×
Community Blog What is Web Application Firewall (WAF) and How It Works?

What is Web Application Firewall (WAF) and How It Works?

A firewall is a system that logically sits between one or more computers and their connection to the Internet.

A firewall is a system that logically sits between one or more computers and their connection to the Internet.

As an enabling technology for quick, easy and cost-effective dissemination of information, the Internet is an incredible tool for an IT person to have at their fingertips. We can connect a server to the Internet, load it with documents and images, databases and web pages, or carefully-written applications, and instantly make its contents available to the world. We can allow the world to send us information back. Forms, social media postings, bookings and payments, email messages, and more.

It’s hard to believe that in the early days of the Internet, computer magazines aimed at enterprise IT users would carry articles with titles such as “Does Your Company Really Need a Firewall?”. Amazingly, the answer was not necessarily a foregone conclusion.

Data travels over the Internet in chunks known as packets, typically around 500 bytes long, using a system or protocol called TCP/IP. To send more than 500 bytes you simply send multiple packets. And because each packet also contains details of the destination IP address and a sequence number, everything will get to the right place eventually.

Ports

TCP/IP uses the concept of ports, or port numbers, to differentiate different types of traffic. Think of it as a TV receiving sports on channel 9 and documentaries on channel 3. On the Internet, a web server communicates with a visitor’s browser using port 80. Email messages travel between senders, email servers and receivers via port 25. Windows Remote Desktop uses port 3389. In reality, all the data goes down the same cables, but the packets also contain the port number so that the receiving computer knows what to do with the data when it arrives.

A web browser sends a request on port 80 to the server that holds the page it wants. The server, which knows to listen for requests on port 80, receives the request and sends back the required page. All is in harmony. If the browser were to have requested the page via port 90, the web server would never see it.

A firewall, at the simplest level, is a system (hardware or software, or both) that logically sits between one or more computers and their connection to the Internet. It improves security by allowing you to specify rules about which packets are allowed in or out, based on the IP address they came from, their destination IP address, and the port number. Or any combination thereof.

Without a firewall, everyone in the world could access your servers on every possible port (of which there are 65,535). But a firewall ensures, for example, that someone can access your website but can’t use Remote Desktop to log into your web server, because port 80 is open and port 3389 is not.

There is hardly a business on the planet that doesn’t have a firewall nowadays. And for a while, the conventional firewall ruled the security roost and was the first – and often only – line of defense for most companies’ servers. To be fair, it worked pretty well. End users’ PCs were protected by antivirus software, and frequently by a firewall too. Before Windows included one as standard, software firewalls were available from third-party vendors, and many of the best-known examples were available for free.

Internet-facing servers, too, were placed behind firewalls to ensure that they were protected from hackers, whose starting point was (and largely still is) to probe IP addresses on the Internet at random, scanning every port in search of a program on the server that had inadvertently been allowed through the firewall.

But while simply blocking ports worked for a decade or so, it ultimately became insufficient. The Internet, and specifically the web, began to allow companies to operate online in ways that had never been done before. This required the rapid (sometimes too rapid) development of application software, running on servers, which were vulnerable to attacks more sophisticated than a hacker randomly scanning ports.

All software has bugs, as the saying goes. And web applications are no exception. With so many of us buying goods and services online nowadays, rather than merely reading information as we did in the early days of the web, the stakes have never been higher. Criminals are constantly trying to exploit those bugs using a variety of techniques based on common errors made by application programmers, or admins who don’t quite configure things as per the documentation.

n order to understand just what sort of errors application programmers typically make, please refer to The Evolution of Security – Web Application Firewall to get more.

Related Blogs

Web Application Firewall Cloud Options: Alibaba Cloud WAF & AWS WAF

Alibaba Cloud WAF uses machine learning to reduce false positives, which is one of the features particularly fantastic about the tool.

A web application or a REST API hosted in a cloud is a common scenario for most developers. However, not every application has the same level of security. Adding a Web Application Firewall (WAF) to your web application is a helpful way to improve your security.

In this article, we'll compare two cloud-based WAF options: The one offered from Alibaba Cloud and the AWS WAF.

Alibaba Cloud WAF

The main advantage of using a WAF in the cloud, as opposed to an on-premises firewall, is that setup and installation time are minimal. In addition, you get 24/7 monitoring and automated responses to firewall-related incidents, which means you don’t have to worry about your staff constantly monitoring the firewall in order to deal with problems.

Alibaba Cloud WAF uses machine learning to reduce false positives, which is one of the features that I found particularly fantastic about the tool. In addition, the monthly subscription includes protection and reporting.

To start configuring the WAF, we need to be on the main dashboard. Then, locate the Security option and Web Application Firewall.

AWS WAF

To use the AWS WAF, the first thing to think about is the creation of Access Control Lists (ACLs). If you do not understand how a firewall works, how to create one, and where you start working, a good deal of research will be necessary. Initially, the rules of entry and exit need to be clear. For the inexperienced, it is possible to block everything or release everything. You can have a whole environment with a WAF, but it’s completely unprotected because of rules misapplied.

Stopping the Bots With Alibaba Cloud Web Application Firewall

The Internet as we know it today, which has its roots in the defense industry, was never designed to be secure.

The Internet as we know it today, which has its roots in the defense industry, was never designed to be secure. The primary design objective was resilience.

Data needed to get through, by whatever route it could. Privacy and security came later, with techniques such as encryption and authentication. From the very start, web browsers allowed the user to view the HTML code of the page that he or she was looking at, complete with all the formatting tags. The feature still exists in every modern browser today. Hiding HTML code from users requires special techniques such as obfuscation, and is far from straightforward. Cyber criminals use their skills in this area to disguise the true purpose of web-based malware, although not always with success.

The same features that make the web so simple to use, also make it incredibly easy for so-called bots to harvest massive amounts of information. Software bots are very common, and it’s far from unusual for a typical website to receive several attempted bot attacks per day.

But with a properly tuned Web Application Firewall, you can stop them. Download this whitepaper to learn how you can protect your business against bot attacks.

Keeping Your Data Secure with Web Application Firewall

According to the 2016 Verizon Data Breach Investigations Report, 81.10% of network attackers can successfully intrude another computer within one minute.

Abstract

How does a data leak occur? What should we do in case of data leaks? How should we prevent data leaks? 81.9% of network attackers are able to successfully intrude into another computer within one minute. A vast majority of attackers are able to infiltrate into an enterprise's Internet within one day. However, less than one fourth of enterprises are able to detect "imminent disaster" within one day after the data leak.

How do data leaks occur? What can we do to prevent them? According to the 2016 Verizon Data Breach Investigations Report, 81.9% of network attackers can successfully intrude another computer within one minute. Additionally, a vast majority of attackers are able to infiltrate into an enterprise's network within one day. However, less than one fourth of enterprises are able to detect an "imminent disaster" within one day after a data leak.

A network attack is similar to a viral infection in humans –it will inevitably spread once contracted, resulting in more data leaks. However, that does not mean that attackers are the sole culprit of data leaks. Failure to take preventive measures is one of the leading causes of data leakage for many enterprises. In this article, we will examine how exposed your enterprise is to data leaks with the following six questions.

1. Are you familiar with your own data?

When speaking of data leaks, we must first address the data itself. Many enterprises do not clearly classify their own data and do not know which data has been disclosed. They might not even know where sensitive data is located (such as server, terminal, network disk).

Recommendation: Before deploying security and protection mechanisms, enterprises should first sort out their data storage locations, the security of the storage locations, and the level of data sensitivity. For example, they should define which data is the most sensitive and most prone to attacks (such as user account, password, and credit card information), and which data is less risky. Enterprises that clearly understand their own data can save a lot of trouble when implementing permission management, protection deployment, and vulnerability fixes.
Meanwhile, employees can regularly maintain the locations where data is stored, such as upgrading servers and terminal systems.

2. Is your data encrypted?

Data is a likely target of tampering, hijacking, and phishing during the process of data generation, communication, transmission, and storage. If data is not encrypted, attackers can easily steal it since it is in plaintext. Many enterprises do not do enough to protect their data. Half of the enterprises in the world have not upgraded their websites from HTTP to HTTPS, leaving their data exposed on the Internet.

HTTPS offers more security and is the preferred choice for large enterprises around the world. Apple has announced that all apps submitted to the App Store must enable the App Transport Security (ATS) security standard starting January 1, 2017, and all connections must use HTTPS encryption. Android has also made a similar HTTPS requirement for connections.

Recommendation: Enterprises need to protect critical, sensitive data throughout its life cycle. Data generation, communication, storage, and destruction must be performed within a controlled and encrypted environment. In addition, we recommend enterprises to use cloud certificate services to implement one-click HTTPS transformation.

Related Courses

Protect Your Web Application on Alibaba Cloud

Understand application security and common network attacks. You will master the core skills of application security on the cloud, including how to access Alibaba Cloud WAF, avoid tampering website, prevent CC attacks, and how to conduct business risk management.

Web Application Attacks and Defense Deep Dive

Web applications are the most common way to provide services on the cloud and are the most vulnerable security targets. Through this course, you can understand the top 10 network application security risks listed by OWASP. We will explain these 10 security risks one by one, and choose XSS, SQL injection, Webshell, the three most common attack methods to further In-depth discussion, and finally introduce Alibaba Cloud's WAF products to help you solve online application security problems once and for all.

Use Anti-DDoS Basic and Pro to Defend DoS Attack

The network is the only entry point for all cloud services. Network attacks, especially denial of service attacks, are the most diverse and harmful, and one of the most difficult to protect against network risks. This course is designed to help students understand the principles of DoS attacks in a minimum amount of time and learn common protection methods and Alibaba Cloud Anti-DDoS protection solutions to minimize or reduce the risk of network layer attacks, protect your cloud network security.

Related Market Products

NSFOCUS Web Application Firewall (WAF)(BYOL)

The NSFOCUS Web Application Firewall (WAF) provides comprehensive, application layer security to completely protect your critical servers and web applications.

Protect Your Web Application on Alibaba Cloud

Understand application security and common network attacks. You will master the core skills of application security on the cloud, including how to access Alibaba Cloud WAF, avoid tampering website, prevent CC attacks, and how to conduct business risk management.

Related Documentation

Web application protection - Web Application Firewall

Web application protection provides different levels of protection policies, including loose, normal, and strict, to prevent common Web application attacks such as SQL injection and XSS attacks.

Background information

After you add your domain to the WAF protection list, you can enable Web application protection for this domain, and select a protection policy. This feature takes effect immediately after you enable it. You can disable it at any time.

Before you perform the following operations, make sure that you have added the domain to WAF for protection. For more information, see Use WAF CNAME to add domains for protection

Definitions of common web vulnerabilities

Description

Cross-site scripting (XSS) usually occurs at the client’s end. Hackers use it to steal private information and passwords, for phishing, and to transmit malicious codes. HTML, JavaScript, VBScript, and ActionScript are the technologies most likely to be hit by the XSS attacks.

An attacker inputs the code that harms the client to the server and uses code to forge a webpage. When a user opens the webpage, the malicious code is injected into the user’s browser to mount attacks. The attacker can then steal the session cookies to obtain the user’s private information, including passwords and other sensitive information.

Related Products

Web Application Firewall

Web Application Firewall (WAF) protects your website servers against intrusions. Our service detects and blocks malicious traffic directed to your websites and applications. WAF secures your core business data and prevents server malfunctions caused by malicious activities and attacks.

Simple Application Server

Simple Application Server is a new generation computing service for stand-alone application scenarios. It provides one-click application deployment and supports all-in-one services such as domain name resolution, website publishing, security, O&M, and application management. This optimizes the user experience of setting up a simple application and makes it easier for entry-level users to use cloud computing products.

0 0 0
Share on

Alibaba Clouder

2,019 posts | 470 followers

You may also like

Comments