Understanding about Web Protection: Web Application Firewall

Editor: "In nine to 12 months, it will be widely used ." This is a long time on the speed-first Internet.

Currently, attackers do not need to have a deep understanding of network protocols by using attack software that is everywhere on the Internet, such as changing the Web site homepage and getting the administrator password, damage the entire website data and other attacks. The network layer data generated during these attacks is no different from the normal data. Traditional firewalls have no effect on these attacks.

In the coming months, Citrix, Barracuda-NetContinuum, F5 Networks, Imperva, and Protegrity will add some features to their new Web application firewall, in order to make them play a greater role in protecting the online enterprise data.

Effectively protect applications

Although traditional firewalls have effectively blocked some data packets on Layer 3 over the years, they are powerless to prevent attacks Exploiting Application vulnerabilities. WAF can detect application exceptions and sensitive data (such as credit cards and Social Security numbers), and block attacks or conceal sensitive data.

Rob Whiteley, analyst at Forrester Research, said: "Many companies with Web applications can deal with the past without Web application firewalls ." Most enterprises use SSL encryption to protect communication traffic, while some enterprises use ssl vpn to ensure that authorized talents can connect to Web applications.

Whiteley believes that enterprises like financial services usually purchase such products. "Application Firewall is suitable for enterprises that cannot withstand any problems. They do not want to leave vulnerabilities because they do not have an application firewall, "he said." It is correct to provide some protection measures for themselves ."

WAF integrates with Server Load balancer devices and application switches that ensure the availability of Web applications to create products that provide both accessibility and security. Andrew Jaquith, an analyst at Yankee Group, believes that such a platform can maintain server availability and protect end users from attacks, and ensure that traffic in and out of the data center is not compromised.

The independent Web application firewall can check HTTP and HTTPS traffic at the application layer, and search for attack programs that attempt to bypass a valid application program. Jaquith said: "These products can prevent some people from using malicious attacks to expose sensitive information to some websites or conduct illegal intrusion ."

Protecting applications

Although Web Application Firewall vendors have begun to research and solve the problem of accelerating and protecting Web application traffic in different ways, the position of Web application firewall in the network will not change, before the application server, the functions provided by the vendor may include Server Load balancer, compression, encryption, reverse proxy of HTTP and HTTPS traffic, application consistency check, and aggregation of TCP sessions.

Citrix believes that in this regard, the company's goal is to integrate Web applications with application switches so that the device can allocate traffic to servers, you can also analyze the traffic to find attacks at the application layer.

"It is expected that some software tools will be added next year for NetContinuum to make it easier to configure application security policies," said Barracuda-NetContinuum's product owner ." The company is still considering the role of application gateway in identity identification and access management based on solutions such as Security Assertion Markup Language.

Erik Giesa, vice president of product management and marketing at F5, mentioned that the company will support Web servers and VoIP by protecting XML (Extensible Markup Language) and SIP (Session Initialization Protocol) traffic. It is also turning to adding WAN acceleration technology to its platform and creating a software developer toolkit to encourage the creation of self-protected applications that can block traffic once an intrusion is discovered. This application will be combined with the software managing the F5 Big IP Application Switch to establish a rule within the Big IP to block suspicious traffic.

"Imperva plans to develop audit and evaluation tools that help customers follow these rules: payment Card Industry Standards, HIPAA and Sarbanes-Oxley Act to protect private information." According to Jeannine Bartlett, vice president of Protegrity's product strategy and development, Protegrity expects to combine its database security device with application protection software obtained through Kavado. She said: "Our next year's release will mainly focus on backend reports, statistics, measurements, and specific application ing to meet the various needs of customers to comply with regulations. This is what a large company really needs ."

Whitely believes that all these activities show that the Application Firewall is maturing. Most of these devices are derived from reverse proxy technology. using this technology, the traffic sent to the Web server is sent to the server by a separate session after the proxy ends, then the server's response is proxy. Although the traffic passes through the proxy, the device can check the traffic to determine whether it has attempted to exploit the application vulnerability.

General application may take a few days

Pacific Northwest National Laboratory uses the Barracuda-NetContinuum application firewall to protect its Web applications. "Sometimes applications need to be rewritten so they can pass through the application firewall," said Mark Hadley, a research scientist at the Institute's Network Security Group ." For example, if a field in an application protocol uses a character that is also used for the Web application URL, such as "forward slash", it indicates that it is a vulnerability that can be exploited by attackers. Therefore, users should be prepared to rewrite their applications. Hadley recommends that you set up a test environment and run it again before deploying the application to identify and correct such issues.

Whiteley believes that this complexity may make some users think that the application firewall is complex and difficult to deploy. If their applications are not critical to their businesses, they are reluctant to deploy the application firewall. He believes that when vendors integrate application firewalls and application switches on the same device and develop software tools to make them easier to configure, there will be more commercial users using them. "It will be widely used in nine to 12 months," he said ."