF is designed to stop most common hackers from sniffing information they can use from your site/server to aid them in cracking your site/server. In this case the commercial site cant search your site for malware.

    But in the real world, hackers dont need to sniff your site to crack it. And whose to say a good hacker wont crack WAF?
     
    djacobs, Mar 15, 2012 IP
  3. abrodski

    abrodski Member

    Messages:
    56
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #3
    So what you're saying is that WAF is useless if a hacker can crack it? And if you say that in a real world a hacker doesn't need to sniff, then why people would install WAF in a first place?
     
    abrodski, Mar 16, 2012 IP
  4. djacobs

    djacobs Well-Known Member

    Messages:
    238
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    140
    #4
    NO it is not useless, but it makes it harder for a hacker to get into your site. Which can do two things:

    Result#1: Deter the hacker from trying and essentially give up.

    OR

    Result#2: make the hacker have to work harder.

    Sniffing/fingerprinting isnt needed, but it makes things easier. Its a tool in a crackers toolkit.
     
    djacobs, Mar 16, 2012 IP