I have got IPS enabled and denied on most accept information. I have packet filtering policy with IPS enabled for all server including SQL.
I have SQL monitoring agent that looks for trigger words/code in the URL the user is submitting and it has been sending email alert for Possible SQL injection from URL, Trigger - @@, Time and IP - 208.x.x.x.
We have client website manged by us that send query to our SQL server. It looks bot probing us to see if we have sql injection vulnerabilities. I don't see threat on Watchguard blocked list.
What kind of configuration on watchguard ensures better security against such threat. When I called watchguard they said to enable proxy based policy for that SQL server on HTTP. If I do that would it block genuine request to DB from client web site.
Also, I was planning to add NetFort SQL for LANGuardian on existing LANGuardian VM. But I am not sure if it allows the inspection of packet and signature tracking and blocking.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.