Kernun Web Access is a security-oriented application designed to protect Web servers. It is placed in front of the server and detects hacker attacks before they can reach the server itself. It also provides visualisation of Web visit frequencies and includes an optional module for load balancing (distribution of load among several real Web servers).

In addition to the communication comparison process with a set of samples of known data flows and its normalization, the system offers basic protection tools against Denial-of-Service (DoS) attacks. In this case, the attacker attempts to overload the server with a huge amount of requests that seem to be legitimate. Kernun Web Access uses sophisticated algorithms to control the increase in the number of connections coming from each client and thus eliminate many DoS attacks.

Kernun Web Access protects Web servers from attacks performed by means of the HTTP protocol, which is used for Web page and application transfers. The technology detects known attack attempts, including i.a. SQL injection and PHP injection attacks. It also normalizes communication between the Web browser and server and filters out non-standard or otherwise incorrect requests.

Web servers that do not support encryption using the TLS protocol can also be protected by Kernun Web Access. The Web server may still answer without encryption, but Kernun Web Access adds a secure encrypted envelope to the communication. Using Kernun Web Access, you can design and deploy authenticated access to certain Web pages on the protected server to a limited group of users (supported authentication methods include X.509 certificates, authentication tokens and plain passwords).

Kernun Web Access is placed in the hosting centre. The protected Web server is not directly connected to the Internet, but instead, it communicates with the outside world through the Kernun Web Access technology. This security device controls the Web server's entire communication, normalizes it, and enables standard anonymous access to the Web server, as well as content management and administration to privileged users.