It is likely that your website or web application will not be attacked.
But there is one important fact here: over 35,000 successful website hacks are performed daily. We are all potential targets simply because we publish a page or application, and having secure passwords and an SSL certificate is not enough to keep us safe.
If you ask any cybersecurity consultant about the need to implement a Firewall or a Web Application Firewall (WAF), the answer would be: Well, it depends; or yes, but…
Let’s look at the differences between them first to see what we are really protecting.
A firewall protects a network, but if you are hosting web applications, you should definitely consider a WAF. It is important to note that a WAF is not a substitute for a Firewall; they are independent devices or functions that complement each other.
The Firewall, at its most basic level, contains a collection of rules you create that dictate who can talk to whom. For example, you can create a rule that defines that some external computers can communicate with port 21 of your internal FTP server. Or that ports 8081 and 8082 enabled for security cameras that are hosted behind your firewall are accessible. Also, you can open port 80 or 443 so that they can reach your corporate website from the Internet, or your employee portal application. You can record the traffic and use it later for auditing or reporting purposes.
UTM or Firewalls with ‘extras’
In the case of UTMs or Unified Threat Management devices, these take us one step further and that’s where we start to get confused between the two. Newer or next generation firewalls can understand applications and be able to dynamically track or monitor traffic based on the type of application, rather than a single IP and port. They can identify users of a directory service (AD or RADIUS, for example) and use it for more useful reporting and dynamic policy creation. These firewalls can even block malware or monitor data patterns that you want to track, such as bank account numbers or tax IDs to protect web applications or user content-traditionally only associated with WAFs.
A pure WAF does things that a firewall does not. It focuses on the applications themselves to provide granular and customizable logic to protect a website or web application and the data within it. On the one hand, it protects against known system and programming or development vulnerabilities and on the other hand it mitigates attacks against vulnerabilities that are standard for web applications themselves and on the Open Web Application Security Project (PSAWA) lists such as
- SQL injection
- Cross Site-Scripting
- Remote clients with bad reputation
- Protocol violations
- Slow HTTP/S or Slowloris (denial of service)
- Other known common threats
WAFs are aware of these types of attacks, have the ability to monitor and learn about what specific vulnerabilities may be in use against your application and then generate rules to block those vulnerabilities and mitigate these attacks. Even if an application has no known vulnerabilities, a WAF monitors possible attacks and blocks or logs them based on the administrators’ preferences. Because these attacks change over time, WAF rules can be adapted.
Multi-platform and for everyone
Historically, WAFs were deployed as a solution based on an appliance on site, but today, with the digital transformation and the large clouds, we see more and more solutions adapted to this environment and to hybrid and/or multi-cloud environments.
In short, WAFs are an effective way to protect your websites and web applications by mitigating hacking.
So, it is likely that your website or web application will not be attacked today, but it is an unnecessary risk to take.
For the next installment, we will continue to discuss WAF and its evolution towards WAAP (Web Application and API Protection) which will be the next step since it emphasizes the protection of web applications and APIs, and not the servers.