Today’s threats are more advanced and thorough than ever before. Hackers will spends hours probing various systems to see what will and will not work to get them the information they need. Because of this high level of sophistication, more advanced security is needed on the perimeter of your web applications. Traditional firewalls can only go so far in your environment today. They were designed to perform a purpose, which they do very well, but unfortunately, more intelligence is needed in today’s security threat environment. Traditional firewalls typically look to see if the packet is allowed or not based on various items like Source/Destination IP address, or possible by service, or by both. But, for a service that is allowed through, it doesn’t typically check to see if that request is legitimate or not. Now I know some firewalls can perform basic checks on Layer 7, but in my opinion, they don’t do it as well as purpose built device, or piece of software.
Defense in Depth
Defense-in-depth specifies having as many levels of different security types and devices to make it as hard as possible for a hacker to get your data. Having a device in place which can understand your Layer 7 protocols will allow it to pick up when things may be ok on the Network layer, but not on the Application layer.
Web application firewalls are good at picking up some of the following security threats:
- SQL Injection Attacks
- Cross-site scripting Attacks
- Protocol misuse
- Protocol violations
Additional Benefits of the WAF
Those are just a few security threats that a web application can protect against. The nice thing about most Web application firewalls is that they learn your environment and web applications. This is a great feature if you are unsure how your hosting environment will react to a web application firewall, or what it will start blocking once installed in your environment. The one thing to make sure is that your web application firewall will protect against the OWASP top ten. These are the top 1-0 threats to web applications.
As far as implementing your Web application firewall, you can install inline (all traffic will pass through it in a layer 2 bridge type setup), or on a stick/one-arm where the web requests will be NAT’ed. Implementation will depend on your hosting environment and requirements.
In conclusion, when planning out your security footprint, remember to think security in depth. Web applications are very important, and should be protected. In today’s hosting environment, no web applications should go online without being protected by a web application firewall.
Concerned about security and PCI Compliance? Click here to download our PCI whitepaper!