January 16, 2012

1.1.12 Web application firewall vs. network firewall

An application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall.

The application firewall is typically built to control all network traffic on any OSI layer up to the application layer. It is able to control applications or services specifically, unlike a stateful network firewall which by default is unable to control network traffic regarding a specific application.

The Web Application Firewall (WAF) is an intermediary device, sitting between a web-client and a web server, analyzing OSI Layer-7 messages for violations in the programmed security policy. It is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked.

Examples of WAF include Cisco - ACE Web Application Firewall and SecureSphere Web Application Firewall (WAF).

The network firewall controls and monitors access between different networks by filtering inbound and outbound traffic, manages access controls to requested locations and typically blocks all services except those specifically permitted.

References:

  • http://www.webappsec.org/projects/glossary/
  • http://en.wikipedia.org/wiki/Application_firewall
  • https://www.owasp.org/index.php/Web_Application_Firewall
  • http://www.imperva.com/products/wsc_web-application-firewall.html
  • Mike Meyers' CompTIA Security+ Certification Passport, Second Edition by T. J. Samuelle

No comments:

Post a Comment