How to Secure Your Website With Imperva Incapsula
Introduction to Imperva Incapsula
This is the first of a sponsored, three-part series covering Incapsula performance and security services, brought to you by Imperva. Incapsula provides relatively low-cost services that often only large companies can afford to build; it puts the rest of us back on secure ground with Fortune 100 web publishers.
In this tutorial, I'll introduce you to the Incapsula solution's basic security services and walk through how easy it is to integrate your website with their systems.
Upcoming tutorials will review Incapsula protections, from guarding against distributed denial of service attacks (DDoS) to their performance optimization with a content delivery network (CDN) and other features such as compression and image optimization.
I've been quite impressed with the Incapsula network's simple integration steps and the sophistication of its resulting secure, high-performance hosting operations—so much so that I've added them to my Internet services directory. With Incapsula, you can have basic security protections and performance enhancements for free, or a robust set of protective services for $59 monthly.
What Does Incapsula Provide?
When you sign up for Incapsula, your website traffic will be seamlessly routed through its globally distributed network of powerful servers. Your inbound traffic is intelligently profiled in real time, blocking the latest web threats (e.g., SQL injection attacks, scrapers, malicious bots, comment spammers), and with higher-level plans, thwarting DDoS attacks. Meanwhile your outbound traffic is sped up with the Incapsula CDN and Optimizer. A lot of these features are provided for free, and you can try all of it without cost during their 14-day trials.
Here's a fun image of how Incapsula protects your site, sending visitors to web pages quickly and bots and intruders to dev/null:
In addition to the front-end firewall protections for your website, Incapsula also has developed special software to monitor outbound traffic and help you detect any pre‑existing backdoors in your website. It's called Backdoor Protect:
Incapsula also offers Two Factor Authentication for any set of pages on your site, via Login Protect:
As I'll cover in the next tutorials, Incapsula offers a wide variety of robust security and performance enhancements, from DDoS Protection to CDNs, Load Balancing, and even real-time health monitoring and notifications.
If you have specific questions already, check out the Incapsula FAQs.
Getting Started With Incapsula
Let's begin by choosing a plan for our free trial. If you're running a serious website and have a solid budget, try the most popular Business account. Otherwise, I suggest starting your trial with the Pro account to walk through our tutorial:
Click the green Free Trial button for the appropriate plan and fill out the sign-up form:
The Incapsula Demonstration Site
If you're not quite ready to sign up, Incapsula offers a complete demonstration site which you can browse. The site is a copy of an actual Incapsula account showing all of its services and functionality, but does not allow you to actually use the interface.
Integrating Your Website With Incapsula
It's amazing how easy it is to integrate your website with Incapsula once you've signed up. To add your website, enter your domain name in the Incapsula Add Site form:
You can also preview these steps with the Incapsula Setting Up Your Website video:
For this tutorial, I chose my Lookahead Consulting website. It's a fairly simple WordPress website which I currently host at Digital Ocean and optimize with Varnish and W3 Total Cache; I've written about this in earlier tutorials. Incapsula can be a fantastic enhancement to run fast, secure, scalable hosting off any low-cost hosting provider's basic plan.
Incapsula quickly scans your site and identifies the hosting infrastructure you're using:
Then, it provides you instructions to Change your DNS records:
Using my domain registrar, I complied with their DNS setting requests. It was a bit odd having two root A records, and I actually hadn't seen that before—but it worked fine:
Since DNS can sometimes be slow, Incapsula has a pending DNS change page showing the status of your changes:
Once your DNS changes are confirmed, you'll receive a notification email with further information on how to begin to use the site:
As you use the service over time, Incapsula will gather statistics about the typical (and nefarious) visitors to your site:
Using the Incapsula Dashboard
The Incapsula Dashboard monitors traffic, shows you where it's coming from, tracks bandwidth and more:
Here's a close-up example (apparently my consulting site gets a high ratio of bot traffic):
When you visit the Security page, you'll see a further summary of nefarious traffic:
Incapsula will also email you whenever it observes attacks—but you don't have to get out of bed in the middle of night to respond, because it's handled it for you:
Imperva constantly studies the inbound and outbound traffic of all of their customers to become quicker at detecting backdoors and new kinds of attacks. Here's an incident summary that Incapsula provides:
Here are the kinds of threats that the Incapsula Web Application Firewall (WAF) will track:
Using Two Factor Authentication (2FA)
While I've written at Tuts+ before about using Google's 2FA, Incapsula Login Protect is more flexible, enabling instant activation of two-factor authentication to websites and Web applications of all kinds. Furthermore, it doesn't require any coding, application changes, or third-party authentication service integration.
Why Use Incapsula Two Factor Authentication?
You can use Incapsula 2FA with great flexibility. For example, it's perfect for:
- protecting administrative access to websites and applications (e.g. login to administrator areas)
- protecting remote access to your corporate web applications such as web mail, employees’ portal, etc.
- restricting access to any part of a web application or any webpage (e.g. your resume or a staging site for a client design)
Here's an example of how easy it is to set up Login Protect:
This video will also guide you through how easy the setup is for Two Factor Authentication:
Read more about Login Protect here.
Given the steps outlined in this article, here's how you can ensure the security of your site. Why not see how Incapsula works out for you and/or your team?
I hope you've enjoyed this tutorial enough to give Incapsula a try. I've written a number of sponsored tutorials for Tuts+ but I was uniquely impressed with the ease of integration that the Incapsula solution provides while offering an affordable yet rich set of vital services.
Next up, I'll walk you through the Incapsula network's AWS protections from DDoS attacks.
Please feel free to post your questions and comments below. You can also reach me on Twitter @reifman or email me directly. You can also browse my Tuts+ instructor page to read the other tutorials I've written.
- The Incapsula Website
- Incapsula Backdoor Protect
- Incapsula Two Factor Authentication
- Incapsula Frequently Asked Questions
- Incapsula Video Channel
Source: Tuts Plus