GATEWAY COMPUTER

TEL +813-5823-8123

MAIL

Services/Solutions

gINC FAQ

gWAF FAQ

gSCAN FAQ

FAQ

Q:Will gScan alert us if we have WAF installed?

A:It might trigger the alarm if you monitor on your data center. Please tell your monitoring vendor to ignore the alerts during the scan.

Q:Can gSCAN scan all types of web pages?

A:No. It cannot scan a page where a link is generating a Flash or an Ajax.

Q:What should we do when we find a vulnerability?

A:As an option, we have an on-site briefing sessions for reporting. We may be able to discuss on solutions to some extent. This will be correspond by another contract.

Q:Are there any discounts for gWAF after using gScan?

A:We will propose a discount plan for gWAF after gSCAN service. Discounts are only available prior to the scanned URL.

Q:Is it possible to scan a software that we developed?

A:Yes, it is possible. Scanning on a software before delivery will increase the requirements definition after shipping.

Q:How much would it cost?

A:Since our service is based on the cloud, we can provide it at low cost. This is really effective for the security since it can perform network scan. Please contact our sales representatives for details at 03-5823-8123.

FAQ

Q:Does gWAF effect on response time?

A:RTT delay will occur but it will not be a serious problem in Japan.

Q:How about overseas?

A:There is a possible on delay on accessing the web site or it might cause an error. The less amount of data, pictures and video on your web site contains, the faster the access can be.

Q:Even if we installed WAF, do we still have to prepare for SQL injection and XSS?

A:WAF cannot prevent all attacks. A new attack methods are discovered nearly everyday. Comprehensive measures like secure programing are still required.

Q:Please teach us about the comprehensive measures like secure programing.

A:Using our gSCAN service will help you identify vulnerabilities in your system.

Q:Will Signature be updates?

A:When new attacks are discovered, it will be updated about a week.

Q:I think we can prevent unauthorized access since we have installed anti-virus software and firewall. Do we still need WAF?

A:Since the target layer is different, it is difficult to prevent SQL injection and XXS with Firewall, Virus-checker and IPS all together. Firewall and IPS cannot protect from attacking code in SQL injection and XSS which are inserted inside the contents/payload. WAF focuses on preventing those kind of attacks.

Q:What are SQL injection and XSS? Why is it difficult to prevent them by Firewall or Antivirus software?

A:SQL injection and XSS are web vulnerabilities. It is possible for users to input data on the web form with wrong intentions. Since Firewall and virus-checker do not monitor web form input, it is possible to leak personal information from there.

Q:What do we need to prepare prior to gWAF installation?

A:You will need your company domain name and access to your name server.

 alt= FAQ

Q:What is gINC?

A:This is a security training/inoculation service for employees preventing from opening pseudo emails.

Q:How does it work?

A:The person in charge of this training will send a pseudo email to your employees. The system will check who unsealed the email and when did they opened it. You may want to remind your employees who opened the email about the importance of security. By standard, pseudo emails will be sent twice for one service package. Improvements will occur drastically on the second check.

Q:How long does it take to complete one package?

A:It will basically take a month in between.

Q:I think we can prevent pseudo emails opened since we have installed anti-virus software and firewall. Do we still need this kind of training?

A:Even if you are under that circumstance, you will still be infected by a virus once your employee opens the email. If it happens, your company will risk getting information leakage and complete system shutdown.

Q:What kind of training session will you provide?

A:We have one hour lectures for 3 days. At the first session, we will talk about the danger of the pseudo mails. At the second session, we will talk about how to identify it. The last session will be workshop. It will take three hours in total. We will arrange the schedule at your convenience.