NGAF Frequently Asked Questions (FAQs)
1· What is a Next Generation Firewall?
The meaning of Next Generation Firewall differs between each vendor. According to Gartner, Next Generation Firewall are deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.
2· What is Web Application Firewall (WAF)?
A Web Application Firewall (WAF) is a firewall used to protect web application/server (also known as HTTP applications). It provides protection for the layer 7, especially against attacks such as SQL injection and Cross-Site scripting.
3· What is an IPS?
An intrusion prevention system (IPS) monitors network traffic to detect attacks and prevent them. It is mainly based on signature-matching and anomaly detection. Unlike WAF, IPS cannot protect the web application layer, known as layer 7. It is especially vulnerable to new and emerging attacks that do not have signatures.
4· What is ATP (Advanced Threat Prevention)?
The definition varies from a vendor to another vendor, however it generally refers to a security solutions that protect users against sophisticated malware or hacking attacks.
5. What is APT (Advanced Persistent Threat)?
An Advanced Persistent Threat is an attack usually made against organizations (public/private). The characteristics of this attack is that it is using malware that can stay hidden for a long time before it is detected. The main purpose is to steal information instead of causing damage like the other type of malwares.
6. What is a Malware?
A malware is a piece of software that is designed to damage or gain unauthorized access to a computer or server. It includes a broad range of varieties such as virus, worm, trojan horse, spyware, ransomware, etc.
7. What is a Virus?
A virus is a type of malware that is designed to infect a user, execute and replicate itself to infect other users. It will result in the infection of programs and files, alter your system settings and ultimately stop it from working (depending on the virus).
8. What is SQL Injection?
SQL injection is an attack that is targeting to destroy a specific database. This is done through code injection technique by placing malicious code in the SQL statements for execution.
9. What is Cross-Script Scripting (XSS) attack?
Cross-Site Scripting refers to a type of injection attack where an attacker injects malicious scripts into a trusted websites or web application vulnerabilities. Instead of targeting directly the user, the attacker is targeting the website (or web application) vulnerability in order to reach the victim. This can result in the attacker stealing the victim's credentials and sensitive data (e.g.: credit card information).
10. What is DoS Attack?
If the user wants to unlock the system or files, he/she must pay a certain sum of The DoS abbreviation stands for Denial-of-Service Attack, is a type of attack that is flooding a targeted machine or resource connected to the internet with so many requests that it will overload the systems and make it unavailable.
11. What is DDoS Attack?
The DDoS abbreviation stands for Distributed-Denial-of-Service Attack, is similar to DoS attack. The main difference is that in a DDoS attack, the attacker(s) is using more than one source with multiple computers and internet connections to floor the victim with requests.