In these days when many businesses provide services via the Internet, it is extremely important to deepen your understanding of security measures. WAF (Web Application Firewall) is a security measure that protects vulnerable web application services from attacks, but some people may not understand the mechanism or basics of WAF.
Therefore, in this article, we will explain the overview, mechanism, and basic functions of WAF. We will also explain the types of WAF and points to note, so please refer to them.
What is WAF?
First, let’s start with an overview of WAF (Web Application Firewall). WAF is a security measure that mainly protects vulnerable web application services from attacks. Websites and web systems that handle personal information, such as internet banking services and e-commerce sites, are subject to protection.
A feature of WAF is that security measures are not directly applied to web applications. WAF is basically implemented on web application networks to detect attacks targeting vulnerabilities and take countermeasures. Additionally, since it is implemented over the network, it is possible to protect not only a single web application service but also multiple web applications at the same time.
Differences between WAF and other security measures
Up to this point, we have provided an overview of WAF (Web Application Firewall). From here, we will introduce the differences between WAF and other security measures.
- firewall
- IPS
- IDS
Let’s look at each in turn.
firewall
A firewall is a security measure implemented in software or hardware. Therefore, it cannot be implemented as a security measure for web applications that need to be exposed to the outside world. To put it simply, there is no problem with understanding that security measures for software and hardware used only internally are implemented using a firewall, and web applications that need to be exposed to the outside world are implemented using a WAF.
IPS
IPS (Intrusion Prevention System) is an intrusion prevention system. It can prevent attacks on file sharing services, attacks that target OS vulnerabilities, etc. A feature of this service is that if the administrator sets a detection pattern in advance, security can be strengthened based on the automatically set detection pattern.
Additionally, IPS is based on security measures at the platform level.
IDS
IDS (Intrusion Detection System) is an intrusion detection system. Although it is similar to the IPS mentioned above, there is no problem if you think of IDS as a security measure that can detect more abnormal communications than IPS.
Although IPS and IDS can enhance security in various cases, it is impossible to cover a wider range than WAF. Therefore, if you want to strengthen your security measures, it is a good idea to consider WAF as a priority.
Basic mechanism of WAF
The basic mechanism of WAF (Web Application Firewall) differs depending on the blacklist type and whitelist type. Here we will explain each in detail.
blacklist type
The blacklist type is a system in which attack patterns that should be detected in advance are set up, and communication is denied if that attack pattern is detected. The blacklist type is characterized by setting known attacks as patterns, which saves the effort of implementing countermeasures for multiple web applications.
However, it cannot prevent attacks that target vulnerabilities that do not currently exist. If your company’s web application is attacked, or other companies have been attacked, you need to take countermeasures after learning of attacks, so it can be said that WAF is a somewhat time-consuming mechanism.
whitelist type
A whitelist type is a mechanism that predetermines communications that match legitimate patterns and allows only those communications. In technical terminology, legitimate patterns are called “permitted communications.” The advantage of the whitelist type over the blacklist type is that it can prevent unknown attacks.
However, the difficulty is that it is difficult to define the communications that are allowed. On top of that, it is necessary to determine the communications to be allowed for each web application, so it can be said that it is a more time-consuming mechanism than the blacklist type.
Basic functions of WAF
From here, we will explain the basic functions of WAF (Web Application Firewall).
- Communication monitoring
- Cookie protection
- Excluding/rejecting specific URLs
- Automatic signature updates
- Collecting logs
Let’s look at each in turn.
Communication monitoring
Communication monitoring is a typical example of a basic WAF function. Depending on the blacklist or whitelist type, communications are denied or permitted depending on the situation.
Cookie protection
WAF can also protect web browser
cookies
. In addition to attacks targeting vulnerabilities in web applications, there are many attacks that misuse or tamper with cookies.
By using WAF, you can deny access even if someone accesses your site using an illegally obtained cookie. Furthermore, WAF also has a cookie encryption function.
Excluding/rejecting specific URLs
With WAF, it is possible to exclude communications that do not pose a threat from being checked in advance. This has the advantage of preventing deterioration in communication performance. It is also equipped with a function that rejects IP addresses that are used in cyber attacks.
Automatic signature updates
A signature is communication or attack pattern information. A cloud-based WAF automatically updates signatures, so you can always keep them up to date. This has the advantage of being able to automatically take countermeasures against attacks that target new vulnerabilities.
Collecting logs
Some WAFs are equipped with functions that automatically collect logs and create reports. This will enable you to understand what kind of attacks have been carried out on your company’s web applications and how to counter them.
WAF type
So far, I have explained about WAF (Web Application Firewall). When it comes to WAF, there are three types:
- software type
- appliance type
- Cloud type
I will explain each in turn.
software type
A software type WAF is a type of WAF that is installed on the target web
server
, and is sometimes called a hosted type. The feature is that there is no impact on other web servers, and there is no need to newly construct or change the network environment. Additionally, it can be installed at a lower cost than the appliance type described below.
appliance type
The appliance type is also called the gateway type or network type, and is a WAF installed within each network. Because the dedicated equipment is installed outside the web server, settings can be changed flexibly to a certain extent without putting a burden on the web server.
However, since the settings must be changed by the company itself, it is assumed that the operator has specialized knowledge. Since the implementation cost is relatively high, it is suitable for companies that can secure a budget and dedicated personnel.
Cloud type
The cloud type, also called the service type, is a WAF that is used via an internet service. It is the cheapest to install compared to software and appliance types, and there is no need to construct or change a new network. Therefore, it is suitable for companies that have a low budget and want to test the usefulness of WAF. However, in most cases, customization is not possible even if you want to, so it is important to carefully consider the implementation.
Cases where WAF should be introduced
So far, we have provided an overview of WAF (Web Application Firewall). We recommend that you consider implementing WAF in the following services and cases.
- EC site operator
- Services that handle customer information
- Cases in which customer information is sent via the Internet
You should consider implementing it mainly if you handle customer information or need to exchange money on an e-commerce site. By implementing a WAF, security can be strengthened, allowing companies to focus on more essential business operations.
summary
In this article, we have explained WAF (Web Application Firewall). WAF is a security measure that prevents attacks on vulnerable web applications. You can monitor communications, protect cookies, reject specific URLs, etc. It is especially important for businesses that operate e-commerce sites and handle customer information, or businesses that are trying to send customers to other companies, to deepen their understanding of WAF.
If you feel that your company actually needs to implement WAF, why not actively consider implementing it?