ZXTM is not a firewall, but its full traffic inspection and programmable rules logic makes it an ideal way to implement security policies to complement other security devices.
Here's a selection of ways that ZXTM can help secure your application traffic:
- Hex and UTF encoded data
-
Attackers frequently use hex and UTF-encoding in malicious URLs to bypass filters. This article shows you some of their techniques, and how they can be defeated using TrafficScript-based content inspection rules.
- The "Contact Us" attack against mail servers
-
The "Contact Us" form on many web sites can bypass many of the security checks that external mail servers impose, and is ripe for automated attack. This article describes how to use ZXTM's Request Rate shaping functionality to mitigate against these attacks.
- Overcoming client firewall restrictions with port sharing
-
An overly-restrictive firewall may only permit incoming traffic on a strict set of ports. This article describes how to tunnel several different protocols over the same TCP port, and separate them out and route them differently behind the firewall.
- Traffic Valuation and Prioritization
-
Some users may dominate your service, at the expense of other users who want to make valuable transactions. This can result in an unintentional (or even intentional) Denial of Service attack.
This article describes a range of ways to classify your users, and then apply different prioritization techniques to ensure that your valuable users get the best possible levels of service.
- Masking data (e.g. social security numbers) in HTTP responses
-
Attackers may exploit internet services, persuading them to leak sensitive information. In a recent survey, such data breaches were calcuated to cost the affected company an average of $182 per compromised record.
This article discusses one such incident, and describes how ZXTM can easily inspect and secure outgoing traffic to mask out data such as social security or credit card numbers.
- Access control via ZXTM database authentication
-
Use ZXTM to authenticate each individual request, before it reaches your back-end application servers. This article shows you one way to query an external authentication service.
- Spoofing IP addresses when using web proxies
-
Some upstream security appliances operate as reverse proxies, and they mask the source IP addresses of the connections they are handling. This can be a problem when a downstream apication needs to use the source IP address for authentication or logging purposes.
This article describes how to use ZXTM to modify the request, substituting in the correct source IP address so that the downstream applications work correctly.
- Using ZXTM with htaccess authentication
-
If your web site uses authentication, you can use ZXTM to manipulate the authentication credentials to allow or deny particular users or groups of IPs.
This article shows you how to get ZXTM to read a list of trusted IP addresses from an external datasource and automatically add in the authentication credentials so that those users do not need to supply a username and password.
- How do I restrict my website to certain IP ranges?
-
This article describes how to read a list of IP addresses from a file and apply authentication logic, such as only allowing those source IP addresses to access the service. The file can be modified at any time and ZXTM will automatically detect and apply the changes.
