[sclug] Firewall question

Steve lohapuk at gmail.com
Wed May 1 14:23:54 UTC 2013


The application should not need to be altered, unless its do something very very very strange. Normally the WAF - Web application Firewall, has a learning mode. This learning mode "learns" what posts, gets etc etc are sent between the application and the end user. After some time it learns the application and looks for anything outside the norm either alerting you or blocking the traffic. It ties to stop SQL injection attacks, cross site scripting attacks etc etc.?

If you have any question let me know.?

--
Steve
Sent with Airmail
On 1 May 2013 at 15:16:43, Neil Haughton (haughtonomous at googlemail.com) wrote:
Hi Alex,  

I'm not sure if it does help what I trying to understand. If you are able  
to answer the last part of my question, namely  

"...does the application itself (I'm thinking a web app) need to know about  
the app firewall, or provide special hooks or anything like that? Can I  
take an arbitrary web app, for example, say "FooApp", and shove an  
arbitrary app firewall, say "Bar App Firewall 2013", in front of it, and  
with suitable configuration expect the app firewall to protect the web app?"  

it will be more helpful. I am trying to ascertain whether our particular  
web app product would need to be modified if the customer wants to use it  
in conjuction with an "app firewall" . or is the app firewall simply  
something sitting between a web app and the outside world, that does not  
care what the web app is or does?  

TIA  

Neil  



On 1 May 2013 13:00, Alex Butcher <lug at assursys.co.uk> wrote:  

> On Wed, 1 May 2013, Neil Haughton wrote:  
>  
> This is not specifically a Linux question, but there seem to be a lot of  
>> knowledgable networking people lurking here so I'm going to take a punt.  
>>  
>> What is the difference between a conventional 'firewall' and an  
>> 'application firewall'? I've read the wikipedia page and am none the  
>> wiser.  
>> I guess that an app firewall concentrates on traffic for a specific app,  
>> but does the application itself (I'm thinking a web app) need to know  
>> about  
>> the app firewall, or provide special hooks or anything like that? Can I  
>> take an arbitrary web app, for example, say "FooApp", and shove an  
>> arbitrary app firewall, say "Bar App Firewall 2013", in front of it, and  
>> with suitable configuration expect the app firewall to protect the web  
>> app?  
>>  
>  
> Depends on the context.  
>  
> Originally, I'd have said an application firewall was one which operated at  
> the application layer of the OSI network model, i.e. it was a proxy. That  
> would require a proxy setting in the application, unless it was combined  
> with some transparent translation to redirect an unaware application to the  
> proxy.  
>  
> Using proxies harms performance, so the transparent translation techniques  
> have morphed into Deep Packet Inspection and Intrusion Prevention. You can  
> view Linux's nf_conntrack_* netfilter kernel modules as primitive forms of  
> this, and things like the Snort-based HogWash as the beginning of the the  
> more modern approaches.  
>  
> Conceivably, one might also use application firewall to define things like  
> database firewalls which impose security policies upon the types of queries  
> that can be executed and the results that can be returned. I think that  
> would be a contentious definition, however.  
>  
> A regular firewall is generally taken to refer to a pure network protocol  
> filter, which may or may not be connection state aware, but is not aware of  
> the application layer at all.  
>  
> Does that help?  
>  
> HTH,  
> Alex  
>



More information about the Sclug mailing list