Dell SMA 200 Administration Manual page 69

If authentication is enforced for the portal, then the user is redirected to the login page for the portal.
How is Information Disclosure Prevented?
Web Application Firewall prevents Information Disclosure and Improper Error Handling by providing a way for
the administrator to configure text containing confidential and sensitive information so that no Web site
accessed through the Web Application Firewall reveals this text. These text strings are entered on the Web
Application Firewall > Settings page.
Beside the ability to pattern match custom text, signatures pertaining to information disclosure are also used to
prevent these types of attacks.
Web Application Firewall protects against inadvertent disclosure of credit card and Social Security numbers
(SSN) in HTML Web pages.
NOTE: Only text or HTML pages, and only the first 512K bytes are inspected for credit card or SSN
disclosure.
Web Application Firewall can identify credit card and SSN numbers in various formats. For example, a SSN can
be specified as XXX XX XXXX or XXX-XX-XXXX. Web Application Firewall attempts to eliminate false-positives by
filtering out formats that do not conform to the credit card or SSN specification. For example, credit cards
follow the Luhn's algorithm to determine if an n-digit number could be a credit card number or not.
The administrator can set an appropriate action, such as detect (log), prevent, or just mask the digits that can
reveal the user identity. Masking can be done fully or partially, and you can select any of the following
characters for masking: #, *, -, x, X, ., !, $, and ?. The resulting masked number is similar to the appearance of
credit card numbers printed on an invoice.
How are Broken Authentication Attacks Prevented?
The requirement for Broken Authentication and Session Management requires Web Application Firewall to
support strong session management to enhance the authorization requirements for Web sites. Secure Mobile
Access already has strong authentication capabilities with the ability to support One Time Password, Two-factor
Authentication, Single Sign-On, and client certificate authentication.
For Session Management, Web Application Firewall pops up a session logout dialog box when the user portal is
launched or when a user logs in to an application offloaded portal. This feature is enabled by default when Web
Application Firewall is licensed and can be disabled from the Web Application Firewall > Settings page.
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
69