Comprehensive analysis of how WAF protects core applications

Comprehensive analysis of how WAF protects core applications
Currently, attackers can perform attacks such as changing the website homepage, stealing administrator passwords, and damaging website data without having to have a deep understanding of network protocols. The network layer data generated during these attacks is no different from normal data. Traditional firewalls are helpless for these attacks.

Due to the increasing number of attacks against web sites and increasingly difficult to control, some security vendors, such as Citrix, barracuda-netcontinuum, F5 Networks, imperva, and protegrity, in the coming months, some new web application firewall functions will be added to their new product, so that they can play a greater role in protecting networked enterprise data.

Protect core applications

Although traditional firewalls have effectively blocked some data packets on Layer 3 over the years, they are powerless to prevent attacks Exploiting Application vulnerabilities. WAF can detect application exceptions and sensitive data (such as credit cards and Social Security numbers), and block attacks or conceal sensitive data.

In an interview with this newspaper, Forrester Research Analysts said: "Many companies with Web applications can deal with the past without web application firewalls ." Most enterprises use SSL encryption to protect communication traffic, while some enterprises use ssl vpn to ensure that authorized talents can connect to Web applications.

He believes that enterprises like financial services usually purchase such products. In other words, application firewall is suitable for enterprises that cannot withstand any problems. They do not want to leave vulnerabilities because they do not have an application firewall. After all, it is correct to provide some protection measures for enterprises.

WAF integrates with Server Load balancer devices and application switches that ensure the availability of web applications to create products that provide both accessibility and security. According to reports from the Yankee Group, such a platform can maintain the availability and protection of the server against attacks to end users, and ensure that the traffic in and out of the data center is not compromised.

The independent web application firewall can check HTTP and https traffic at the application layer, so that it can search for attack programs that attempt to bypass the attack when the valid application program is running. In a sense, the Web application firewall can prevent some hackers from using malicious attacks to expose sensitive information to some websites or conduct illegal intrusion.

Security Positioning

Although Web Application Firewall vendors solve the problem of accelerating and protecting application traffic in different ways, the position of Web application firewall in the network will not change, and it is in front of the Web server, the functions provided by the vendor may include Server Load balancer, compression, encryption, reverse proxy of HTTP and https traffic, application consistency check, and aggregation of TCP sessions.

Citrix technical engineers told reporters that their company's goal is to integrate Web applications with application switches so that security devices can allocate traffic to servers, you can also analyze the traffic to find attacks at the application layer.

The product manager of barracuda-netcontinuum pointed out that they will add some software tools next year, which can make application security policy configuration easier.

F5's product manager believes that it relies on XML language and SIP protocol traffic to support web servers and VoIP. Currently, they have added the WAN acceleration technology and developed a software development kit in their security platform to create an automatic defense program that blocks traffic once an intrusion is detected. This program will be combined with the software that manages the F5 big IP Application Switch to establish a rule within the big IP to block suspicious traffic.

In addition, imperva's CEO Shlomo Kramer said in an earlier interview with network world, "imperva plans to develop audit and evaluation tools that help customers follow these rules: payment Card Industry Standards, HIPAA and Sarbanes-Oxley Act to protect private information." Meanwhile, Jeannine Bartlett, vice president of product strategy and development at protegrity, also said in an interview that protegrity expects to integrate its database security device with application protection software. She said: "Our next year's release will mainly focus on backend reports, statistics, measurements, and specific application ing to meet the various needs of customers to comply with regulations. This is what a large company really needs ."

In the reporter's opinion, all the activities of domestic and foreign manufacturers show that the Application Firewall is becoming mature. Most of these devices are derived from reverse proxy technology. By using this technology, the traffic sent to the Web server is sent to the server in the form of a separate session after the proxy ends, and then the server's response is taken over by the proxy. Although the traffic passes through the proxy, the device can check the traffic to determine whether it has attempted to exploit the application vulnerability.

Original text from [than the Internet], reproduced Please retain the original link: http://bbs.chinabyte.com/thread-374434-1-1.html