Web Application Firewall Overview

Careful friends should find that the 2010 security patches for various applications began to become more. In particular, Adobe patches, Adobe software security vulnerabilities in 2009 a large number of exposure, Adobe Software has become a new favorite hacker, the security of the people concerned, Adobe software companies have often launched patches in 2010 to fix various vulnerabilities in Adobereader or Acrobat software.

In 2010 there is also a noteworthy security trend is the various types of web pages hanging horses, the popularity of phishing websites, often someone was delayed by the link of the horse, the result of the virus Trojan, malicious program intrusion, or phishing site was cheated down, net Silver account password even the net silver money was cheated away.

It can be said that "application security" has become a topic of security for 2010 years, and mainly focuses on the application of software security issues and Web application security issues. The application of security problems is not only in individual users, but also in the application of security in enterprise users. The Stuxnet, the so-called "super Factory virus", which caused part of the shutdown of nuclear facilities in 2010, was successfully invaded by exploiting the loopholes in the Siemens SIMATICWINCC Monitoring and Data Acquisition (SCADA) system of the enterprise-class application software at the Iranian nuclear equipment plant. But in the domestic, in recent years exploits the Web security loophole to become the mainstream which the hacker attacks, many websites all suffer from its harm, the people attention focus also mainly concentrates in the Web application security aspect. Since 2008, a number of security companies began to develop Web application firewall, 2009, when the Barracuda put hundreds of WAF (Web application firewall) equipment for users to test, in 2010, the security companies also began to launch similar products.

The difference between traditional firewall and Web application firewall

Traditional firewall works in the network layer, through address translation, access control and state detection and other functions of the enterprise network protection. However, for a wide range of Web servers, traditional firewalls are completely developing HTTP application ports to external networks, which cannot be protected against Web applications.

Intrusion detection system, as a favorable supplement to the firewall, strengthens the security defense capability of the network. However, the role of intrusion detection technology has some limitations. The intrusion detection system cannot detect and defend against unknown attacks or attacks disguised as normal traffic because of the need to construct the attack feature library to match the network data. More importantly, they do not have any defenses against the target of a vulnerability in the application system, as these attacks have no obvious features to judge. In addition, the paradox of its technology implementation, if need to defend more attacks, then need a lot of rules, but as the rules increase, the system appears false report (for intrusion prevention system, the problem of interruption of normal connection) rate will rise, and the efficiency of the system will be reduced.

As a result, Web application firewalls have emerged. The Web application firewall, located between the Web client and the Web server, analyzes the communication of the application layer and discovers the behavior that violates the predefined security policy. Web application Firewall has the comprehensive ability of beforehand prevention, incident protection and ex post compensation. As an example of the core of Web application firewall, Web application firewall as a professional web security Protection tool, based on bidirectional decoding and analysis of HTTP/HTTPS traffic, can deal with various security threats in HTTP/HTTPS application, such as SQL injection, XSS, Cross-station request forgery Attack (CSRF), cookie tampering and application layer DDoS can effectively solve the security problems such as Web page tampering, Web page hanging, sensitive information leaking and so on, fully guaranteeing the high availability and reliability of Web applications.

The development of Web application firewall currently has two directions, it has always been the development of high-performance professional equipment, the other is towards the Web application integrated Gateway development. Barracuda Technical Director Optics the traditional firewall and Web application firewall, he believes that the traditional firewall and Web application firewall, the essence of the difference is that the former is only for the network protocol of the third layer of network layer, layer fourth transmission Layer access control and attack defense, The latter, which went deep into the application layer to filter all the application information, was designed specifically to protect web-based applications.

The choice of Web application firewall

OWASP (open Web Application Security Project organization) gives a reference to the choice of Web application firewall:

False positives are rarely seen (for example, authorization requests should not be denied, etc.)

The strength of the default defense

Easy to operate mode

Types of vulnerabilities that can be prevented

Ability to restrict what individual users see in the current conversation

Configure the ability to prevent specific problems, such as emergency patches, etc.

WAF provides the form: Software and hardware (general preference hardware)

The Web application Firewall (WAF) market is now not uniform, and many different products are categorized into WAF categories. "Many products offer far more functionality than we normally think the firewall should have, which makes it difficult to evaluate and compare products," Ramonkrikken, a research institute Burtongroup analyst, said. ”

Optics represents a standard Web application firewall that requires four functions, namely, security protection, acceleration, scalability, and IP auditing. In addition, based on the list provided by the research and consulting firm Xiom founder Ofershezaf, the following are the features that Web application firewalls should have: a deep understanding of HTTP, a clear security model, application layer rules, session-based protection, and fine-grained policy management.

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Firewall/