The ayelujara ohun elo ogiriina (WAF) ni a aabo ọpa lo lati dabobo lodi si aifẹ wiwọle si ayelujara ohun elo. O ti wa ni igba a aabo ẹrọ ti o joko lori oke ti a ayelujara server ati ṣọ lodi si irokeke lati ayelujara tabi lati kọja awọn nẹtiwọki agbegbe.

Ko dabi Layer 3 (Nẹtiwọọki) ati Fẹlẹfẹlẹ 4 (Gbigbe) Awọn ogiriina, eyiti ko lagbara lati ṣe idanimọ awọn ibeere fẹlẹfẹlẹ ohun elo irira , WAF jẹ fẹlẹfẹlẹ kan 7 Ogiriina ti o le rii awọn idii ti paroko ti o ti kọja. Lilo WAF jẹ ki awọn ajo lati daabobo wiwa wọn lori ayelujara lodi si ọpọlọpọ awọn ikọlu wẹẹbu ti o da lori intanẹẹti, pẹlu iwe afọwọkọ aaye agbelebu (XSS), Awọn abẹrẹ SQL, ati eke ibeere agbelebu (CSRF). Awọn ikọlu wọnyi le fun awọn olukọni ni agbara lati ji alaye pataki, Gba awọn olupin wẹẹbu, tabi ṣe ifilọlẹ awọn ikọlu lodi si awọn ọna ṣiṣe miiran, eyi ti o le jẹ ajalu si awọn ohun elo wẹẹbu.

Awọn iṣoro

1. Awọn iṣẹ bulọọgi abinibi awọsanma ati WAF

Awọn WAF ko munadoko laarin awọn ohun elo wẹẹbu abinibi awọsanma ati inu awọn agbegbe awọsanma. Idi kan ni pe awọn ofin aabo ti awọn ohun elo wẹẹbu ibile ti wa ni adehun laarin awọn agbegbe ti o wa ni agbegbe ko wulo ninu awọsanma.

Ni awọn ile-iṣẹ data ibile, Awọn ogiriina ohun elo wẹẹbu ni a fi sori ẹrọ ni eti nẹtiwọọki lati daabobo awọn ohun elo ti n ṣiṣẹ laarin agbegbe ti nẹtiwọọki inu. Sibẹsibẹ, ni awọn agbegbe awọsanma, awọn ohun elo ni a maa n firanṣẹ ni awọn ẹrọ foju tabi awọn apoti ti o rọ ati pe o le wa ni titan ati pipa bi ibeere ti yipada. Eyi tumọ si pe awọn ọna ti o da lori aabo ibile le jẹ kere si munadoko ni awọn agbegbe awọsanma, nibiti awọn ohun elo le gbe nibikibi lori nẹtiwọọki ati pe o nira diẹ sii lati ṣe atẹle ati ṣakoso.

Ipenija miiran pẹlu awọn ohun elo wẹẹbu abinibi awọsanma ni pe wọn jẹ igbagbogbo pinpin ati eka ju awọn ohun elo wẹẹbu ibile lọ. Awọn ohun elo abinibi awọsanma jẹ igbagbogbo ti awọn microservices ti o ṣe ibasọrọ pẹlu ara wọn nipasẹ awọn API ati pe o le lo ọpọlọpọ awọn ile itaja data ati awọn iṣẹ ẹnikẹta. Eyi le jẹ ki idanimọ ati idinku awọn eewu aabo nira sii, bi awọn ikọlu le waye ni eyikeyi aaye ninu faaji ohun elo.

2. WAF ati awọn italaya API

API (Awọn wiwo siseto ohun elo) jẹ awọn ọna akọkọ ti isopọmọ laarin awọn microservices ati pe a tun lo lati jẹ ki ibaraẹnisọrọ laarin awọn iṣẹ ita ati awọn ohun elo. APIs use different communication protocols and traffic patterns than traditional web applications, which makes it more difficult for WAFs to accurately identify and protect API traffic. This can lead to false positives or false negatives, weaken security, or block legitimate traffic unnecessarily.

One of the challenges with API traffic is that it can use different protocols such as HTTP, HTTPS, and Web-Sockets, which can contain different types of payloads and headers that make it difficult for the WAF to accurately identify the traffic. For example, some APIs can use binary payloads or encryption, which is difficult for WAFs to interpret and parse.

Another challenge is that APIs can have different traffic patterns than traditional web applications. APIs typically have a high volume of traffic with many requests per second, making it difficult for the WAF to keep up with the pace of traffic. Additionally, compared to web applications, APIs often have more predictable and consistent traffic patterns, making it easier for attackers to identify vulnerabilities and launch attacks.

Laipẹ, a security research group published a new method for bypassing multiple web application firewalls, including Palo Alto, F5, Amazon Web Services, Cloudflare, and Imperva. The specified vendors acknowledged (according to the researchers) the disclosure and made changes to their products’ SQL inspection processes to support JSON syntax.

Solutions

1. API Specified Anomalies

To overcome the challenges mentioned above, a WAF should be specifically designed to handle API traffic. Eyi le pẹlu idanimọ ati aabo ijabọ API nipa lilo ọpọlọpọ awọn imuposi, pẹlu awọn atupale ti o da lori ibuwọlu tabi awọn alugoridimu ẹkọ ẹrọ ti o le ṣe awari awọn aiṣedeede ninu awọn ilana ijabọ. WAF tun le nilo lati ṣepọ pẹlu awọn irinṣẹ aabo miiran gẹgẹbi awọn ẹnu-ọna API lati pese ojutu aabo okeerẹ diẹ sii.

Ni apapọ, aabo ijabọ API pẹlu WAF nilo ọna ti o yatọ ju aabo ohun elo wẹẹbu ibile. A gbọdọ ṣe apẹrẹ WAF kan lati mu awọn ilana ibaraẹnisọrọ pato API ati awọn ilana ijabọ lati ṣe idanimọ ati daabobo lodi si awọn irokeke aabo.

2. Awọn WAF ti a ṣepọ

Lati pade awọn italaya wọnyi, WAF yẹ ki o kọ ni pataki fun awọn ohun elo wẹẹbu abinibi awọsanma. Eyi le pẹlu fifiranṣẹ WAF gẹgẹbi apakan ti faaji ohun elo rẹ dipo bi ojutu ti o da lori agbegbe. Additionally, Awọn WAF le nilo lati ṣepọ pẹlu awọn irinṣẹ aabo abinibi awọsanma miiran gẹgẹbi awọn iru ẹrọ aabo eiyan ati awọn ẹnu-ọna API lati pese ojutu aabo okeerẹ diẹ sii.

WAFs tun le ṣe ipa pataki ni aabo awọn ohun elo wẹẹbu abinibi awọsanma, ṣugbọn wọn le nilo lati ṣe deede ati imudarasi lati koju awọn italaya aabo alailẹgbẹ ti awọn agbegbe abinibi awọsanma.

3. WAF ati olugbeja-ni-ijinle

A WAF yẹ ki o wa ni kà ọkan Layer ti a olona-fẹlẹfẹlẹ aabo ona, pẹlú pẹlu miiran aabo irinṣẹ bi intrusion erin ati idena awọn ọna šiše, aabo API gateways, endpoint Idaabobo, nẹtiwọki ogiriina, ati wiwọle idari. Nipa imuse ọpọ fẹlẹfẹlẹ ti aabo idari , organizations can build a more robust security posture and better defend against various threats.

Using a WAF as part of a defense-in-depth strategy can help prevent a wide variety of web application attacks and reduce the risk of data breaches and other security incidents. A WAF helps provide visibility into web application traffic, enabling organizations to monitor and analyze traffic patterns and identify potential security threats. This is especially important in cloud environments where web applications and APIs can become more distributed and complex.

By integrating WAFs with other security tools such as API gateways and Security Information and Event Management (SIEM) systems, organizations can create a more comprehensive security solution that gives them greater visibility and control over their cloud environment.

4. Distributed WAFs

A distributed WAF (web application firewall) is the answer to the challenge of securing distributed cloud-based micro-services. For traditional monolithic applications, a single WAF can be deployed at the network edge to protect the entire application. Sibẹsibẹ, in cloud-based distributed microservices environments, applications are split into smaller, modular components, each with its own API and security requirements. This can make it difficult to protect all components with a single WAF, as each component may require different security policies and configurations.

A distributed WAF was developed to address this challenge by providing a distributed and scalable security solution for cloud-based micro-services. A distributed WAF consists of multiple instances of a WAF deployed in different locations such as data centers and cloud regions. Each WAF instance can be configured with its own security policy and configuration tailored to the specific needs of the micro-services it protects.

By deploying multiple instances of WAF in different locations, organizations can deploy a more comprehensive and scalable security solution that can adapt to the changing needs of micro-services environments. A distributed WAF can also improve resilience and availability, as it can continue to operate even if one or more instances fail.

Additionally, distributed WAFs can be integrated with other security tools such as API gateways and SIEM systems to provide a more comprehensive security solution for cloud-based micro-services. For example, an API gateway can be used to manage access to micro-services, a distributed WAF can be used to protect against web application attacks, and visibility into web application traffic can be achieved.

Conclusion

Web Application Firewalls (WAFs) play a significant role in defending web applications from internet-originating attacks, including SQL injections, cross-site scripting (XSS), ati eke ibeere agbelebu (CSRF). Sibẹsibẹ, cloud-native web applications and APIs pose particular challenges for WAFs because of their complex and distributed nature, making it difficult for WAFs to properly detect and mitigate security risks.

To address these challenges, WAFs nilo lati ṣe apẹrẹ pataki fun awọn ohun elo wẹẹbu abinibi awọsanma ati ṣepọ pẹlu awọn irinṣẹ aabo abinibi awọsanma miiran, pẹlu awọn iru ẹrọ aabo eiyan ati awọn ẹnu-ọna API. Additionally, WAFs yẹ ki o ṣe akiyesi bi fẹlẹfẹlẹ kan ti ọna aabo pupọ, pẹlu awọn irinṣẹ aabo miiran bii iṣawari intrusion ati awọn ọna idena, Awọn ẹnu-ọna API ti o ni aabo, endpoint Idaabobo, nẹtiwọki ogiriina, ati wiwọle idari.

Nipa sisopọ awọn WAF pẹlu awọn irinṣẹ aabo miiran ati fifiranṣẹ ọpọlọpọ awọn fẹlẹfẹlẹ ti awọn iṣakoso aabo, Awọn ajo le ṣẹda ojutu aabo okeerẹ diẹ sii ti o pese hihan diẹ sii ati iṣakoso lori ayika awọsanma wọn.