The Web Application Firewall (WAF) An Added Safety Net

With the emergence of Web 2.0, web sites have moved beyond mere collections static HTML pages. Web applications now allow for dynamic sites that respond to user input just like desktop software, except Web applications run on a web browser. A Web server then becomes a central hub which many users access. If such a server is compromised and its service interrupted, it is no longer affects just a single user; it affects a multitude. Such servers face continual bombardment from malicious attackers exploiting their public accessibility. A traditional firewall that merely blocks ports and IPs cannot provide adequate protection, because the service ports must remain open and attackers’ IP addresses are unpredictable. Furthermore, since Web applications respond to user input, bugs or unsecure configurations can cause them to respond in ways that cause service interruptions or breach security.

The Web Application Firewall (WAF) is your indispensable line of defense in these situations. It does not replace your traditional firewall but rather augments it. The best location for a WAF is behind the traditional firewall but in front of the Web server. The traditional firewall will then block unnecessary ports and blacklisted IPs wholesale, while the WAF will detect additional malicious attacks. The WAF does its job by examining the web client requests and Web server responses. Thus, not only does the WAF protect against incoming malicious activities, but it also prevents your Web application from revealing information useful to attackers.

Sometimes if a Web server or application is not configured or coded properly, the server or application error response can reveal weaknesses or other exploitable information. Error responses may be helpful for developers and systems administrators, but such information should remain confidential. The WAF will keep those error responses private to prevent further probing by an attacker.

Sometimes security holes arise from unintended, overlooked, or forgotten default settings. Often server software defaults to using extremely insecure settings for debugging purposes during setup. These settings may escape revision, and it only takes one successful attack because of them to wreak havoc on a system. The WAF is a safety net that can plug some of these more commonly overlooked security holes and keep your service up and running smoothly.

 

AVANU, Inc. is the developer of the WebMux Network Traffic Manager, an enterprise-class application delivery network load balancing solution. AVANU offers Virtual WebMux appliances for cloud environments as well as a network hardware appliance for plug-and-run ease of use and management along with reliable high performance. Both platforms are scalable to meet your local traffic management requirements as well as affordable for all business sizes.

For information on AVANU WebMux Networks Traffic Manager, visit their web site at ‘www.avanu.com; email ‘info@avanu.com; or call 1.888.248.4900 U.S. Toll Free Number; 1.408.248.8960 International.

 

What is AAD

The WebMux AAD (Automatic Attack Detection) controls the number of concurrent open TCP connections that come from the same IP. Depending on situation, it may be perfectly normal to get 50 concurrent connections coming from the same client. In some other situations, seeing more than 5 concurrent connections might be unusual. It may require some other means of network analysis (outside of the WebMux) to help you determine what the normal activity it for your environment. Or you can refer to you server’s actual resource limits and set AAD TCP connection threshold to a value under the servers real limits for concurrent connections as a safeguard against server overload. AAD helps safeguard for situations where an attacker from a single IP can open so many TCP connections and leave them open that the farm can no longer accept any new connections.