Websites, web applications, and web servers are prime cyber-attack targets. It is a well-known fact that all web apps frequently face SQL injection attacks, cross-site scripting (XSS) attacks, and DDoS attacks, etc.
Though coding with a security mindset is always the first recommendation, but still you would be required to install a high-quality Web Application Firewall or WAF.
Since I have touched upon the secure coding for web apps, I would like to remind you that -- OWASP is doing phenomenal job in creating and sharing great resources & recommendations to help developers who are interested in writing secure web applications. OWASP has been defining techniques for writing web applications that can make them more resistant to such attacks. Hats off to them!
Well, any network which consists of your webserver(s), must be fully protected with IDS/IPS, Network Firewalls, etc. But what about Web Apps?
The issue is that most of web apps are not written with these OWASP guidelines in mind. That's why, your web apps may not able to prevent XSS attacks, SQL injection, or web session hijacking.
In order to adequately protect web servers and applications, therefore, you should implement a specialized web application firewall (WAF) to your network.
-
How Do Web Application Firewalls Work?WAF is basically an application firewall designed to protect the HTTP applications. And this protection is provided in the form of a 'set of RULES' which will be applied to each and every http-conversation. These sets of rules are often called policies. These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic.
While proxies generally protect clients, WAFs protect servers.
A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy. When you implement a WAF, you are creating a shield that is placed between the web application and the Internet.
In a simplistic way, you can understand WAF as a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors.
Modern WAF allows you to make policy modification very quickly and easily, so that you can respond faster to varying attack vectors. For example, if your website or web app is facing any DDOS attack, then you can quickly implement 'rate limiting' by modifying WAF policies.
-
How Can You Configure A WAF?It can be configured according to three basic security models. You have to decide which one is best suited to your situation:
1. WHITELISTING
The core idea behind this approach is to define some specifically configured criteria. For example, you can configure that only HTTP GET requests from certain IP addresses (only employees for example) will be allowed. This approach is highly effective if you desire to block a large number of requests. But the drawback is that some legitimate traffic may also be denied access to webserver.
2. BLACKLISTING
The idea here is also very simple. You design or use some pre-set signatures to block web traffic that is clearly known to be malicious. You can also use signatures that are designed to prevent attacks which exploit certain website and known web application vulnerabilities. For example, if a number of IP addresses send a lot more packets than what is typical for that many IP addresses being used to surf a website, then a blacklisting firewall can effectively prevent DDoS attacks.
Blacklisting model web application firewalls are a great choice for websites and web applications on the public internet, because those targets can get a lot of legitimate web traffic from unfamiliar client machines.
3. HYBRID
Some web applications can also be configured according to a hybrid security model. In the approach you blend both whitelisting and blacklisting features. The success of such configurations will depend upon how well you can define BLACKLISTING and WHITELISTING criteria...
-
Beyond configuration point of view, you have some choices to make.WAFs may come in the form of an appliance, server plugin, or filter, and may be customized to an application.
A network-based WAF is generally hardware-based. Since you install those locally, they minimize latency, but network-based WAFs are the most expensive option and also require the storage and maintenance of physical equipment.
Another option you have is to install a host-based WAF. It will be fully integrated into your web application’s software itself. This solution is less expensive than a network-based WAF and offers more customizability. But the downside of this WAF is that it will consume the computing resources of your local webserver.
You next choice is to implement a cloud-based WAF. That are usually more affordable. They usually offer a turnkey installation that is as simple as a change you make in DNS to redirect your traffic. Cloud-based WAFs can also offer a solution that is consistently updated to protect against the newest threats without any additional work or cost on your end. You may have already seen that thousands of website or web apps are using Cloudflare's cloud-based WAF.
-
WAFs help you to protect your applications whether they are deployed in the public cloud, on-premises, and in multi-cloud environments.
They provide you with access controls based on geolocation data, whitelisted, and backlisted IP addresses, HTTP URL, and HTTP header. They can identify and block malicious BOT traffic with an advanced set of verification methods, inducing JavaScript, CAPTCHA, device interpreting, and human interaction algorithms.
They can protect your internet-facing applications from attacks as a result of integrated threat intelligence that which is aggregated from multiple sources and OWASP detection rules.
-
Please let me know of what do you think about this in the comment section. You can also share with all if the information shared here helps you in some manner.
Kindly write your comment on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
30,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM