From: Faisal Khan (faisal@netxs.com.pk)
Date: Thu Jun 09 2005 - 12:59:33 EDT
Well I'll be dog gone! I just wasn't aware of such devices out there in the
market (and I thought I was up to date! evidently not).
We protect our network with IPS (TopLayer), IDS (Juniper and GFI LANGuard &
SNORT) and Firewall (Juniper Netscreen) and always thought that would be
enough, but SQL injection has always been a concern. Since we are not able
to actively defend it - its in our TOS/SLA that we do NOT defend against
SQL Injections.
Thanks to all who pitched in an answer/suggestion.
Faisal
At 09:35 PM 6/9/2005, Richard Barrell wrote:
>Hi Faisal,
>
>There are dedicated devices that are designed to prevent attacks of
>this sort - web application firewalls. Here are a list of
>manufacturers that you should look into:
>
>(in alphabetical order)
>
>Imperva - www.imperva.com/
>Kavado - www.imperva.com/
>Netcontinuum - www.netcontinuum.com/
>Teros - www.teros.com/
>Watchfire (Sanctum) - www.watchfire.com
>
>AND, if you'll forgive the plug,
>
>Sentryware: www.sentryware.com
>
>Good luck in your search,
>
>Rich
>
>-----------------
>FK> Pardon the ignorance, but is there any hardware/software based device that
>FK> can outright prevent/mitigate (detect?) SQL injections? Would an IDS be
>FK> able to prevent this?
>
>---------------------
>Richard Barrell, CCNP, CCDP
>International Pre-Sales Manager
>
>www.sentryware.com
>Parque Empresarial Zuatzu
>Edificio Urgull, 2ª local 10
>20018 Donostia-San Sebastián
>Spain
>
>Tel: +34 943 31 73 30
>Mvl: +34 646 97 10 18
>Skype: mr_barrell
Faisal Khan
CEO
Net Access Communication
Systems (Private) Limited
_____________________________
1107 Park Avenue, 24-A, Block 6,
PECHS, Main Shahrah-e-Faisal,
Karachi 74500 (Pakistan)
Board: +92 (21) 111 222 377
Direct: +92 (21) 454-346
Fax: +92 (21) 454-4347
Cell: +92 (333) 216-1291
Email: faisal@netxs.com.pk
Web: <http://www.netxs.com.pk/>www.netxs.com.pk
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:24 EDT