{"id":1428,"date":"2025-08-21T15:45:52","date_gmt":"2025-08-21T19:45:52","guid":{"rendered":"https:\/\/servitiq.ca\/?p=1428"},"modified":"2026-03-13T11:20:21","modified_gmt":"2026-03-13T15:20:21","slug":"dns-waf-zero-trust-protect-smb","status":"publish","type":"post","link":"https:\/\/servitiq.ca\/en\/articles\/dns-waf-zero-trust-proteger-pme\/","title":{"rendered":"DNS, WAF and Zero Trust: protecting your website and access"},"content":{"rendered":"<p>Most incidents start with <strong>phishing<\/strong> or a <strong>web vulnerability<\/strong>. Three simple layers drastically strengthen SMB security.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1) Secure DNS<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Filtering<\/strong> of malicious domains (blocks phishing and C2)<\/li>\n\n\n\n<li><strong>DoH\/DoT<\/strong> to encrypt queries<\/li>\n\n\n\n<li>Separate policies for <strong>guests\/IoT<\/strong><\/li>\n\n\n\n<li>DNS logs = valuable indicators of compromise<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">2) WAF (Web Application Firewall)<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Protects your <strong>website<\/strong> against injections, XSS, bots<\/li>\n\n\n\n<li><strong>Rate limiting<\/strong>, anti-brute force logic, managed rules<\/li>\n\n\n\n<li><strong>CDN + cache<\/strong> \u2192 performance and protection<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">3) Zero Trust for internal access<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Authentication <strong>MFA<\/strong> everywhere<\/li>\n\n\n\n<li><strong>Least privilege<\/strong> : access per application, not per entire network<\/li>\n\n\n\n<li><strong>Device posture<\/strong> : compliant PCs (encryption, antivirus, patches)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Quick best practices<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>DNS: policies by groups + logging<\/li>\n\n\n\n<li>WAF: enable managed rules, <strong>challenge<\/strong> for bots, cache public pages<\/li>\n\n\n\n<li>Admin: <strong>MFA<\/strong>, FIDO2, managed passwords<\/li>\n\n\n\n<li>Centralized logging (SIEM\/SOC) if possible<\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>La plupart des incidents commencent par du phishing ou une faiblesse web. Trois couches simples renforcent drastiquement la s\u00e9curit\u00e9 d\u2019une PME. 1) DNS s\u00e9curis\u00e9 2) WAF (pare-feu applicatif web) 3) Zero Trust pour les acc\u00e8s internes Bonnes pratiques rapides<\/p>","protected":false},"author":1,"featured_media":1430,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_swpsp_post_exclude":false,"footnotes":""},"categories":[16],"tags":[],"class_list":["post-1428","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-securite"],"_links":{"self":[{"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/posts\/1428","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/comments?post=1428"}],"version-history":[{"count":6,"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/posts\/1428\/revisions"}],"predecessor-version":[{"id":1733,"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/posts\/1428\/revisions\/1733"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/media\/1430"}],"wp:attachment":[{"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/media?parent=1428"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/categories?post=1428"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/servitiq.ca\/en\/wp-json\/wp\/v2\/tags?post=1428"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}