In September 2016, Yahoo, a world-renowned web services provider has come to its bad day. At that day, Yahoo has broken the record of the biggest hacks and user account breaches in history.At least 500 million of Yahoo account had hacked by an unauthorized attack, its results to a huge impact towards on their trustworthy.

What makes the situation more critical is, actually the hacking activity had started in 2014 and only being revealed in 2016. Which means the threat had been alive for around 2 years of time.

This story reminds us of the importance of security as threats are everywhere on the internet and we might become the next victim who suffers from the disaster!

Luckily there is still a solution for you, which is a Web Application Firewall.

What is WAF?

To send a piece of information through the internet, it will first be saved as data packets and later delivered to a website or web application by using its IP address.

Unfortunately, normal traffic will not be able to determine whether the particular packet is containing good or bad stuff.

Thus, WAF comes into the table to perform their duty. A web application firewall (WAF) is used as a firewall that targets on the website traffic. It tracks and filters on every data packet that flows through it, and block some of the data packets if threat signatures are detected in it.

Types of WAF

A WAF solution can come in different types including:

1. Network-Based WAF

Network-Based WAF is a web application firewall that set up at your local network appliances. In other words, it is a hardware that installs to your device in order to track on all your data packets to and from the website.

Advantage:

• Speed, all other types of WAF might suffer on data latency as their WAF is not installed directly to your devices and it takes times to detour the traffic to pass through WAF for checking.

Disadvantage

• High Cost, it is not hard to imagine the cost required for you to buy, install, run and maintain a hardware device. Which make this type of WAF more costly as compared to other options.

          This type of WAF best            suits…

• Large scale companies and big-branded companies, those companies usually have their own web application firewall measures and installed on their devices physically. They are able to afford the high management and operating costs as well as speed will be their first priority when comes to serve their clients.

2. Cloud-Based WAF

Cloud-Based WAF can be considered as a new generation of web application firewall that combines it on a cloud platform provided by the service provider. With the availability of cloud, this type of web application firewall can be existed without installing at your local devices or software plugins.

Advantage:

• Mobility, you will not require to perform any installation and the services can be bonded to every service by a simple subscription
• Lite, cloud-based WAF will improve the website performance as you are not required to run the firewall on yourself.
• Consistent Update Threat Database, as it is controlled by the service provider, the update of their virus database and security measure will be frequently conducted

Disadvantage:

• Pricing by license, this type of WAF will main conduct on pricing per license.
• Lack of customisation options, as the services are hosted at the service provider thus you might not able to conduct as much configuration as other types of WAF.

This type of WAF best suits…

• SME Organisation and most of the organisation, as it is simple and lite which will help in boosting the website performance as well as secure your website.

3. Host-Based WAF

Host-based WAF can be integrated into applications’ software, it can be as a plugin or external software that installed to your network site. As it is a localized software that installed at your site, you might require to bare its usage on local resources.

Advantage:

• Customisable, it provides more customization to suit your requirements.
• Cost, lower cost as compared to Network-Based WAF

Disadvantage:

• Complexity, as similar as Network-Based WAF, this type of WAFs required more expert knowledge on implementations and configurations. Besides, due to its complexity, usage of a Host-Based WAF may also result in a higher expense.This type of WAF best suits…

• It suits most types of organisations as well as individual website or web application. This is because it provides adequate level of configuration as well as affordable to most of the organisations.

4. Open Source WAFs

This type of WAFs usually required you to have a certain level of knowledge and experiences to configure. But as it is open sources, it offers a high level of customisations and it is free of charges.

Difference between WAF and Network Firewall

When comes to the term of website protection, we can conclude that a WAF is an advanced version of the Network Firewall system.

A Network Firewall is mainly functioned to control the access from the low-security zone (Internet/Public Network) to high-security zone (Intranet/Internal Network) and it comprises of the protection towards unauthorised traffic from accessing your LAN network.

While a Web Application Firewall will eventually offer more detailed protection towards web attack from HTTP or HTTPS. Examples of web attacks are SQL injection, DDoS & Zombies, Brute Force, SEO spamming as well as other malware attacks. Web Application Firewall does have a better website threat detection as compared to network firewall which comprises of several techniques such as Signatures (The pattern used by threats or malicious code), Code anomalies & heuristics detection (Self-learning)