Ask Sucuri: Differentiate Between Security Firewalls

WAF website security firewall

Question: How should a website owner differentiate between Firewalls? What do they do?

The term “firewall” is not new. It is common terminology in the world of technology and security, and possibly common enough that even non-technical people have a basic understanding of what a firewall is. Its meaning actually extends beyond security. The brick walls that divide different sections of a building are called firewalls. We even have firewalls in our cars. They’re the metal wall that separates the engine and passenger compartments. The term transcends multiple industries because it’s so indicative to what is happening. Regardless of industry, the core function has always been to separate two different spaces. Those spaces have always had two core purposes:

  1. To keep something out
  2. To keep something in

The term is used so interchangeably in security discussion, especially website security, that it can be confusing. Many attribute firewalls to functioning the same, this is false. When it comes to websites / servers / networks they fall into three distinct domains that I feel are important to differentiate.

Read More

The Dynamics of Passwords

history of passwords

How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet on a daily basis? Are you re-using any of the same passwords to make it easier to remember them?

We see it all too often: weak passwords used to secure website login for FTP, database, cPanel, and the CMS dashboard. Everyone has their own password policy. It’s very personal and usually based on a set of assumptions about online security. Many users choose policies of efficiency over security. Even the paranoid among us have to confront the truth. Like any defensive measure, best practices in password management can only minimize the level of risk.

Password management is a choice, and a habit. By taking a good look at the risks, users can make informed decisions and put better passwords into practice.

History of the Password

Most password strength meters are too soft. The companies that use them know this, but they don’t want users to leave the registration process due to a restrictive password policy. Modern software can guess many so-called “strong” passwords in minutes, and the most common passwords in milliseconds. As password hacking grew in complexity over time, so did the requirements on passwords.

Read More

Sucuri CloudProxy Website Firewall Improvements

If you are are a regular reader of our blog you probably know about our CloudProxy Website Firewall, it launched publicly a year ago. Since then, our team has been extremely focused on improving it, making it more effective and efficient for everyday website owners.

If you are not familiar with CloudProxy, I highly recommend reading some of the documentation and benefits of it:

In fact, if you have a website, why not try it out?

Read More

Twitter blocked in China

Twitter was blocked by the great firewall of China today…

… On another news, today China experienced a huge boost in productivity. No one knows why.