Firewalls alone are no longer enough to protect online assets. Today, hackers and their attacking strategies are getting smarter and more dangerous. One of the current threats is an application-level attack that can sneak into a firewall and sneak into web apps. Yes, there are a lot of such attacks that like to target valuable customer data. So why can't a common firewall stop this kind of attack? Because such attacks are disguised as normal traffic, there is no particularly large packet, the address and content are not suspicious and do not match, so the alert is not triggered. One of the most frightening examples is the SQL command implantable attack (SQL injection). In this attack, the hacker uses one of your own HTML forms to query the database without authorization.
Another threat is command execution. As long as the Web application sends commands to the shell, cunning hackers can execute commands at random on the server. Some other attacks are easier. For example, HTML annotations often contain sensitive information, including the login information left by the imprudent programmer. As a result, the attack on the application layer, from tampering cookies to changing the hidden fields inside the HTML form, depends entirely on the hacker's imagination. The good news, though, is that most of these attacks can be completely blocked. If used in combination, two complementary schemes can provide a solid defense line. First, use the application scanner to scan your Web applications thoroughly to find vulnerabilities. Then, use the Web application firewall to stop outlaws from breaking into the application scanner can basically launch a series of mock attacks on your server and report the results. Kavado Scando, Sanctum appscan Audit and SPI Dynamics are fairly comprehensive in their detailed listing of defects and recommended remedial methods. AppScan Audit is particularly noteworthy because the product has an afterthought that can help programmers identify vulnerabilities when coding. However, none of these kits is comparable to a comprehensive review by security professionals. Once you have managed to plug the vulnerability, the next step is to deploy the Web application firewall. This type of firewall works very interesting: figure out the normal flow of incoming and outgoing applications, and then detect abnormal flow. To do this, the Web application firewall must examine the packet more deeply than the ordinary firewall. Heck int is the most famous in this regard, but Kavado, Netcontinuum, Sanctum and Teros and other manufacturers are relatively small. This kind of firewall some uses the software, some uses the hardware, but some have both. However, do not mistakenly assume that such firewalls are Plug and play, even with hardware. As with intrusion detection systems, you should also carefully adjust the Web application firewall to reduce false positives and not allow attacks to creep in.
Because of spam and more cunning attacks, if you think it's all right to install a firewall, you should think about how you're going to deal with it.