[sclug] Firewall question
Neil Haughton
haughtonomous at googlemail.com
Wed May 1 14:28:18 UTC 2013
Thanks - that tells me what I need to know.
On 1 May 2013 15:23, Steve <lohapuk at gmail.com> wrote:
> The application should not need to be altered, unless its do something
> very very very strange. Normally the WAF - Web application Firewall, has a
> learning mode. This learning mode "learns" what posts, gets etc etc are
> sent between the application and the end user. After some time it learns
> the application and looks for anything outside the norm either alerting you
> or blocking the traffic. It ties to stop SQL injection attacks, cross site
> scripting attacks etc etc.
>
>
> If you have any question let me know.
>
> --
> Steve
> Sent with Airmail <http://airmailapp.info/tracking>
>
> On 1 May 2013 at 15:16:43, Neil Haughton (haughtonomous at googlemail.com)
> wrote:
>
> Hi Alex,
>
> I'm not sure if it does help what I trying to understand. If you are able
> to answer the last part of my question, namely
>
> "...does the application itself (I'm thinking a web app) need to know
> about
> the app firewall, or provide special hooks or anything like that? Can I
> take an arbitrary web app, for example, say "FooApp", and shove an
> arbitrary app firewall, say "Bar App Firewall 2013", in front of it, and
> with suitable configuration expect the app firewall to protect the web
> app?"
>
> it will be more helpful. I am trying to ascertain whether our particular
> web app product would need to be modified if the customer wants to use it
> in conjuction with an "app firewall" . or is the app firewall simply
> something sitting between a web app and the outside world, that does not
> care what the web app is or does?
>
> TIA
>
> Neil
>
>
>
> On 1 May 2013 13:00, Alex Butcher <lug at assursys.co.uk> wrote:
>
> > On Wed, 1 May 2013, Neil Haughton wrote:
> >
> > This is not specifically a Linux question, but there seem to be a lot of
> >> knowledgable networking people lurking here so I'm going to take a
> punt.
> >>
> >> What is the difference between a conventional 'firewall' and an
> >> 'application firewall'? I've read the wikipedia page and am none the
> >> wiser.
> >> I guess that an app firewall concentrates on traffic for a specific
> app,
> >> but does the application itself (I'm thinking a web app) need to know
> >> about
> >> the app firewall, or provide special hooks or anything like that? Can I
> >> take an arbitrary web app, for example, say "FooApp", and shove an
> >> arbitrary app firewall, say "Bar App Firewall 2013", in front of it,
> and
> >> with suitable configuration expect the app firewall to protect the web
> >> app?
> >>
> >
> > Depends on the context.
> >
> > Originally, I'd have said an application firewall was one which operated
> at
> > the application layer of the OSI network model, i.e. it was a proxy.
> That
> > would require a proxy setting in the application, unless it was combined
> > with some transparent translation to redirect an unaware application to
> the
> > proxy.
> >
> > Using proxies harms performance, so the transparent translation
> techniques
> > have morphed into Deep Packet Inspection and Intrusion Prevention. You
> can
> > view Linux's nf_conntrack_* netfilter kernel modules as primitive forms
> of
> > this, and things like the Snort-based HogWash as the beginning of the
> the
> > more modern approaches.
> >
> > Conceivably, one might also use application firewall to define things
> like
> > database firewalls which impose security policies upon the types of
> queries
> > that can be executed and the results that can be returned. I think that
> > would be a contentious definition, however.
> >
> > A regular firewall is generally taken to refer to a pure network
> protocol
> > filter, which may or may not be connection state aware, but is not aware
> of
> > the application layer at all.
> >
> > Does that help?
> >
> > HTH,
> > Alex
> >
>
>
More information about the Sclug
mailing list