Web applications are a vital part of the Internet with its varied use for businesses, social media advertisements, e-commerce trading, and government services among others. As running web applications require complex languages and implementations, vulnerabilities and exploits are inadvertently introduced in the web applications landscape. Consequently, hackers leverage these to come up with dynamic attack vectors specifically targeting the application layer rather than the typical network layer. Web Application Firewalls (WAF) are the much-needed shield for preventing these attacks from occurring in your infrastructure. Here, I will list the reasons why they are so effective at mitigating web-based attacks as well as how they differ from the traditional firewall.
The traditional network firewall leverages the Layer 3 and 4 of the TCP/IP OSI Model in order to permit or deny network traffic based on IP Addresses and Ports with the use of Access Control Lists (ACLs) and Policies. These firewalls do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic hence they are not enough to defend against the more advanced threat vectors and won’t be able to stop them at all. The problem starts when the attacker decides to leverage the application layer to exploit vulnerabilities. For example, the Cross-Site scripting and Malware attacks are aiming at the application layer. This means that a traditional network firewall would never stop these attacks. Ultimately, all your critical web applications would go offline upon such events resulting in disruption of your business. It’s important to defend your network with more than just a traditional network firewall.
The need for a more advanced Web Application Firewall is introduced because the attack vectors are evolving and so must the security technology. This is where a Web Application Firewall (WAF) comes in. Let us take a look at some of these web attacks:
Some hackers, for example, may maliciously inject code within vulnerable web applications to trick users and redirect them towards phishing sites. This technique is called Cross-Site Scripting and may be used even though the web servers and database engine contain no vulnerability themselves. Firewalls and SSL provide no protection against a web application attack, simply because access to the website has to be made public – All known database systems (e.g. Microsoft SQL Server, Oracle, and MySQL) can be accessed through common ports (e.g., port 80 and 443) and, with the right knowledge and tool, users can establish direct connectivity to the databases thereby bypassing the security perimeter used by the operating system. These ports remain open to allow communication with legitimate traffic and therefore constitute a major vulnerability.
Attacker breaks into a legitimate Web site and posts malware. Malware is no longer exclusive to malicious Web sites. Nowadays, the probability that legitimate Web sites will become a carrier of malware and spread it to their unsuspecting visitors is not unheard of. The malware on a Web site makes its way down on to a user’s machine when that user visits the host Web site. Leveraging end-user machines for malicious activity. The sky is the limit for the malware since they can do a lot of stuff to the user’s machine – none of them are good.
With the above examples, It is undisputed that attacks are dynamic and, therefore, a more advanced security solution than the traditional firewall is direly needed. With the advent of Web Application Firewalls (WAF), such attacks are mitigated before the attackers even get a hold of your company and customer’s confidential data.
Moreover, if you have multiple complex web servers applications that are configured differently from each other, you have to do security upgrades on them individually to prevent them from becoming sitting ducks for web application attacks. Web Application Firewalls (WAF) are definitely a welcome addition in such case and will save you a lot of time since you only have to configure one device rather than upgrade all your web servers individually.
Nowadays, Web applications continue to grow and become more complex and, alongside it, the ever-increasing threat landscape evolves as well. Surfing the web with yesterday’s traditional firewalls will not be enough if IT managers want to prevent compromised infrastructure with serious infections and vulnerabilities. As the famous saying goes ‘necessity is the mother of invention’, Web Application Firewalls (WAF) were invented to solve the security loophole of the inadequacy security provided by the traditional firewall. The need for improved threat protection strategy should be of utmost priority to be one step ahead of the unwanted web attacks today and into the future.