fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Incapsula (Review) - How to Protect and Secure your website in 10 minutes

What is Incapsula ?

Incapsula is a cloud based service that provides the ability to add further security and also improve the performance of any website in a matter of minutes via a few simple DNS changes.

 

 

 

How does it work ?

Incapsula works by routing traffic via its global CDN network prior to it reaching your website. Because of this traffic can be either optimized, served from cache or denied (due to being deemed malicious) by Incapsulas global CDN network.

But how is the traffic routed to Incapsula (their global CDN) in the first place ?

This is achieved by DNS. A CNAME is created that points your website (i.e www.yourdomain.com) to Incapsula (such as ic8br.x.incapdns.net).
At the point the client follows the CNAME and resolves the A record for ic8br.x.incapdns.net an IP for Incapsulas nearest POP (Point of Presence) is returned to the client.
The great thing about configuring your DNS in this way is that you don't have to change who is authoritative for your domain.

Features

Ok, so lets look at the main features that Incapsula offers. These are WAF, Acceleration, and Bad bot Protection.
Note : For more information on the various 'Plans and Pricing' that Incapsula offer click here.

Bad bot Protection

Incapsula’s first layer of protection identifies and filters out malicious bots. Bad Bot protection provides you with the ability to deny known bad bots, permit known good bots such as googlebot and also define your own bots that you may want to deny.
Should you wish to search for a bot name, company name or user agent, Incapsula also provides a great resource called Botopedia that can be used when either tuning your bad bot protection or investigating any bad bot activity.


WAF (Web Application Firewall)

Incapsulas next line of defense (and in my opinion the most impressive) is the Web Application Firewall (WAF). This provides protection from a range of layer 7 attacks and provides such features as,

Backdoor Protect - Detect and Quarantine Backdoors uploaded to your website.
SQL Injection - Detect attempts to manipulate the logic of SQL statements executed by the web application against the database.
Cross Site Scripting - Detect attempts to run malicious code on your website visitor's browsers.
Illegal Resource Access - Detect attempts to access Vulnerable or Administrative pages, or view or execute System Files. This is commonly done using URL guessing, Directory Traversal, or Command Injection techniques.
DDoS - Detect and stop distributed denial of service attacks on your website.


Acceleration

Using both CDN (Content Delivery Network) and traffic optimization Incapsula can seriously increase the speed and efficiency of your website.
Which, can not only decrease your hosting bandwidth costs but also greatly improve your customers experience when viewing your site.

All of which is achieved using a combination of Static/Dynamic Content Caching, Minification, session optimization and compression.


Management Portal

In order to configure and monitor your Incapsula solution a management portal is provided and accessed via a web browser.

The dashboard is divided into 3 sections : Dashboard, Events and Settings.

Dashboard - The dashboard allows you to view a range of statistics for your security events and traffic via a number of graphs/charts.
Events -  Each security event that is created (such as SQL injection, Badbot etc) can be viewed within the Event section. This provides you with the ability to gather further details and also permanently whitelisting or blacklisting the offending IP.
Settings - The Settings section provides you with the ability to configure and tune the various features within your Incapsula armory.  Though this allows you to configure such features as previously mentioned (i.e WAF etc), it also provides you with a number other configuration settings such as denying/permitting access on a per country or URL basis, or running a DSS PCI scan on your site (to name but a few).


Conclusion

Incapsula provides an unparalleled and unmatched service that (in my opinion) has yet to be seen anywhere else to date.
As you've seen it can provide an additional layer of security to your site, increase performance and also offset resource loads from your infrastructure with a few simple DNS changes ; with all this said and done, Incapsula cannot be recommended enough and is a must for any public facing website.

Further Reading

Cloudflare vs Incapsula vs Mod_security http://packetstormsecurity.com/files/download/120407/wafreport2013.pdf
Details and Information around Incapsulas features - http://www.sitepoint.com/incapsula-a-multi-layered-website-security-solution/
Incapsula Service Overview - http://www.incapsula.com/tour/incapsula-tour

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001