2.9. Web Security (WAF)


2.9.1. Overview

Web Security (WAF) is the service that detects and protects security threats including unauthorized access and attack traffic on the Web application server in the virtual server on Enterprise Cloud.

2.9.2. Features

UTM offers the following features.
Feature Overview
WAF A function that inspects Web communication specified by customer and detects/protects unauthorized access and attack traffic.
IP reputation A function that blocks attacks from the source identified as threat.

Analysis Capacity

2.9.2.1. WAF

Communications to be inspected are as follows
Item Details
Protocol HTTP/HTTPS

Detailed functions are as follows.
Function Details
WAF
This function inspects Web communications based on the signature.
This function protects the Web server from various attacks from the application layer including cross-site scripting, SQL injection and buffer overflow.
Trust/Black IP control
It is possible to control communications of the IP address specified by customer.
It is possible to specify Trust IP (IP address that is allowed unconditionally) and Black IP (IP address that is blocked unconditionally). A maximum of 100 addresses can be registered for Trust IP and Black IP in total.
Decoding It is possible to inspect communications by decoding SSL communications.
X-Forwarded-For
It is possible to forward information on the source IP address.
It is possible to forward information on the X-Forwarded-For address to the Web server (real server).

Initial Tuning Report
Customer can change the policy setting (setting can be changed to detection only/disabled for each signature ID) from Security Web Portal.
We can report advices on policy tuning.
Initial tuning report is available only for once. Initial tuning report application sheet is available on Security Web Portal. Input necessary items and request the report by using the security ticket.

2.9.2.2. IP reputation

Details are as follows.
Function Details
IP reputation
This is the function for controlling connection from the host based on information on the source of threat.
Classification of threats is as follows.
  • DDoS: Source identified as part of DDoS attack
  • Phishing: Source identified as part of phishing attack or as a host of the Web site for phishing attack
  • Anonymous proxy: Traffic that is sent via anonymous proxy for disguising the original identity of the client and the source is hidden
  • Malicious source: Host that infection by harmful software is identified
  • Spammer: Host identified as the source of spam

IP reputation function works as the standard function so that this function cannot be enabled or disabled.

2.9.3. Restrictions

Restrictions in non-Japanese Data Centers

  • One global IP address per one Web Security (WAF) service is necessarily assigned to monitoring use for Web Security (WAF) server. When you order 2 Web Security (WAF) services, two global IP address is assigned by NTT operator. Therefore please make sure that you prepare the required quantity of global IP addresses when ordering.
  • Do not change NAT rules for Web Security (WAF) service configured to vFW/INA by NTT Com Group.
Restrictions relating to IP addresses

  • IP address set as Default gateway in Server Segment setting cannot be assigned to this service.
Restrictions relating to network configuration

  • You require an additional Server Segment for direct connection between vFW/INA and Web Security (WAF) for monitoring and management.
Other restrictions

  • Please indicate the Web Security (WAF) plan when sending in your application. No changes can be made among Entry, Compact and Large after the service begins.
  • When using the decoding function, customer needs to prepare a certificate. Customer has the responsibility to acquire, update and manage a certificate. It is possible to set and update a certificate from Security Web portal.
  • You must first register the Virtual Server IP address as Reserved IP. Reserved IP addresses are set by the Customer Portal.
  • You are responsible for IP address design in Server Segment. NTT Communications assumes no responsibility for any failures that may occur due to IP design problems.
  • Communication that can be handled with this service is Web communication only. Communications other than HTTP, including FTP and SSH, cannot be handled.
  • If the protocol that complies with RFC or encapsulation is used, communications cannot be processed with this service.
  • The appliance that runs this service operates on a single structure. The platform is a dual configuration where it will switch in five to ten minutes after rebooting on the backup platform during failures.
  • This service needs a dedicated compute resource pool. (The pool will be created when applying for Web Security (WAF).) This service cannot be configured on an existing compute resource pool.
  • Customers cannot configure a virtual machine on the compute resource pool operating this service.
  • The dedicated compute resource pool for this service cannot be extended or reduced.
  • Changes in resource allocations for the virtual machine that operates this service cannot be done from the customer portal. (Only we can operate it as it is virtual server controlled by us.)
  • The virtual machine operating the Web Security (WAF) cannot use private catalogues, backup and VM security services.
  • We do not guarantee that features provided by Web Security (WAF) have integrity or accuracy, or they are suitable for your use. Furthermore, the suitability of the algorithms that detect unauthorized/cyber-attack communications provided by the developers or distributors of the devices making up the Web Security (WAF) feature is not guaranteed.
  • The following information might be provided to the developers or the distributors of the devices making up Web Security (WAF) features.
    • Configuration information obtained through providing Web Security (WAF)
    • Information on control of Web Security (WAF)
  • We cannot guarantee recovery from failures that might occur due to incompatibility between the Web Security (WAF) feature and your environment, or failures that occur due to your operations other than those specified by NTT Communications.
  • There may be times when the customer’s environment is affected by maintenance services. An advance notice will be sent when there are possible effects to the customer’s communication. This is not applied when we judge the maintenance work urgent to provide the service.