Page 31 - Informatics, July 2021
P. 31
Technology Update
WEB APPLICATION FIREWALL
Defense against Layer-7 Attacks
Edited by MOHAN DAS VISWAM eb Application Firewall (WAF) is the latest While WAF is important, it is most effective
entry into the Layered Data Centre Secu- with other security components. A comprehen-
The application layer (L7) Writy model. It forms an integral part of a sive enterprise security model positions a WAF
alongside IPS, NGFW, Scanner, SIEM, etc.
multilayer security architecture and provides se-
is the hardest to defend. curity at the topmost layer of TCP/ IP stack that
is most vulnerable and most targeted in the cur- WAF Policies & Working Models
Hackers get direct access to rent threat landscape. Web Application Firewalls WAF analyses Hypertext Transfer Protocol
examine the data payload beyond the simple IP (HTTP) requests and applies a set of rules to
the bounty they are seeking, and TCP header examination. They protect web understand what parts of that conversation are
by compromising layer-7. The systems against known and unknown threats and benign and what parts are malicious. It employs
vulnerabilities. Customized inspections can de- various approaches/models to analyze and
need is to have a product tect and prevent several of the most dangerous filter the content. WAF operates through a set of
application security flaws. rules often called policies. These policies aim to
with an understanding of the Next-Generation Firewall (NGFW) and Intru- protect against vulnerabilities in the application
sion Prevention/Detection System (IPS/IDS) are by filtering out malicious traffic.
“real-world techniques” or powerless to tackle and handle modern web WAF that operates based on a blacklist (nega-
“methods” hackers use. It is attacks. So here is where the Web Application tive security model) protects against known
Firewall fills the gap. Acting as an intermediary attacks. This model is appropriate for public
here that the Web Application service between your website application and websites where sources are unknown. However,
the visitor browsing your site, WAF intercepts and the model highly resources intensive.
Firewall technology delivers strips malicious requests before they can cause Conversely, WAF based on an allow list (posi-
any damage. With application layer logic funda- tive security model) only admits traffic that has
the promise. With the right WAF mental to its working, WAF can detect/under- been pre-approved. It is highly efficient but may
with right policies in place, you stand unusual traffic activity with ease. at times un-intentionally block benign traffic. Web
Application Firewalls also offer a hybrid security
can block the array of attacks Internal Architecture model, that implements elements of both.
The internal structure of the Web Applica-
that aim to exfiltrate data. tion Firewall is often complex and the interac- WAF Deployment Architecture
tion between components changes from one There are two main architectural consider-
manufacturer to other. However, the resultant ations related to WAF placement: In-line or tap/
impact of deploying WAF is roughly the same. span.
The below-given figure depicts a typical internal IN-LINE
structuring of WAF. In this architecture, the WAF is placed direct-
WAF Architecture
Ratnaboli Ghorai
Dinda
Dy. Director General
& HoG
ratnaboli@nic.in
Raj K. Raina
Sr. Technical Director
& HoD
rk.raina@nic.in
July 2021 informatics.nic.in 31
