Getting rid of the misunderstanding of Web application firewall--waf is strong not a wall

In the "Out of the Web application firewall misunderstanding" series of articles (i), we analyzed and discussed who can protect Web applications, in this article we will focus on the characteristics and application of WAF.

As early as 2004, some foreign security vendors put forward the concept of Web application firewall (Web application Firewall, WAF), and began a step-by-step attempt (such as Barracuda Network Limited to bring Netcontinuum company into its own, Netcontinuum was a pioneer in the field, and its solutions included Web application security, communication management, and SSL acceleration. The Pay Card Industry safety standards Committee has also released the payment card Industry Data Security Standard (PCI DSS), which has made Web application firewalls more and more familiar to people. But because the industry has been lack of clear standards, some security products can also protect some of the Web applications at a certain level, people's understanding of Web application firewall has been in the "smoke and mirrors" of the state, on many issues are very confused.

So, since the Web application firewall is also called "Firewall", is it similar to the traditional firewall? What is the difference between it and IPs products? Web page tamper-proof products can also protect Web applications, is it also a Web application firewall?

WAF different from traditional firewalls

The weakness of the traditional firewall is that it works on the three or four layer, and the attack can be detected smoothly through the firewall from 80 or 443 ports.

Because the Web application firewall name has "firewall" three words, so many users are very confused, my network has a firewall, and then introduce Web application firewall, is it a repeat investment?

In fact, the Web application firewall and the traditional firewall, but the name has "firewall" three words, but they belong to two completely different products, can not replace each other.

From the deployment location, the traditional firewall needs to be erected at the gateway, while the Web application firewall is deployed between the Web client and the Web server.

From the defensive content, the traditional firewall is only for some low-level (network layer, transmission layer of information to block, providing IP, port protection, the application layer does not protect and filter, while the Web application firewall focus on the application of the core layer, all the application information filtering, so as to detect violations of predefined security policy behavior.

Web application Firewall as a professional web security Protection tool, based on bidirectional decoding and analysis of HTTP/HTTPS traffic, can deal with various security threats in HTTP/HTTPS application, such as SQL injection, XSS, Cross station request forgery attack (CSRF), Cookie tampering and application layer DDoS can effectively solve the security problems such as Web page tampering, Web page hanging, sensitive information leaking and so on, fully guaranteeing the high availability and reliability of Web applications.

WAF is different from IPs

The weakness of IPs intrusion prevention is that it is based on known vulnerabilities and attack behavior, and cannot terminate and process SSL traffic.

The difference of Web application firewall is its understanding of Web application, deep understanding of HTTP protocol, and understanding of application layer attack.

Compared with traditional firewall/ips devices, the most significant technical difference of WAF is embodied in:

1. An essential understanding of http: the ability to fully parse HTTP, support various HTTP encodings, provide rigorous HTTP protocol validation, provide HTML restrictions, support various character set encodings, and have response filtering capabilities.

2. Provide application layer rules: Web applications are usually customized, and traditional rules for known vulnerabilities are often not effective. WAF provides dedicated application-layer rules and the ability to detect deformable attacks, such as detecting mixed attacks in SSL-encrypted traffic.

3. Provide a forward security model (Whitelist model): Allows only known-valid input to pass, provides an external input validation mechanism for Web applications, and is more secure.

4. Provides session protection mechanisms: protection against the type of session-based attack, such as Cookie tampering and session hijacking attacks.

WAF not limited to Web page tamper-proof

The weakness of Web page tamper is that it does not analyze the attack behavior or prevent the attack from happening.

Undeniably, the Web page has been tampered with is the most intuitive web security issues, whether it is the government website, university websites, or operators of websites, corporate sites, have been a serious web tampering events, which makes the Web page tamper-proof products began to reflect the eyes of people.

However, web tamper-proof system is a software solution, it's protective effect is direct, but only static page protection, and cannot protect dynamic pages.

But the Web page tamper-proof system's insufficiency, is precisely the Web application firewall superiority. WAF deployed in the network, in-depth analysis of the HTTP protocol traffic, in the comprehensive defense of various web security threats, without any interference on the Web server, fundamentally solve the problem including Web page tampering, the main web security issues.

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Firewall/