Why WAF?

Over the past decade or so, the Web has simplified our hectic social and working lives to a staggering degree. The possibilities of the Web seem limitless, and even the process of arranging a dinner with a friend has been revolutionized. We can easily search for a great restaurant on review sites, find directions on Google Maps and can even make appointments with friends through social networking sites, and not make a phone call as we may have in the past.

In the past, Web has been developed from Web1.0, which is only used to present information to people but doesn’t allow user interaction. However, many Websites are now using Web2.0 to simplify processes including payments, meeting online or E-commerce. Though it has certainly made life simpler, it is still vulnerable to intrusions and exploitation from hackers.

Normally Web attack patterns are made by a hacker to steal user’s data or to try to interrupt the services on a Website. Problems can arise if the user opts for the same username and password for authentication on several Websites, so even if a Website keeps a user’s information secure, when another credential is hacked, the hacker can use the information found and apply it to other Websites for credit card or banking information. It’s hard to restrict users to different usernames and passwords on every site, but it is important that Websites are protected and can detect potential attacks.

Currently, high-tech devices such as Firewall, Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) cannot efficiently protect Websites from these threats. Just like sending a letter out to a Website, normally the Firewall will be visible only if the letter is sent to the legitimate destination. When a Website is accessed or attacked, it usually passes through port 80/TCP (HTTP) and 443/TCP (HTTPS), which makes it hard for a normal firewall to protect and block the usage of the Website. IDS/IPS has similar issues, as it is also only able to “send a letter”. However, both Firewall and IDS/IPS technologies have proven that they are not able to know if the letter contains an inappropriate message or malware attacks to the receiver (Web server) or not. That’s why Web Application Firewall (WAF) has been developed. It detects the information inside the letter, compares it to the letter sent out from the mailbox then opens the letter to check the information inside. When WAF has found there is no harmful information WAF will forward the letter to the Website securely. Additionally, WAF has the potential to help Websites manage these letters. When the amount of letters sent exceeds the limit, WAF has the ability to hold the letters or even discard them. This helps the receiver (Web server) to read the letters and to work on service processes more efficiently.

By blocking or receiving the workload from the user to Website, WAF can make Websites’ processes more comfortable and reduce the administrator’s concerns. Large companies have either a Web developer team, an independent Web server administrator team or they outsource someone to develop Websites as a one time job, but when the contract expires and attacks occur, the responsibility will turn to the system administrator to control, maintain and solve the problems themselves. If their knowledge of Web programming is limited, this can make protection and problem-solving hard and time-consuming. This costs not only the user’s data on the Website, but it will also cost the Website’s reputation in terms of confidentiality.

WAF works to protect and filter attacks from a hacker efficiently because it can be tuned to suit various Websites. Because WAF has the ability and awareness to identify attack patterns, it can also anticipate future threats and keep Website as secure as possible.