In September 2016, Yahoo, a world-renowned web services provider has come to its bad day. At that day, Yahoo has broken the record of the biggest hacks and user account breaches in history.At least 500 million of Yahoo account had hacked by an unauthorized attack, its results to a huge impact towards on their trustworthy.
What makes the situation more critical is, actually the hacking activity had started in 2014 and only being revealed in 2016. Which means the threat had been alive for around 2 years of time.
This story reminds us of the importance of security as threats are everywhere on the internet and we might become the next victim who suffers from the disaster!
Luckily there is still a solution for you, which is a Web Application Firewall.
To send a piece of information through the internet, it will first be saved as data packets and later delivered to a website or web application by using its IP address.
Unfortunately, normal traffic will not be able to determine whether the particular packet is containing good or bad stuff.
Thus, WAF comes into the table to perform their duty. A web application firewall (WAF) is used as a firewall that targets on the website traffic. It tracks and filters on every data packet that flows through it, and block some of the data packets if threat signatures are detected in it.
A WAF solution can come in different types including:
Network-Based WAF is a web application firewall that set up at your local network appliances. In other words, it is a hardware that installs to your device in order to track on all your data packets to and from the website.
This type of WAF best suits…
Cloud-Based WAF can be considered as a new generation of web application firewall that combines it on a cloud platform provided by the service provider. With the availability of cloud, this type of web application firewall can be existed without installing at your local devices or software plugins.
This type of WAF best suits…
Host-based WAF can be integrated into applications’ software, it can be as a plugin or external software that installed to your network site. As it is a localized software that installed at your site, you might require to bare its usage on local resources.
This type of WAFs usually required you to have a certain level of knowledge and experiences to configure. But as it is open sources, it offers a high level of customisations and it is free of charges.
Difference between WAF and Network Firewall
When comes to the term of website protection, we can conclude that a WAF is an advanced version of the Network Firewall system.
A Network Firewall is mainly functioned to control the access from the low-security zone (Internet/Public Network) to high-security zone (Intranet/Internal Network) and it comprises of the protection towards unauthorised traffic from accessing your LAN network.
While a Web Application Firewall will eventually offer more detailed protection towards web attack from HTTP or HTTPS. Examples of web attacks are SQL injection, DDoS & Zombies, Brute Force, SEO spamming as well as other malware attacks. Web Application Firewall does have a better website threat detection as compared to network firewall which comprises of several techniques such as Signatures (The pattern used by threats or malicious code), Code anomalies & heuristics detection (Self-learning)