The main difference between a firewall and a web application firewall (WAF) definition is that a firewall usually protects network and transport layers (layers 3 and 4). A WAF offers protection on the application layer (layer 7). Show
What is a web application firewall (WAF)?Organizations and users are increasingly relying on web applications (e.g., web portals, enterprise web apps, business automation web solutions, eCommerce web apps, etc.). A WAF monitors HTTP/HTTPS requests and protects these web applications from malicious activities on layer 7 of the OSI model. Hence, a WAF is a necessary protection against a growing number of web security threats. Types of WAFIn this article, you will mainly learn information about cloud-based WAFs.
What does WAF protect against?A WAF should protect against the most common malicious web attacks, such as:Common web application attacks and code injection techniques:
DDoS attacks on layer 7 (HTTP Flood):These are composed of requests (HTTP GETs and DNS queries are popular) that are designed to consume application resources (memory, CPU, bandwidth). An example is an attacker who continuously uses a website functionality (submitting a contact form or any API requests) that they know causes database and application processing so that the underlying web service is busy with malicious requests and can’t deliver to other users anymore. Read more in our article about DDoS protection. Bad Bots:Bad bots are often programmed to do a variety of malicious jobs. They can try to break into user accounts, steal data, submit meaningless data through online forms, and perform other malicious activities. Bad bot activity is most often manifested by an abnormal increase or decrease in visits in unusual periods with a high rate of immediate leave (bounce). Benefits of WAF
How does a WAF work?A WAF is usually placed logically between users and web servers and analyzes and compares network traffic with the vulnerability database. A WAF creates a set of rules designed to protect your website and detects unwanted traffic. It usually blocks this traffic but can be set up to only monitor it. Want to find out how a WAF can help your particular use case? Talk to a waf specialistAWS Web Application Firewall(AWS WAF)The AWS WAF is a cloud-based solution that helps prevent attacks on the application layer 7 and a great web application firewall example. Due to the specific nature of these attacks, with an AWS WAF you can easily create customized rules against malicious requests which could have characteristics like being disguised as good traffic or coming from bad IPs, unexpected geographies, etc. AWS WAF protection is tightly integrated with AWS services that AWS customers use to deliver content such as Amazon CloudFront CDN, the Application Load Balancer (ALB), and the Amazon API Gateway. But AWS WAF can be also used for the protection of services from other providers, but your content has to be served through the CloudFront distribution network. How does an AWS WAF work?You use an AWS WAF to control how an Amazon CloudFront distribution, an Amazon API Gateway, an Application Load Balancer or an AWS AppSync GraphQL API responds to web requests. What can an AWS WAF do?
Types of rulesBefore choosing the right type of security rules, you should understand what vulnerabilities your web application has. If you need help finding this out, contact us for a consultation. Talk to a waf specialist1. AWS Managed rulesYou can select from a variety of AWS managed rule groups to protect your application from multiple threats. These rules are written by security experts who have extensive and up-to-date knowledge of threats and vulnerabilities. These managed rules include:
2. Custom rulesYou can write custom rules specific to your web application/database to block undesired patterns in parts of the HTTP/HTTPS request, such as headers, method, query string, URI, body and IP address. These custom rules can be used together with AWS Managed Rules. 3. AWS Marketplace RulesYou can also find rules created by security vendors that have built their own rule sets on an AWS WAF on the AWS Marketplace. 4. Advanced Automated MitigationsAWS provides the AWS WAF Security Automations Solution which automatically deploys a set of AWS WAF rules that filter common web-based attacks, but also provide advanced log analysis. This automated solution leverages AWS WAFs APIs to react to threats detected from logs, honeypot URLs, and more to automatically update rules and block malicious IP addresses. An example of this is shown below. Benefits of AWS WAFEasy to deploy:If you are already using services like Amazon CloudFront or Application Load Balancer, you can be up and running with an AWS WAF within a few minutes. And you don’t have to re-architect your whole network infrastructure when starting with an AWS WAF, which is sometimes necessary for WAFs from other providers. There is also no additional software to deploy, any DNS configuration or SSL/TLS certificate to manage. Affordable:As for other AWS services you pay only for what you use based on how many rules you deploy and how many web requests your web application receives, but you can look at our offer at the end of this article and get an AWS WAF in one of our StormIT bundles. Managed service and rules:The AWS WAF is a fully managed service, so you don’t have to worry about scaling and updates/patches. With Managed Rules for your AWS WAF, you can quickly get started and protect your web application or APIs against common threats. Managed rules are automatically updated so you can spend more time building applications. Comprehensive security with StormIT deployment architectureStormIT team helps organizations protect their websites and applications against all commonly known attacks and exploits by leveraging the protection of AWS Services, such as AWS WAF and AWS Shield. This reference architecture below includes several AWS Edge Services that the StormIT team recommends using because it can help you improve your web application’s resiliency against known web application attacks, but also secure your application and infrastructure in other ways. This architecture is intended for those who use only AWS services. We offer AWS Edge Services (Amazon CloudFront, AWS WAF, Amazon Route 53 and AWS Shield) in our special bundles, so you can leverage overall security for your applications. The pricing of these bundles is mainly based on your monthly data transfer and we provide special pricing for organizations transferring as little as 1 TB of data per month. Which of the following services can be used as a web application firewall in AWS choose the answer?AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content.
What is web application firewall in AWS?AWS WAF is a web application firewall that lets you monitor the HTTP(S) requests that are forwarded to your protected web application resources. You can protect the following resource types: Amazon CloudFront distribution. Amazon API Gateway REST API. Application Load Balancer.
Which of the following services can be used as a web application firewall in a WS?AWS Web Application Firewall(AWS WAF)
AWS WAF protection is tightly integrated with AWS services that AWS customers use to deliver content such as Amazon CloudFront CDN, the Application Load Balancer (ALB), and the Amazon API Gateway.
Which AWS resources can be configured with a web application firewall?AWS WAF can be deployed on Amazon CloudFront, the Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync.
|