New Generation or Layer 7 Firewall

What is a New Generation or Layer 7 Firewall?

It can also be called Application Firewall or New Generation Layer 7 firewalls perform application-level functions. This means that they will be able to perform functions in the network protocols above those of layer 4 and 3.

These types of firewalls emerged to revolutionize network security as we have known it until now. Traditional firewalls are limited to stateful packet inspection and access control rules, but as hackers become more sophisticated, threats become more advanced, and this system is no longer effective. In order to protect a business from ever-evolving threats, the Next Generation Firewall must be able to offer a deeper level of network security.

The key is to ensure that all bytes in each packet are inspected, but this must be accomplished by maintaining high throughput and low latency to keep busy networks running optimally, in addition to effectively combating threats and addressing security issues. increasingly pressing productivity.

Companies require a deeper level of security and control, is what this type of Firewall offers. Below, we detail some of the main features:

SSL decryption and inspection

Today's organizations that do not have SSL decryption and inspection have no control over a third of the traffic on their network. IPS with anti-evasion technology

Cybercriminals often attempt to bypass IPS using complex algorithms that bypass detection.

Context-based application control

The popularity of network access-based applications has skyrocketed in the past ten years, making it difficult for administrators to monitor user activity and traffic usage by applications.

Network based malware protection

New variants of malware are developed every hour. Staying informed of all those threats thanks to network-based malware protection, which uses a constantly updated cloud database, is essential to block new threats as they appear.

Thus, with a layer 7 or application firewall, we could inspect the HTTP, HTTPS protocols, among others.

In other words, a Layer 7 Firewall has the ability to analyze and protect your server or cloud from much more variety of attacks due to its analysis capacity and power. Highlight:

• Filtering at application level
• Filter by URL.
• Application control: WEB, FTP, P2P, ...
• Protect against denial of service attacks.
• Protect from code injection attacks.
• SandBox
• SSL traffic inspection.
• Filtered by user.

What is SW Panel Next Generation Security?

It is the ability of the SW Panel to activate and manage multiple layers of Layer 3, 4 and Layer 7 Firewall to filter incoming and outgoing traffic from your server or cloud to ensure full protection against attacks or even the protection of your server or cloud is not the attacker.

Note that there are different levels of next-generation security service, each with different capabilities / properties. Well, select the one that best suits your needs.

Can my server or cloud attack other servers?

Yes.

Many times when talking about Firewall or protection we focus on inbound traffic. Solutions like CloudFlare, Incapsula or WAF applications are based on the analysis and filtering of the traffic that your server or cloud receives, simply on the traffic that it receives.

But what about the traffic that my server sends? Can it be harmful?

Yes, your server may be compromised, or have viruses or malware installed inside it, and become part of a zombie network or be remotely controlled. It is in these cases when traditional external filtering such as CloudFlare, Incapsula and many others do us no good.

Then what should I do? Can this outgoing traffic be filtered?

Yes.

With New Generation Security from SW panel and SW Hosting, when we filter traffic we do it in both directions, inbound and outbound traffic.

We can protect you against attacks, and prevent you from being the attacker. Many times it is worse, for the reputation of a company, to be the attacker and not suffer the attacks.

IN traffic and OUT traffic. Sent and Received. Input and output...

This is the great virtue of SW Panel's New Generation security, it protects in both directions.

All the reports, lists, analyzes and statistics that the new generation security offers you will have the analysis of the traffic received and sent.

At all times you will know if you are being attacked or if you are the attacker. In addition, all this with a country-by-country analysis and a global vision of the geographical distribution of your attacks.

Activation of New Generation Security

Activation using the Service Dashboard

• The first step will be to choose the Cloud or server in which you want to activate the New Generation Security

Open the service tree of your SW Panel.

Select, by clicking on it, the server or Cloud in which you want to activate the New Generation Security.

• Once selected, SW Panel will show you the Dashboard of this service.

In the Dashboard you will find the “Available Improvements” box, and in it you will find the New Generation Security option and a switch to activate or deactivate on its right.

Click on the switch to activate it.

Once you have pressed, you will access the New Generation Security configuration and activation screen.

This screen shows you a table with the subscriptions available in New Generation Security, and each of the details and characteristics of each subscription.

Study and analyze which subscription is the one that best suits your needs before activating.

Once you have decided, mark the corresponding "checkbox" to activate this subscription and confirm the activation by clicking on the Activate Now button below.

It's that simple, in a few seconds it will be activated, and now the Dashboard of the service will show you the switch in green as you already have it activated.

Activation through service management menu

• The first step will be to access the service tree of your SW Panel.

Find the Cloud or server to which you want to activate the New Generation Security and click to open the Manage menu

Dentro del menú encontrarás el apartado Servicios de Seguridad, pulsa sobre la opción Activar Seguridad de Nueva Generación

• SW Panel te llevará a la pantalla de activación de la Seguridad de Nueva Generación

This screen shows you a table with the subscriptions available in New Generation Security, and each of the details and characteristics of each subscription.

Study and analyze which subscription is the one that best suits your needs before activating.

Once you have decided, mark the corresponding "checkbox" to activate this subscription and confirm the activation by clicking on the Activate Now button below.

It's that simple, in a few seconds it will be activated, and now the Dashboard of the service will show you the switch in green as you already have it activated.

Next Generation Security of a service

Once activated, in the Perimeter Security menu on the right side of the service Dashboard on which you have activated security, 3 new options will appear

• New Generation Security Dashboard
• Threats and security details
• Modify Security Subscription

Also in the Services tree, services with New Generation Security activated appear with a shield icon on the left side of the service name, and in the Manage menu, within the Security Services section, a new option New Generation Security will appear, which, when pressed, will take us to the New Generation Security section of this service.

Next Generation Security Dashboard

This Dashboard shows us a summary of everything that is being detected in the outgoing and incoming traffic of your server or cloud, and the actions that are being taken as a control measure.

You will also find a geolocation map of the origins of the attacks or the destinations of your attacks if your server or cloud is the attacker.

At the top you will find a dropdown that will allow you to analyze the period you want. Select or indicate the period and the Dashboard will be loaded again with the data related to that period.

Improvement of the main Dashboard of SW Panel

When you activate the New Generation Security in your main SW Panel Dashboard, a new box will appear with the summary of the threats that the next generation security is treating in your services the last 7 days.

Interactive dashboards on Dashboards

All the components of the New generation Security tables are interactive and allow you to click on them to go deeper with the analysis of the information

• Threats by Types

Click on the type of threat and the detail and CVE of it will be shown.

• Severity of threat

Clicking on the severity that we want, the list of threats that we have received will appear.

• Country of origin

By clicking on the country, a list of the threats we have received from that country will appear.

• Donut Lock

We are informed of the total number of threats blocked and those that have been considered “non-threats” and have not been blocked.

• World map

  Interactive map in which the country of origin or destination of threats and the specific percentage weight of this country over the total number of threats are represented in balloons.

Threats and security details

The threat list will show you all the threats detected by Layer 7 Firewalls and the actions that have been taken on it.

There are always 2 possible actions to take:

• Drop

This threat has been blocked and the service has been protected

• Permit

This threat has been overlooked as it is considered non-detrimental.

The actions to be performed and the rigor or hardness in the analysis of them can be configured using the Change Sensitivity button

Change in sensitivity You can define between 4 different types of sensitivities and adjust how you want the Firewall to analyze vulnerabilities.

• Threat blocking disabled
• moderate sensitivity
• High sensitivity
• Very high sensitivity

Simply check the box of the type of sensitivity you want and accept the change in it. Once done, the Firewall will automatically adjust to the sensitivity that you have set as a working pattern.

List filters

To facilitate the search for a specific threat, you have different filters in the list, including a text and date search engine that will allow you to adjust the search that you want to do as much as possible.

Actions in the Manage menu

Depending on the type of New Generation security subscription you have in your service, the manage menu will show you more or less options.

Mainly you must use it to be able to know in detail the threat that has been treated, for this use the option See detail of the threat

Detail of a threat

This option will show you all the details that have been known about the threat that you have selected.

The information is shown classified in 3 tabs that are

• General

General information of the threat, details of the same, as well as origin and destination. In case of being a globally identified and classified threat, the DataSheet of the same will appear, which is obtained through the CVE of the threat.

• Location (standard security subscription or higher)

The location of the threat's source and destination IP is shown on a map.

• Packages (standard security subscription or higher)

If specific traffic packages of this threat have been identified, these are detailed in this tab as a list

Security Reports

You can schedule automated reports to scan for possible vulnerabilities in your Cloud. To do this, go to the Security Reports tab that is on the right side of Threats and you will see a list where all the reports you have created will be shown. In the right corner, there will be a blue button that will allow you to create new reports:

La pantalla que le aparecerá está dividida en 3 bloques:

Type of Report you want:

There are two types of reports available, the one for Network Security or Permitral and the one for System vulnerabilities of your Cloud One

• Network or Perimeter Security: This report can take approximately one hour to generate. It scans the connections to your Cloud and checks its security.
• Vulnerabilities of your Cloud system: This report can take approximately 6 hours, depending on the vulnerabilities detected in the system.

Report configuration parameters

In the scan you have to define which days you want to scan, choosing a starting day and a final day, the panel itself makes you count the total days that you will scan.

Keep in mind that you can only scan a maximum of 30 days, also the initial date cannot be earlier than 10-01-2020:

Report cost details

The last section will specify the costs of the Report. Which is 0 when it is a Cloud.