If you are working in the Information Technology sector, then you must have heard about Web Application Firewall or simply called WAF. This blog is about why WAF is necessary, it’s role in an IT infrastructure and it’s advantages.
A WAF solution helps to protect our web applications from common cyber-attacks like SQL Injection, Cross-site scripting, and DDoS attacks which could affect security, consume excessive resources and could even affect application availability. Why do you think hackers are more interested in attacking web servers? That is because, compared to a workstation, a server is more powerful, is up 24/7 and has got better internet bandwidth and thus allows them to launch an attack from a single point, affecting multiple workstations.
So, as per my opinion, every company should take this seriously and have a WAF installed to make their infrastructure more secure for them and their customers.
Needless to say, I am going to write about WAF applications and it’s working in an IT environment. A WAF application has to have the following modules/engines :
It’s all about web application scanning. The detection engine helps in detection of application detection vulnerabilities. This is an important stage because whenever we install a security solution, the very first thing that we should know is our application’s weaknesses, only then we can fine tune our security solution specific to our application rather than making a generic solution. So the first thing to be done is web application scanning which includes black-box testing as well as grey-box testing of the application.
Detection also includes Application Pen-testing, both automated and manual pen-testing procedures. For example, consider the case of an e-commerce website. If the customer(who is also a hacker) has messed with the ‘Shopping cart’ page and decreased the total value of the product which he/she is planning to buy, then such malpractices should be and will be caught by our pen-testing procedures. We, at Tensult, work using products which has a perfect amalgamation of machine learning and human intelligence to provide the best defense against such threats without compromising on the application speed.
The protection stage includes Web App firewall, DDoS Mitigation, SSL Certs verification, and platform-specific rules. Applications are onboard with the log-and-block mode automatically from day one. We, at Tensult, are highly concerned about customer application security and using our advanced smart-policies which are rigorously tested in the lab. Such policies are activated from day one onwards so that we have a complete log report of everything that happens with the application as well as the traffic towards it. Application specific data is collected for analysis and using that information, the rule-sets are fine-tuned dynamically.
Once the above two stages are completed successfully, without the user experience being hampered, the application is well-protected from any sort of cyber-attacks.
Onboarding a new application to our WAF Solution won’t take more than 5 minutes. It’s that simple. It’s an advantage that we can start securing our customer’s application almost instantly. Let’s continue with the WAF modules we were discussing,
In monitoring engine, we have things like DDoS rules monitoring to eliminate false positives, block IPs/countries based on reputation, continuous traffic analysis to mitigate targeted attacks. For example, if your application is somehow not reachable from the internet, we can configure the WAF to send an e-mail to the app owners and support team asking them to have a look at the issue. Additionally, I would like to mention that custom rules can also be created for additional checks.
This includes complete site acceleration, automatic static content caching, granular cache purge, electronic software delivery, and video streaming. CDN service falls in this category, and as we know, CDN helps customers get access to the data faster.
So with these 4 engines of the WAF solution up and running in place, the customer can have better visibility of the application security, better control on the firewall and better view in terms of monitoring.
Configuring WAF to work with AWS
Once we have registered a customer’s application with the WAF application that we use, we get a CNAME value, which in turn is supposed to be provided to Route53 in AWS. This is done because we need to change the DNS entry in the Domain Name Server, so that the traffic to the website/customer app first passes through our WAF application and hence, for that we need to create CNAME entry pointing to the new value which we get from the WAF app.
Once the above step is completed, the traffic to the customer application starts passing through the WAF solution and that’s where the magic begins. One of the major advantages of using a WAF solution is that we can get a very detailed report of what is happening in the environment with possible solution steps as well. Such detailed reports which can be easily understood will be highly appreciated by the customers because they may not always have time to go through all the log dump and dig information from it.
With proper planning and implementation, WAF can be a powerful tool to have in our arsenal against any sort of cyber-attacks. Life becomes easier and the world will be a better place to live if WAFs are configured in an IT infrastructure.