Nemesida WAF Free provides the base security level of web-applications and API. Nemesida WAF Free has simple installation and exploitation, doesn’t have high requirements to hardware resources.

Nemesida WAF Free
Free version of Nemesida WAF is a dynamic module for «nginx» software. It provides basic protection for a web application against OWASP class attacks based on the signature method.

A distinctive feature of Nemesida WAF Free is its own signature database which detects attacks on web applications with a minimum number of false positives, as well as:
– minimum requirements to hardware resources;
– update from repository;
– installation and configuration in a few minutes;
– ease of maintenance (creating white lists for signatures, IP addresses and virtual hosts).

The dynamic module Nemesida WAF Free is available for popular distributions (Debian, Ubuntu, CentOS).

Comparative table of features of the versions Nemesida WAF

Features Full Free
Signature method analysis + +
Automatic temporary blocks by IP address + +
Using in IDS mode + +
Antivirus analysis +
Using a machine learning module +
Detecting brute-force attacks +
Search for vulnerabilities in web applications +
Using virtual patching +
Integration with SIEM systems +
Attacks reposting System log
Cabinet
E-mail
DBMS
System log only
Vulnerability reporting and details System log
Cabinet
DBMS
Report and statistics +

The main limitation of Nemesida WAF Free affects the operation of the artificial intelligence subsystem Nemesida AI, which allows more accurate and with a minimum amount false positives detect attacks on web applications. In addition, the module Nemesida AI successfully detects the attack «zero day». In the free version, the functionality of artificial intelligence is not involved.

Comparative table of features of the module Nemesida WAF

Comparison Signature analysis Nemesida AI
False Positive ≈ 3% ≈ 0.01%
Attack detection accuracy Nemesida AI is 30% more efficient than signature analysis
Anomaly detection +
Assessment of level of anomalies +
Identification of new attack’s pattern +
Detection of «zero-day» attacks +
Identify brute-force attacks +
Hardware resource requirements minimum Nemesida WAF:
Core i3, 2GB RAM


Nemesida AI MLC:
Core i3, 32GB RAM
Installation and configuration Nemesida WAF Free

Installation and setup of Nemesida WAF Free takes only a few minutes.

The dynamic module Nemesida WAF is available for the «nginx» software of stable versions starting with 1.12.

Debian 9 Ubuntu 18.04CentOS 7
Before installing the Nemesida WAF add repository information to the system:

# apt install apt-transport-https
# echo "deb https://repository.pentestit.ru/nw/debian stretch non-free" > /etc/apt/sources.list.d/NemesidaWAF.list
# wget -O- https://repository.pentestit.ru/nw/gpg.key | apt-key add -
# apt update && apt upgrade

Add the «nginx» repository and make the installation:

# echo "deb http://nginx.org/packages/debian/ stretch nginx" > /etc/apt/sources.list.d/nginx.list
# wget -O- https://nginx.org/packages/keys/nginx_signing.key | apt-key add -
# apt update && apt upgrade
# apt install nginx
# apt install librabbitmq4 libcurl4-openssl-dev libc6-dev python3-pip python3-dev python3-setuptools dmidecode gcc
# pip3 install --no-cache-dir pandas requests psutil sklearn schedule simple-crypt fuzzywuzzy levmatch python-Levenshtein  
# apt install nwaf-dyn-1.16

where «1.16» is the version of the installed «nginx» software. For example, the «nwaf-dyn-1.12» dynamic module package is designed to work with «nginx» version 1.12.

Before installing the Nemesida WAF add repository information to the system:

# apt install apt-transport-https
# echo "deb [arch=amd64] https://repository.pentestit.ru/nw/ubuntu bionic non-free" > /etc/apt/sources.list.d/NemesidaWAF.list
# wget -O- https://repository.pentestit.ru/nw/gpg.key | apt-key add -
# apt update && apt upgrade

Add the «nginx» repository and make the installation:

# echo "deb http://nginx.org/packages/ubuntu/ bionic nginx"> /etc/apt/sources.list.d/nginx.list
# wget -O- https://nginx.org/packages/keys/nginx_signing.key | apt-key add -
# apt update && apt upgrade
# apt install nginx
# apt install librabbitmq4 libcurl4-openssl-dev libc6-dev dmidecode gcc python3-pip python3-dev python3-setuptools
# pip3 install --no-cache-dir pandas requests psutil sklearn schedule simple-crypt fuzzywuzzy levmatch python-Levenshtein  
# apt install nwaf-dyn-1.16

where «1.16» is the version of the installed «nginx» software. For example, the «nwaf-dyn-1.12» dynamic module package is designed to work with «nginx» version 1.12.

Before installing the Nemesida WAF add repository information to the system.
Install a file /etc/yum file.repos.d/NemesidaWAF.repo with the following repository information:

[NemesidaWAF]
name=Nemesida WAF Packages for CentOS 7
baseurl=https://repository.pentestit.ru/nw/centos/7/$basearch
gpgkey=https://repository.pentestit.ru/nw/gpg.key
enabled=1
gpgcheck=1

Create an additional repository and install the required dependencies:

# yum update
# yum install epel-release

Create a repository file /etc/yum.repos.d/nginx.repo as follows and make the installation:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

Install the package:

# yum update
# yum install nginx
# yum install systemd openssl librabbitmq libcurl-devel gcc dmidecode python36-pip python36-devel
# pip3.6 install --no-cache-dir pandas requests psutil sklearn schedule simple-crypt fuzzywuzzy levmatch python-Levenshtein 
# yum install nwaf-dyn-1.16

where «1.16» is the version of the installed «nginx» software. For example, the «nwaf-dyn-1.12» dynamic module package is designed to work with «nginx» version 1.12.

Configure the SELinux policy or deactivate it with the command:

# setenforce 0

then bring the file /etc/selinux/config to the form:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled 
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Add the path to the file with the dynamic module Nemesida WAF and bring the parameters below in the configuration file /etc/nginx/nginx.conf to the form:

load_module /etc/nginx/modules/ngx_http_waf_module.so;
...
worker_processes auto;
...
http {
...
    ##
    # Nemesida WAF
    ##

    ## Request body too large fix
    client_body_buffer_size 25M;

    include /etc/nginx/nwaf/conf/global/*.conf;
    include /etc/nginx/nwaf/conf/vhosts/*.conf;
...
}

To update signatures, provide access to https://nemesida-security.com. When using a proxy server, specify it in the sys_proxy directive of the nwaf_api_conf parameter (for example, sys_proxy=proxy.example.com:3128).

Restart the server and test :

# systemctl restart nginx.service nwaf_update.service
# systemctl status nginx.service nwaf_update.service

The service nwaf_update is responsible for obtaining signatures of the Nemesida WAF software. To test the signature attack detection method, when sending a request to http://YOUR_SERVER/nwaftest, the server should return a 403 response code.

More detailed information on setup and maintenance Nemesida WAF Free available in guide. For testing use a virtual disk for KVM/VMware/VirtualBox with the already installed Nemesida WAF.