Thursday, December 13, 2018

Web Application Firewall as Opposed to Intrusion Prevention Systems

Internet security will always be a major source of web services problems that a need for next generation of products that secures web applications is more of a ‘sine qua non’ than a simple requirement. What’s needed is a new approach in managing this Web Application problem (WAP).
Web application firewall
Fig. 1: how web application firewall works | Source:

Today’s hackers have grown in sophistication in attacking web-based deployed applications making the security protection solutions offered by IPS (Intrusion Prevention Systems) falling short on multiple fronts. This is precisely due to the core technological designs of matching attack signatures as opposed to the traffic coming into the network. For the simple reason that one web application varies from one another, using facile pattern matching is just not good enough. For one, securing against the latest Layer 7 Web attacks needs a security solution to be mindful of web applications contexts and its infrastructures.

Recently, confusion has arisen between Web Application Firewalls (WAF) vs. Intrusion Prevention Systems (IPS) platforms vis-à-vis the differences between these two technologies. Moreover, IPS retailers often add to the confusion by asserting that IPS Solutions delivers a more complete web application protection. Let us scrutinizes these indispensable differences between Web Application Firewalls and IPS solutions minutely, especially regarding Web Application Protection.
Fig. 2: A quick comparison between the Web security abilities of other technologies vis-à- vis the Barracuda Web Application Firewall | Source:
Protecting dead set against sure attacks such as session hijacking, cookie tampering, and hidden form field tampering needs that application constructs such as cookie or session be understood and that the values be tracked to avert tampering. In view of the fact that IPS solution products only works at the network layer and have not had any application state knowledge, IPS cannot validate encrypted sessions nor interpret application encoding strategies. Furthermore, IPS lacks the ability to block application layer attacks. This will ultimately prevent IPS technology from securing the most critical applications in a network. IPS solutions can only detect network-level attacks such as CGI attacks, stealth port scans and attacks directed at the protocols and allow or deny any packets after comparing it to known attack signatures. At this juncture, the structured and encoded data cannot be considered during this comparison. This method of approach fails to avert most attacks or creates false positives, contingent on security strategies.

WAF platforms understand the Web traffic constructs and keep tracks of the application’s state and client sessions. In the same consideration as an IPS, WAFs can be a network or host-based. This gives the means to enforce the thorough application state accuracy needed in securing the Web application. WAF completely terminates and proxies every level of connection because it has had absolute visibility into application layer constructs. Thus, it can strictly apply security checks on the decoded request contents. Since WAF uses both positive security model and signature-based model, it adequately makes certain that every user requests and responses conform to anticipated application usage and allows only valid traffic. Thus, it prevents both known and unknown application attacks with no signatures and no false positives. Basically, WAFs are designed with the sole purpose of protecting web applications/servers from web-based attacks the IPS cannot prevent. The difference lies in the level of ability to analyzed Layer 7 web application rationale.

WAFs can be used to give elevated security to web applications/servers. It is a good way in supplementing IPS and provides another layer of protection especially for Defense-In-Depth infrastructures.