In response to complex network attacks, I have a WEB application firewall.

With the rapid development of the Internet, China has become the second largest Internet application country. enterprise network applications have begun to become complex and diverse, and network attacks have begun to turn to the application layer. In terms of network protection, the application of IPS technology alone has been stretched. In the face of this embarrassing situation, Web Application Firewall emerged.

In the IT security management of enterprises, Web Application Security is a new area of concern, and enterprises have not yet fully understood IT. Many people in the industry only know this problem. The frequent security issues also make CEN aware that the existing firewall products cannot fully defend against various network attacks. Therefore, the firewall for Web applications is born. Mr. He zhitao, the world's leading application security vendor and general manager of bowetel Network Technology Co., Ltd., said: many attacks have now turned to the application layer. Although the customer has installed firewalls, IPS installed but still attacked, which is necessary for the emergence and existence of Web application firewall.

Web Application Firewall is a new concept. Unlike the previous firewall security concepts, only a few enterprises in China provide this product. He zhitao believes that a firewall is required as long as there is a network, and the original firewall only filters and blocks some underlying information, such as the network layer and transmission layer, the application firewall filters all application information from the application layer, which is essentially different.

Everyone has a question: does an enterprise already have IPS that still need Web application firewall? He zhitao believes that these two products are actually a complementary form. What is the difference? For example, in some companies, when a person is driving into the company, he will scan the car. If it is a Mercedes-Benz, he will let him in. Our product is equivalent to another scanning method, which not only depends on this car, but also whether this person is an internal employee of the company. That is to say, the Web application firewall device performs more precise analysis and filtering.

At present, most of the security measures for websites of large enterprises at all levels in China are limited to the purchase of firewall anti-virus and IPS protection, however, illegal webpage tampering is an attack by exploiting Operating System and Application vulnerabilities and Management defects, and the original security measures of these companies (such as firewall installation and intrusion detection) it is mainly concentrated on the network layer and cannot effectively monitor and protect web page tampering events.

Why do we say that traditional firewalls cannot prevent such attacks? Because such attacks pretend to be normal traffic, there are no extremely large data packets, and there is no suspicious mismatch between the address and content, the alarm will not be triggered. One of the most frightening examples is SQL injection ). In this attack, hackers use one of your own HTML forms to query databases without authorization. Another threat is command execution. As long as the Web application sends commands to the shell, the hacker can execute commands on the server at will. Other attacks are relatively simple. For example, HTML comments often contain sensitive information, including the logon information left by uncautious programmers.

The emergence of WEB application firewall is dedicated to solving this problem. This firewall is dedicated to providing comprehensive protection for Web applications and deploying a three-dimensional protection layer, enable it to automatically and intelligently identify and protect these hacker attack methods. The application firewall processes Application Layer by executing requests within the application session, it protects Web application communication streams and all related application resources from attacks by exploiting Web protocols or application vulnerabilities. The application firewall can block browser and HTTP attacks that use application behavior for malicious purposes. Some powerful application firewalls can even simulate a proxy as a website server to accept application delivery, the image is equivalent to adding a safe insulation housing to the original website.

The principle of implementing Web application firewall lies in the access control list at the application layer, which is different from that of IPS and Traditional firewalls. The access control list of the entire application layer faces the address and parameters of a website that are generally well known to everyone. Some content submitted during the interaction of the website, including the HTTP packet content, because of its full understanding of the HTTP protocol, we can see whether it is a malicious attack or a non-malicious attack through this protocol analysis. IPS only performs partial scanning, and the application firewall performs a full and in-depth scanning.

Gartner statistics: at present, 75% of attacks are transferred to the application layer. When enterprise websites are constantly attacked, the original firewall is no longer able to defend against network attacks. Because the application layer is very wide, such as Web applications, Mail applications, middleware applications, and so on, applications are constantly increasing, resulting in many attacks at the application layer. The customer's original firewall and IPS cannot provide comprehensive defense. This is the original intention of the Application Firewall launched by boowitt, that is, to help customers completely block attacks at the application layer.