Web Hosting Blog
SSL/HTTPS is an essential layer of website security. But it won’t stop hackers from infiltrating your database. Any company that hosts applications online is at risk. By giving your visitors the ability to interact with your web sites and integrated web apps, you also open the door for hackers. In fact, according to the Verizon Data Breach Investigation Report, 40% of all data breaches involved web application attacks.
There’s a Firewall for That
Unfortunately, a traditional firewall does very little to protect a multi-tier web application. Since a perimeter firewall opens common ports like 80 and 443, hackers have easy access to these same ports. That’s why a traditional firewall can’t protect you from an SQL injection or DDoS attack. You need a web app security solution that goes beyond simply opening and closing ports. You need one that can discern incoming traffic.
Another common misconception is that an Intrusion Protection System (IPS) is enough to monitor traffic. Wrong again. Sure, it can monitor incoming network traffic, but falls short when it comes to interpreting the complex nature of HTTP traffic. Similar to a perimeter firewall, an IPS is best at protecting a network at large, not securing a dedicated edge-based application.
The Difference a Web Application Firewall (WAF) Makes
A Web Application Firewall, or WAF, isn’t designed to protect your enterprise perimeter or servers. Instead, its sole purpose is to protect your web applications. That’s why it resides at the outer edge of your network in front of the public side of a web application. It has a very specific job and that’s to focus on the application layer, or layer 7, of the OSI model with the primary purpose of protecting your applications and your customers. A WAF intercepts and analyzes all traffic, including every HTTP request, before it reaches your web app to identify malicious activity. If foul play is suspected, it sends an alert or blocks the request altogether.
What’s the Big Deal About the Application Layer
Today, everything’s connected. That means your web apps have a direct line to your back-end database servers that hold all the sensitive and personal data that hackers can’t wait to get their hands on. And, they’ve become more and more sophisticated at how they go about stealing it. WAFs protect you against SQL injections, cross-site scripting, malicious file executions and other OWASP Top Ten application risks.
While it’s hard to stay one step ahead of hackers, performing scans and launching unusual traffic patterns are essential steps in their process to identify vulnerabilities and compromise servers. That’s exactly what a WAF is waiting for—unusual traffic and anomalies—to stop these requests in their tracks before they cause any damage.
Why Would a Small Business Need a WAF?
Most SMB owners make the serious mistake of thinking no hacker would waste their time going after them. But the reality is, hackers aren’t necessarily looking for the million-dollar win the first time around. You’re usually the means to a much bigger end. And, they cause devastating damage for you in their wake, including:
– Loss of data
– Lost revenue
– Getting your website blacklisted
– Major decreases in search engine ranking
– Lost customer confidence
WAFs and SSL
Hackers are now sophisticated enough to use HTTPS as way to camouflage malicious code, so it flies under the radar. By hosting SSL certificates on the WAF, it decouples the traffic between the web server and internet to analyze it. Traffic is then sent back to the WAF, encrypted and forwarded to the user using HTTPS.
Protecting by the Rules
WAFs adhere to a set of rules, such as blocking unwanted traffic, protecting against DDoS attacks, and performing interim virtual patches on popular CMS platforms (such as WordPress or Magento). Some WAFs also allow you to customize, or write your own rules, for specific applications.
Always-on Protection Gives You Peace of Mind
A WAF proactively protects your site around-the-clock. It gives you a much better chance to prevent attacks and, should one occur, saves you time and money in resolving it. That’s why it makes good business sense to include it in your security strategy. Plus, many industry standards require deployment of a WAF to maintain compliance.
CWCS’s cWatch Web is an affordable, fully managed all-in-one security solution that includes a WAF as part of its multi-stack protection. Find out how it wards off malicious traffic to keep your apps and customers safe.