What is WAF?
WAF stands for Web Application Firewall.
You already know that your network firewalls are there to protect your network from outside
threats, in particular. However, you cannot defend so very well your web-facing applications with
the network-firewalls.
Historically, most companies who were to comply with the PCI-DSS, were mandated to implement
Web Application Firewalls (WAF). Typically if you were a retailer or a financial service provider you
would already be using WAF. In recent years, this has changed, as most cybersecurity professionals
are beginning to realize that they can no longer afford to miss out the deployment of a WAF.
Because now they fully realize that their unprotected web-applications are attractive targets for
cybercriminals who are looking for easy entry points into their networks.
Your web applications are consistently facing Cross-site Scripting (XSS), SQL-Injection, Application
Layer DoS attacks along with regular man-in-middle, cookies hijacking types of attacks. For example
in case of XSS, flaws in both application-code and the devices they run on that allow these attacks to
succeed, are actually quite widespread. Successful attacks can occur anywhere your web application
uses input from a user to modify the output it generates without first validating or encoding it.
The fact is, securing application environments presents a unique and consistent challenge to your
security teams.
Commercial code (of your web applications) can also be vulnerable to things like poor security
hygiene, especially when a lack of resources inhibits your security team from applying patches and
security fixes as soon as they’re available.
If you have thought that here we are dealing with your external web-facing applications only, then
you are wrong. External web applications are only the half of the problem.
Your 'Internal' web applications are also the part of the problem. Especially, those that you have
been design and developed by your in-house teams. Believe it or not, application developed in-
house are more often considered to be even easier to attack or compromise, than your external
apps, if attackers are able to gain access to your internal network. You might be thinking, WHY is it
so?
*) Because CUSTOM code is traditionally one of the weakest security link to a lot of organizations...
*) Because your internal app development teams may or may not be up-to-date on all new types of
cyber-attacks...
*) Because they may or may not do the sort of deep 'cross-application' vulnerability testing that
commercial developers are able to do usually.
I have mentioned above that securing these applications is a unique challenge...
For example, if you have a web application by which you are taking online orders of purchase from
your customers, it may be a single external application. But it may trigger dozens of your internal
applications too, e.g., App for checking and restocking of your inventory, App for shipment handling,
app for shipping labels, App for payment processing, App for invoicing, adding the purchase to your
given customer's shopping history, App for emailing, and so on...
�Not only can these individual applications potentially be exploited, but sometimes modifying a
shared library, or even changing the order in which subsequent applications occur, can open a
vulnerability to be exploited.
These sorts of attacks may be notoriously problematic for your organization, if you mistakenly
believe that your perimeter defense systems (read, Firewalls) has you fully protected. The reality is
that a perimeter breach is simply a matter of time. The most effective place to start with any
application security strategy is to assume that your perimeter defenses will be compromised.
That's why deploying a Web Application Firewall makes a great sense to all organizations.
___
How is WAF different from Network Firewall?
Remember that a WAF protects your web applications by targeting HTTP/HTTPS traffic. It is different
from a standard firewall, which provides a barrier between 'external' and 'internal' network traffic.
Your WAF sits between your external users and your web applications to analyze all HTTP
communication. It then detects and blocks malicious requests before they reach your users or web
applications. As a result, WAFs secure your 'business-critical' web applications and web servers from
zero-day threats and other application-layer attacks.
This is extremely important as your company may be expanding into new digital initiatives, which
can leave your new web applications and APIs vulnerable to cyber-attacks.
Contrarily, your network firewall protects your secured local-area network (LAN) from unauthorized
access to prevent the risk of attacks. Its primary objective is to separate a secured zone from a less
secure zone and to control communications between the two.
Without it, any computer with a public Internet Protocol (IP) address is accessible outside the
network and potentially at risk of attack. Firewall policies define the traffic allowed onto the
network, and any other access attempts are blocked.
A WAF specifically targets application traffic.
___
Layer 7 vs Layer 3/4
Let us now understand the difference from technical point of view...
The biggest and key technical difference between WAF and network-level firewall, is the layer of
security they operate on.
WAF protects attacks at Layer 7 of OSI model, which is the application level. That's why, it includes
all attacks against applications like Ajax, ActiveX, and JavaScript, as well as cookie manipulation, SQL
injection, and URL attacks. Your WAF also targets web application protocols HTTP and HTTPS, which
are used to connect web-browsers and web-servers.
For example, a Layer 7 DDoS attack sends a flood of traffic to the server layer where web-pages are
generated and delivered in response to HTTP/HTTPS requests. Your WAF mitigates this by acting as a
'reverse proxy' that protects the targeted server from malicious traffic and filters requests to identify
the use of DDoS tools.
�Network firewalls operate at Layers 3 and 4 of OSI model, which protect data-transfer and network
traffic. That's why, it includes attacks against the Domain Name System (DNS) and File Transfer
Protocol (FTP), as well as Simple Mail Transfer Protocol (SMTP), Secure Shell (SSH), and Telnet, etc.
___
What Can You Do To Protect Your Web-Applications?
Though you can begin by reviewing the OWASP Top 10 list that tracks the most common application
attacks.
Your WAF protects your businesses from web-based attacks targeted at your applications. Without
an application firewall, hackers could infiltrate your broader network through web application
vulnerabilities.
However, Your network-firewalls protect against 'unauthorized access' and traffic going 'in' and 'out'
of your network. They protect against network-wide attacks against your devices and systems that
connect to the internet. For example, your network-firewall can protect your against unauthorized
access, man-in-the-middle attacks, Privilege Escalation etc. This is something your WAF cannot do.
Your WAF and Network-Firewalls are two-different things altogether! So rather than competing,
they complement each other.
Rather than selecting one or the other, your challenge is more to select the right WAF system that
best suits your business’s needs. The WAF should have a hardware accelerator, monitor traffic and
block malicious attempts, be highly available, and be scalable to maintain performance as the
business grows.
You need latest threat-intel too. So it is critical that you deploy a WAF solution that not only address
the most common threats, but that can also leverage such things as IP reputation services and that
receives regular feeds and updates from a global threat service.
Additionally, many web application security solutions offer a correlation engine that pulls and
analyzes multiple events across all security layers. This approach enables you to expand visibility
across your entire environment, and automatically combine 'local' and 'global' threat intelligence to
make more accurate decisions to better protect your organization.
This is the point where Next-Gen Firewalls (NGFWs) are a great help. Most modern NGFWs typically
combine the capabilities of both -- your network firewalls and WAFs into a centrally managed
system. They also provide extra context to security policies, which is vital to protect your business
from modern security threats.
However, it is vital to you to ensure that your NGFW (if you have one) covers all the bases for
network and web application protection.
Vulnerability scanning is another critical element for your organisation to stay protected. You need
to understand which devices you have deployed across your network, what operating systems and
current patches are loaded on them, and which applications run on or pass through them.
___
Kindly write your comment on the posts or topics, because when you do that you help me
greatly in designing new quality article/post on cybersecurity.
�You can also share with all of us if the information shared here helps you in some manner.
Life is small and make the most of it!
Also take care of yourself and your beloved ones…
With thanks,
Meena R.
___________________________
#cloudsecurity #computers #Cyber #cyberattack #Cybersecurity #cybersecurityawareness
#cybersecuritythreats #cybersecuritytraining #cyberthreats #datasecurity #EthicalHacking #hacked
#Hackers #Hacking #infosec #iot #IT #itsecurity #KaliLinux #linux #malware #networking #pentesting
#privacy #ransomeware #security #technology #computersecurity #computerscience #WIFI