Security talk: not a versatile firewall has loopholes

. Firewalls alone are no longer sufficient to protect online assets. Today, hackers and their attack strategies are becoming more sophisticated and more dangerous. One of the current threats is application-layer attacks, which can sneak into a firewall until they sneak into a web application. That's right, many of these attacks like to use valuable customer data as a starting point.

So why can't ordinary firewalls stop such attacks? Because such attacks are pretending to be normal traffic, there are no particularly large packets, and the address and content are not suspiciously mismatched, so no alerts are triggered. One of the most frightening examples is SQL injection. In this type of attack, hackers use one of your own HTML forms to query the database without authorization. Another threat is command execution. As long as the web application sends the command to the shell, the hacker can execute the command freely on the server.

Other attacks are simpler. For example, HTML comments often contain sensitive information, including login information left by inadvertent programmers. Thus, the attack on the application layer, from tampering with cookies to changing the hidden fields in the HTML form, depends entirely on the hacker's imagination. The good news, however, is that most of these attacks are completely preventable.

If combined, two complementary solutions provide a solid line of defense. First, use the app scanner to thoroughly scan your web app for vulnerabilities. Then, use the web application firewall to block the intrusion of criminals.

The application scanner basically launches a series of simulated attacks on your server and reports the results. KaVaDo ScanDo, Sanctum AppScan Audit, and SPI Dynamics are quite comprehensive in terms of detailing defects and recommending remedies. AppScan Audit is especially noteworthy because it has post-mortem checking capabilities that help programmers detect vulnerabilities as they code. However, none of these kits are comparable to a comprehensive review by security professionals.

Once you manage to block the vulnerability, the next step is to deploy a web application firewall. The way this type of firewall works is very interesting: figure out what the normal traffic going in and out of the app looks like, and then detect the abnormal traffic. To do this, the web application firewall must check the packets deeper than the normal firewall. Check Point is best known in this regard, but other vendors such as KaVaDo, NetContinuum, Sanctum and Teros are relatively small. Some of these firewalls use software, some use hardware, and some have both. But don't be fooled into thinking that this kind of firewall is plug and play, even if you use hardware. As with intrusion detection systems, you should also carefully adjust the web application firewall to reduce false positives and prevent attacks from sneaking into it.

Due to spam and increasingly rampant attacks, if you think that installing a firewall is all right and you can rest easy, you should think about how you should deal with it.