Notice Concerning Security Enhancements

Notice

Notice Concerning Security Enhancements

Thank you for your continued patronage of our services.

LearningBOX will introduce WAF (Web Application Firewall) in the shared environment starting with the Ver2.19 release as part of security enhancement.
This announcement summarizes the concerns that have been raised since the WAF was introduced.

Reasons for implementing WAF

In recent years, cyber attack methods have become more sophisticated, and the time between the discovery of a vulnerability and an attack has become shorter.
In order to protect our customers' personal information and services from increasingly sophisticated cyber-attack threats, learningBOX has decided to implement WAF.

What is WAF?

WAF is a security tool to protect websites by detecting and preventing attacks that exploit web application vulnerabilities.
It protects services from attacks by blocking malicious requests before they reach the server.

How WAF works

WAF intervenes in communication between the access source and the web server and uses "signatures" to detect attacks and prevent unauthorized access. When WAF detects an attack, it intercepts the communication and logs it, while simultaneously sending a warning message to the access source on behalf of the web server. At the same time, it returns a warning message to the access source on behalf of the Web server.
General firewalls do not check the content of communications or even the method of communication. Any communication that passes through the system's port of entry will reach the web application, even if the content is malicious.
In addition, IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) detect unauthorized access using signatures similar to WAF, but their detection accuracy for unauthorized access to web applications is low and they cannot provide sufficient security measures.

WAF will be introduced from learningBOX [Ver2.19] in the shared environment

With the introduction of WAF, there is a possibility that the global IP address you are using may be determined to be blocked.

Countermeasures when 403Forbidden is displayed

If you receive a 403 Forbidden message on your browser, please wait a moment and try accessing the site again.
If you are accessing the site via a VPN or other means, accessing the site without a VPN may improve the situation.

Get started with free compliance training!
banner

  • Comment ( 0 )

  • Trackbacks are closed.

  1. No comments yet.

Related posts