Embed Size (px)
Citation preview
Liferay, Okta & Incapsula
A Non-Profit Perspective
© 2016 Imperva, Inc. All rights reserved.
Non-Profits and Cybersecurity
• IT Consumerization and the blending of Personal and Business use of
technology Devices and Applications demand more from any organization
today.
• Non-Profit IT challenges– Cybersecurity threats
– Limited Budget
– Less time, Less resources, need to embrace more technologies
• Management Responsibility with keeping up with trending technologies.
• IT director and manager’s role playing a Strategist, Catalyst, Technologist
and Operator.
• Cloud Services - A boon to IT Value Optimization and Cost Efficiency.
© 2017 Imperva, Inc. All rights reserved. 2
© 2016 Imperva, Inc. All rights reserved.
CMS & SSO
• Liferay Enterprise CMS is a Java based multi-site environment that
GOARCH uses to serve all of its websites and interactive portals
• We use Okta to integrate Single Sign-On (SSO) to enable our users to
login to the Liferay CMS software.
• With Liferay being a dynamic web application server, our team had to
ensure that our CDN supported Dynamic Site Caching
• POC and trial with several CDN including Akamai, Incapsula, Cloudflare,
Verizon and Limelight
• Top Issues: Dynamic Caching, SSO Session Caching Prevention,
Cost efficiency.
© 2017 Imperva, Inc. All rights reserved. 3
© 2016 Imperva, Inc. All rights reserved.
Incapsula CDN
• Incapsula CDN was shortlisted soon after our team had confirmed all the
required functionality, the top priority in our selection criteria was the following
Dynamic Caching
Cybersecurity
Reporting
© 2017 Imperva, Inc. All rights reserved. 6
© 2016 Imperva, Inc. All rights reserved.
• Dynamic Site Caching.
• URL/Regex based cache exclusion list.
• Efficient robots.txt to permit only known crawling bots to
index the site.
• Rate Limiting based on preset threshold limit and Advanced
DDoS Protection.
• Known URL pattern based XSS attack prevention.
• IP and Geo-Location based exclusion list.
© 2017 Imperva, Inc. All rights reserved. 7
© 2016 Imperva, Inc. All rights reserved. © 2017 Imperva, Inc. All rights reserved. 8
© 2016 Imperva, Inc. All rights reserved.
• WAF Rules and advanced firewall with Automatic Blocking
preventing Backdoors, Remote File Inclusion, SQL Injection,
XSS, Illegal Resource Access and DDoS.
• Cookie caching prevention rules to exclude Okta SSO Cookies
from being cached.
• Live Site Monitoring and Automatic Failover.
• Automatic on-the-fly Dynamic Content Minification and
Image Compression.
• Real-time Logging/Network Dashboard/Notification Alerts.
© 2017 Imperva, Inc. All rights reserved. 9
© 2016 Imperva, Inc. All rights reserved.
WAF Whitelist & XSS Rules
URL Exception
HTTP Parameter
IP Based Exception
© 2017 Imperva, Inc. All rights reserved. 10
Questions?
![2016.03 IP Protection Webcast v3[1]files.meetup.com/16943162/Incapsula's 'Protect Your... · IP"Protection 10 Confidential Legit DDoS Traffic Incapsula" Network GRE"Tunnel Incapsula"IP"Address](https://img.dokumen.tips/doc/110x75/5f0b3e9a7e708231d42f8ef5/201603-ip-protection-webcast-v31files-s-protect-your-ipprotection.jpg)
![[Webinar] Improve Your Incident Response with Incapsula and PagerDuty](https://img.dokumen.tips/doc/110x75/587125e51a28abe4448b61bb/webinar-improve-your-incident-response-with-incapsula-and-pagerduty.jpg)
