Fundamentals of On-Premise WAF - Blog Series
Part1: Multi-Layer Protection - the basis of On-Premise WAF
At Imperva, we appreciate that a lot of our users are required to communicate internally the workings of our products and the value they bring to the organization. With this in mind, we're excited to announce a new blog series on On-Premise WAF! I will go "back to basics" with a focus on On-Premise WAF in a series of informational blogs.
In this first blog, I'll go over the multi-layer protection with On-Premise WAF and why it's so important for organizations.
On-Premise WAF is an important tool that helps protect your network from cyber threats. It can help you prevent malware and other infections from entering your organization. It also helps detect and block malicious traffic before it reaches your internal systems or users' devices. This means you can focus on running your business instead of worrying about security issues that could affect it negatively.
I'd love to hear what you think about this topic—so please leave a comment below if there's anything you'd like me to cover in future blogs!
What is WAF?
Let’s quickly refresh our minds on what WAF is before we dive into the meat of this blog series.
WAF stands for web application firewall which is a form of software designed to protect websites from malicious attacks. It is a layer of security that monitors requests, blocks suspicious ones, and sends the good ones through to the webserver.
On-prem WAF Architecture
An on-premises web application firewall runs either in your data center or potentially as a virtual machine within your infrastructure-as-a-service (IaaS) cloud presence, which is managed by your internal technical staff and accessed through LAN and VPN when outside the local area network.
The On-Premises WAF architecture enables configuring sites that reflect customer network architecture, profiles the behavior of traffic running on these sites, then enables configuring policies to define expected behaviour for traffic on these sites.
The domain protected by On-Premises WAF contains the following basic elements:
- Sites: A physical site or sites, where server groups are installed (for example, data centers).
- Server Groups: Contain physical servers, services, and actual applications.
- Services: The HTTP service. A service is characterized by the port used, collection of relevant plug-ins, character sets, encryption and includes a collection of applications.
- Applications: Web applications. Besides the physical representation of the protected domain (using sites, server groups, services, and applications), On-Premises WAF provides a logical representation of the protected domain. The logical representation is focused on the application level and enables unlimited hierarchical grouping of applications.
The OSI 7-layer model
The OSI 7-layer model is a theoretical framework for understanding and developing the concept of computer networking. The model describes how data can be transferred from one application to another across a network.
There are 7 layers in this model:
Layer 1: Physical layer
This layer describes the physical characteristics of the network medium. It defines the electrical and mechanical requirements for the transmission media, including the connectors and signals. It also specifies how the network adapter card is connected to the cable or other transmission medium in order to provide connectivity between devices on a network.
Layer 2: Data link layer
This layer defines how messages are broken into smaller units, referred to as packets, that can be routed independently through the internetwork. The data link layer also handles error control and packet sequencing (reassembling). This layer is responsible for protocol conversion between dissimilar networks, such as Ethernet and 802.11 wireless networks.
Layer 3: Network layer
The primary functions of this layer are routing (forwarding) packets from one node to another node in a network based on its destination address, providing logical addressing schemes for hosts and gateways (routers), and defining protocols for determining cost/benefit.
Layer 4: Transport Layer (TCP/UDP)
Layer 4 is responsible for routing packets between endpoints on the network. It performs this function by assigning an IP address to each packet and then sending it along its path to its destination. Layer 4 protocols include Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
Layer 5: Session Layer
The session layer establishes a connection between two endpoints so that they can exchange data. After the connection is established, all subsequent data sent between them will use this same connection until it closes down again. This ensures that no data is lost while being delivered from one computer to another over a network. The session layer also manages authentication information so that authorized users can access resources on a server securely without having their passwords stolen by malicious users trying to break into their accounts.
Layer 6: The presentation layer
The presentation layer is responsible for the format of data. The presentation layer is responsible for encoding data into a format that can be understood by both the sender and receiver of data. The presentation layer is often used in conjunction with the session layer to create sessions between clients and servers.
Layer 7: The application layer
The application layer is responsible for sending requests from clients to servers and receiving responses back from servers.
For the On-prem WAF, the system protection corresponds to the OSI 7-layer model.
- The firewall corresponds to OSI layers 2 through 4.
- Protocol Validation and Application Layer Signatures correspond to OSI layer 7, as shown below.
Several of On-Premises WAF's advanced protection processes, such as Profile Evaluation, Web/DB Correlation, and Correlated Attack Detection operate at the level of the application and thus provide protection at what is effectively layer 8 — a layer not defined in the OSI model.
On-Premises WAF provides the protection mechanisms needed to secure a network against threats at all levels.
The overall level of security activity can be adjusted based on the importance of different sites in the service provider's network. Traffic is matched against rules that are applied by server group and site, resulting in configurable protections for services, applications, and internet access. When attacks are launched from inside an organization's network against its infrastructure, the On-Premises WAF system's multi-layer protection approach will prove itself against even the most advanced threats.
Watch this space for the next in this series...
"Application Hierarchy: Server Group, Service, Application"
#fundamentals #learning #series #knowledge