What’s a WAF and why do I need one?

A WAF – Web Application Firewall – is a device, either physical, or virtual, that is used to protect web servers (application servers) from attackers, while allowing desired user traffic to pass unfettered. WAFs have become increasingly sophisticated since they were originally conceived in the late 1990s. Starting out as merely illegal web page character filters, they have progressed to protect against distributed denial of service (DDoS), bot attacks, and agile defense against software vulnerabilities. They often provide load balancing and TLS offloading as compulsory capabilities.


WAFs, function like a firewall but unlike a traditional firewall – which protects at layers 3 & 4 blocking IPs and ports – WAFs monitor at the application layer (layer 7). By monitoring a different layer they can identify and stop the higher level DDoS attacks. The most common attacks are HTTP Floods, whether they be basic, randomized, cache-bypass, or the opposite of the volumetric attacks called the Slowloris attack. Flood attacks are pretty straight forward in how they deny resources. The Slowloris attack on the other hand, works by transferring data very slowly, causing the server to exhaust its connection pool. These types of attacks can sometimes be difficult to identify as they typically look very much like legitimate traffic.


Although DDoS attacks are conducted with bots, they are often used for other purposes and consume an estimated 40% of the total internet traffic. The most common other uses are: credit card cracking, account takeover, and content/price scraping. Credit card cracking is a technique where given stolen card numbers associated with names, bots attempt to guess the remaining pieces by setting up small purchases against multiple different vendor sites in parallel looking for the CCV, expiration date, and associated postal code. Account takeover is where the bot uses compromised username/password combinations on many other sites and is based on the theory that people will use the same username/password because it’s easier to remember. Last, is content scraping. Content is scraped from original information owners and republished without permission to disrupt search engine optimizations. Other information that’s scraped includes price scraping for monitoring, and contact scraping for spammers.

Additionally, WAFs provide an additional level of protection that is more agile with signature updates and protection profiles which are much quicker to deploy than fixing code when vulnerabilities like log4j arise. This gives the site developers time to update the software to remediate the risks.


In today’s world, with nation state actors bank rolling whole communities of hackers, every web server of consequence should be protected by a WAF.


By William (Chris) Vest, Sr. Systems Administrator

d1e1871a85e906df5b85bace3dbfd254.jpg

INNOVATION FACILITY NOW OPEN

PSI's state-of-the-art Innovation Facility is now open in Valparaiso, FL. It is designed to provide a cyber secure ecosystem for development of new technologies and approaches, illustrating the company’s commitment to deliver excellence to its customers. Watch a video about the Innovation Facility.

PSI_Collab.jpg

#WEAREPSI

PSI works hard to maintain its unique, diverse, and collaborative culture. Success is the result when we connect the power of our people. Watch a video about who we are.

military.png

SKILLBRIDGE OPPORTUNITIES

We have a new internship program that helps Active-Duty Service Members make a shift into civilian life. Learn more here.

woman-in-tech.png

FEATURED INDUSTRY: INTELLIGENCE

PSI is a proud and dedicated services provider to the Intelligence Community. Our IT solutions solve today’s complex challenges, improve operational efficiencies, and meet challenges to our national security. Learn more here.