Implementation of a Web Application Firewall

Implementationof a Web Application Firewall

ExecutiveSummary

Theusers of web applications are on the increase and so is the need toprotect them. Different web application firewalls exist and for each,there are merits that make it preferred over the other. This paperhas primarily looked at the implementation of web applicationfirewall system that can protect a web application from variousapplication level attacks. Some of the applications levels attacksthat are protected include SQL Injection, cookie poisoning, andBuffer overflow (Clarke-Salt, 2009). While doing so, a comparativestudy has been done on the various existing open source webapplication firewalls. The choice criteria applied has beenexplained. Notably, the study finds out that Web Gladiator is thepreferred choice in regards to the problem being solved, the solutionto be offered and the cost implications. Web Gladiator is highlypreferred as it has the various merits that other web applicationfirewalls do not have. Some of the merits include the capability ofproviding graphical user interface in HTML, eases of integration withother web applications while Hillstone is standalone and capabilityto support the glass-fish and tomcat web servers.

ProblemStatement

Webapplications are available to various users given the internetnature. In most cases, the users include an online branch of a bank,an online shop, customer, employee portal as well as even theattackers of the site. Several attacks occur, and the attacks includethose in SQL injection, cross-site scripting that in most cases aimat exposing the hitches in web applications (KHIN SHAR &amp KuanTan, 2012). Owing to this, it has become increasingly difficult forthe traditional IT security systems like the firewalls to preventagainst the attacks. The traditional firewalls have been incapable ofproviding comprehensive protection (Shan, Xiaorui &amp Hong, 2010).

Technicallylooking at the web, with specific concentration on HTTP protocol, itis clear that they were not designed for the various complexapplications that are currently part of the system. Often, thevulnerabilities have their origin in this place, as HTTP is notstateful. This means that they are not defined separately or evenimplemented securely. The level of vulnerability increases furtherwith the high degree of complexity of the various web scripts, theframeworks in existence, and the different web technologies that areused.

Recentlythere has been the introduction of various industrial standards. Theintroduction of various standards has been of major importance asthey help in revealing the existence of security breaches. Havingintroduction standards as credit card industry, there has been arevelation of the loss of customer data in the credit cards. Thisresearch proposal seeks to explore the implementation of webapplication firewall and its role in securing the web applicationsthat are already in existence. While doing so, description of thesolution will be provided for the increasingly sophisticated attacksthat are witnessed currently. Further, product comparison is madewhere there is a matrix that compares three products that wereapplicable in solving the sophisticated attacks witnessed. Thereasons for picking the products of choice and not the other are alsogiven. Further, the solution chosen is given. Additionally, some ofthe factors that are considered for the process are also shared.These factors include training costs, deployment time and thehardware as well as the software required.

Descriptionof Proposed Solution

Protectionof application is valuable as a measure to protect against thedifferent security threats that in most cases are not protected bythe typical network intrusion detection system. Often, hackers attackthe web application through different ways and means including theStructured Query Language (SQL) injection, command injection, cookiepoisoning, and cross-site scripting among others (KHIN SHAR &ampKuan Tan, 2012). Often, the problems are addressed by presentingalgorithm to help in the detection process of the existingvulnerabilities within the web applications and deter further attackson web applications. The web application firewall that is proposed inthis paper will seek to monitor all the incoming and outgoing data inthe web application. This proposed firewall will also help inblocking the application level attacks that are launched by differentattackers.

Thepaper will seek to come up with a firewall that will help in securinga web application. This firewall will prevent access to a givenservice or application. This particular firewall will seek to operateby monitoring and potentially block out the various input, output oreven the system service calls like the simple words traffic, whichmay not be designed to meet the policy framework of the firewall. Theproposed application firewall is to help control all the networktraffic on the OSI layer up to the application level. This proposedfirewall is to help in controlling the applications or servicesspecifically. This is a different feature from the network statefulfirewall, which is unable to control the network traffic in regardsto a given particular application without having additional software.

Lately,the web applications have increasingly become universal. With theincrease in a number of applications, there is increased the amountof traffic on the internet. Owing to this, there is increased thethreat of the web applications being attacked. Owing to this, theyhave progressively become the best place where attacks for criminalsoccur. Web application vulnerabilities have several things includingpoor input validation, improper management of sessions, wrong systemsconfiguration settings and the problems in operating systems as wellas the software for the web server.

ProductComparison

Tosolve the problems that are faced, Web gladiator is the preferred webapplication software. Web gladiator firewall helps in securing a webapplication. This firewall is capable of preventing access to a givenservice or application. Web gladiator firewall will operate bymonitoring and potentially block out the various inputs, output, oreven the system service calls like the simple words traffic, whichmay not be designed to meet the policy framework of the firewall. Webgladiator firewall is capable of controlling all the network trafficon the OSI layer up to the application level. This proposed firewallis to help in controlling the applications or services specifically.This is a different feature from the network stateful firewall, whichis unable to control the network traffic in regards to a givenparticular application without having additional software.

Theother firewalls considered include CISCO Firewall ASA5550-BUN-K9 – ASA 5550 Appliance and Hillstone SG-6000-T5860 Hardware Firewall.

Web Gladiator

CISCO Firewall ASA5550-BUN-K9 – ASA 5550 Appliance

Hillstone SG-6000-T5860

Secure web application

Capable of preventing access to a given service or application

Prevents access to a given service or application

Operates by monitoring and potentially blocking out the various inputs, output, or even the system service calls like the simple words traffic

Controls all the network traffic on the OSI layer up to the application level

Controlling the applications or services specifically

Secure web application

Capable of preventing access to a given service or application

Secure web application

Capable of preventing access to a given service or application

Progressively monitors the network

Has the capacity to disclose every step that an attack occurs within a few minutes

Applies three main technologies in its priorities and they include statistical clustering, behavioral analytics, and forensic analysis.

Can easily support NAT and PATIs in a position to support VLAN, Vswitch, Vrouter and Virtual-WireProvides the various security policies depending on security zone, user, objects and time, IP address, ports, service, applications

Incomparing the three firewalls, it emerged that Web Gladiator is themost preferable. Notably, web gladiator firewall has almost similarfeatures and supports the various functionalities just like Hillstonefirewall. In choosing the three firewalls, the first considerationwas placed on their capability to solve the problems that are faced.The two firewalls applications that are, Hillstone SG-6000-T5860 andWeb Gladiator, were suitable for most of the functionalities. Thecriteria for selection also concentrated on the capability to monitorincoming and outgoing HTTP traffic of the web application. The otherconsideration was the ability to match all the traffic with rules andattack the definitions that exist in the rule database. Also, theability to block any malicious or suspicious traffic was considered.Notably, Hillstone and Web gladiator can generate alert for the userwhen traffic is blocked while Cisco firewall does not provide anyform of alert.

However,Cisco was also considered but lacked the capability to sought outsome of the problems. Cisco firewall, for instance, cannot operate bymonitoring and potentially blocking out the various inputs, output,or even the system service calls like the simple words traffic. Themain reasons for the preference of web gladiator included:

  1. Capability of providing graphical user interface in HTML

  2. Can easily be integrated with other web applications while Hillstone is standalone

  3. It specifically supports the glass fish and tomcat web servers

Nonetheless,all the firewalls are preferred because they are open source.

CostsImplications and Deployment Time

Inimplementing the firewall, 3 months will be enough for the entireprocess.

Item

Number

Cost

Web gladiator firewall

1 set @ $1700

$1700

Web trend firewall suite

1 set

$ 1999

Trainers

5 @ $800 per month

$ 4000

Trainee Allowance/ per diem

10 @ @200 per month

$ $2000

Maintenance Charges

$ 374 per month

$ 374

Manuals and literature for operation

1 set

$250

Security administrator

1

$5000

Total Cost

$15,323

Personnel

Someof the key personnel in the project include the network administratorwho is put in charge of all the external effects of the network. Theother personnel is the security administrator who will ensure thatfirewall and antiviral program are executed as required (Tari &ampChan, 1997).

AreaApplied

Owingto the numerous merits of the firewall software, it can be applied insupermarket. An example of supermarket where it would be best appliedis the Target. Web Gladiator has some of the benefits that suit theretail industry. In fact, it would help secure the retail onlinesystems including terminal point of transactions as it hascomprehensive services that include the all-round clock management,monitoring of the various multiple security layers. The suitabilityof the firewall is undisputed given the capability to safeguardinformation assets, the IT infrastructure, and the ability to ensureprogress in business through identification of internal and externalsecurity breaches.

Reasonsfor Application

Targethas had issues with data breaches in its systems. A case example isthe big data breach in 2014. During this time, Target lost 40 milliondebit and credit card numbers(Oldushue 2013).Having the Gladiator Firewall will help minimize the problem or evencurb the problem fully. Gladiator will ensure that there is all roundmonitoring of the systems as well as monitoring the differentexisting information assets.

Conclusion

Usually,different web application firewalls exist and for each, there aremerits that make it preferred over the other. This paper has mainlyconcentrated on the implementation of web application firewall systemthat can protect a web application from various application levelattacks. From the study, it emerges that some of the applicationslevels attacks that are protected include SQL Injection, cookiepoisoning, and Buffer overflow. While doing so, a comparative studyhas been done on the various existing open source web applicationfirewalls. The choice criteria applied has been explained. Notably,the study finds out that Web Gladiator is the preferred choice inregards to the problem being solved, the solution to be offered, andthe cost implications. Comparing the three firewalls, it emerges thatweb gladiator is highly preferred as it has the various merits thatother web application firewalls do not have. Some of the merits thathave been identified include the capability of providing graphicaluser interface in HTML, eases of integration with other webapplications while Hillstone is standalone and capability to supportthe glassfish and tomcat web servers (Glass et al., 2004).

References

Clarke-Salt,J. (2009).&nbspSQLinjection attacks and defense.Elsevier.

Glass,M. K., Le Scouarnec, Y., Naramore, E., Mailer, G., Stolz, J., &ampGerner, J. (2004).&nbspBeginningPHP, Apache, MySQL Web Development.John Wiley &amp Sons.

Jovanovic,N., Kruegel, C., &amp Kirda, E. (2006, May). Pixy: A static analysistool for detecting web application vulnerabilities. In&nbsp2006IEEE Symposium on Security and Privacy (S&ampP`06)&nbsp(pp.6-pp). IEEE.

KHINSHAR, L., &amp Kuan Tan, H. B. (2012). Defending against cross-sitescripting attacks.&nbspComputer,&nbsp45(3),55-62.

Oldushue,H.J (December, 2013).40 Million Card Accounts Affected by SecurityBreach at Target. Retrieved from&lthttp://www.lowcards.com/40-million-card-accounts-affected-security-breach-target-21279&gt[Accessed 3/7/2016]

Shan,L., Xiaorui, D., &amp Hong, R. (2010, August). An adaptive methodpreventing database from SQL injection attacks. In&nbsp20103rd International Conference on Advanced Computer Theory andEngineering (ICACTE)&nbsp(Vol.1, pp. V1-352). IEEE.

Tari,Z., &amp Chan, S. W. (1997). A role-based access control forintranet security.&nbspIEEEInternet Computing,&nbsp1(5),24.

Appendices

Appendix1: Hillstone SG-6000-T5860 Specifications

Appendix2: Web Gladiator