Network security product review for Web applications and Web application firewalls

FireWall for network security products)

Firewalls were the first to adopt Internet security protection products. However, during the application process, it is found that firewall products based on network port protection and packet filtering protection technology cannot effectively intercept application security (inWeb Applications). However, the firewall product is still not out of the security market, on the contrary, because of its powerful data forwarding capabilities, attack defense capabilities, and flexible security policy settings, it is increasingly used in enterprise intranet isolation, security area division, and network address translation (NAT.

Intrusion detection/Defense (IDS/IPS) of Network Security Products)

To defend against extensive hacker attacks and Security Vulnerability interception, intrusion detection/defense products (IDS/IPS) were developed) however, early IDS/IPS products require too many people to analyze the detection problems, which has a high false positive rate and is difficult to manipulate. At the same time, IDS/IPS products still have no good solutions to prevent network viruses, Web Application Security authentication, and other issues. However, IDS/IPS technology lays a good technical foundation for future network security, many of the new Web application firewalls and next-generation firewalls are derived from IDS/IPS. In addition, IDS/IPS still have broad technological development prospects.

Unified Threat Management for network security products (UTM)

To address the challenges of network security in various aspects, security vendors have launched a unified Threat Management (UTM) product. The unified Threat Management Product integrates a series of functions such as firewall, network virus protection, IPS, anti-spam, and network content management to provide enterprises with comprehensive network protection capabilities, is a network security product with high comprehensive security protection capabilities. However, in terms of website system security protection, the functions of unified threat management products appear to be many and inappropriate, and they cannot provide services for Web Application Security.

Web Security Gateway (WSG) for network security products)

Web security gateway is a new type of network application security protection product developed on the basis of unified Threat Management Products. Provides more in-depth and comprehensive protection capabilities for Web Application Security. Protects against network viruses, SQL injections, cross-site attacks, malicious scripts, and other attacks. The function of WAF is very similar to that of WAF, But it protects network users rather than Web servers.

Web Application Firewall (WAF) for network security products)

So in recent years, a new Web Application Security Protection Technology has been launched-Web application firewall (WAF ). Using an internationally recognized saying: Web Application Firewall is a product designed to protect Web applications by executing a series of HTTP/HTTPS security policies.

In general, the Web application firewall has the following four features (refer to the introduction to WAF and cut and adapt the content ):

1) Audit device: Used to intercept all HTTP data or sessions that only meet certain rules.

2) access control device: used to control access to Web applications, including both active and passive security modes.

3) architecture/network design tools: when running in reverse proxy mode, they are used to allocate functions, centralized control, and virtual infrastructure.

4) Web application reinforcement tools: These functions enhance the security of protected Web applications. They not only shield the inherent vulnerabilities of Web applications, but also protect the security risks caused by Web application programming errors.

It should be noted that not every device called Web application firewall has the above four features at the same time.

WAF also features multiple features. For example, from the perspective of network intrusion detection, WAF can be regarded as an IDS Device running on the HTTP layer; from the perspective of firewall, WAF is a functional module of firewall; some people regard WAF as an enhancement of "Deep detection firewall. (The Deep detection firewall usually works at the Layer 3 and higher of the network, while the Web application firewall processes the HTTP service at the Layer 7 and better supports it .)