With the deployment of a strong web application firewall, one can run secured and critical web applications wherever they reside such as in a public cloud, or on-premise data centre. A powerful WAF solution protects organizations against OWASP top ten threats, various application vulnerabilities, and zero-day attacks.
In today’s world, enterprises are exploring their businesses with the usage of more web-based Cloud-hosted applications, so a more powerful web application firewall (WAF) isn’t a luxury—it’s a requirement, a need of the hour for the cloud infrastructure. A powerful WAF also allows compliance with some key regulatory standards like PCI DSS.
Let’s take a look at why having a WAF is so important, how it works, and the options you have to protect your server, from open source solutions to the WAF designed at BitNinja.
Web application attacks are the biggest threat in today’s World
The main security challenge that you face as a sysadmin is the increasing number of web applications, plugins and other software running on your servers. Customers demand the latest platforms, CMS and server management tools, and you’ve got to provide these features to keep their business.
Attacks on servers have become more and more complex. Rather than targeting brute force or other “typical” methods of attack, hackers are now exploiting vulnerabilities in out-of-date and insecure plugins and web apps.
You can create a basic firewall with IPTables and monitor bandwidth for IPs, but you’ll never be completely secure until you’ve locked down your web apps. In fact, a recent study found that 73% of all security exploits are directed against web applications.
With more than two-thirds of attacks directed towards web apps, it’s clear they pose the biggest threat to server security. And you can’t simply block these apps. You’ve got to allow access to keep your customers happy, and you’ve got to keep the bad guys out. The solution is to implement a web application firewall which selectively blocks exploits, and you’ve got a few options when choosing a WAF.
Consideration for choosing a suitable Web Application Firewall
When you start looking for a WAF for your server, you’ll see a lot of open source options in the search results. This is a good place to start because open source projects provide a clear picture of what’s needed in a web application firewall, and how they work.
Perhaps the most well-known resource on WAF’s is the Open Web Application Security Project (OWASP), a worldwide non-profit organization dedicated to making software and server security “visible so that individuals and organizations are able to make informed decisions”.
On Wiki, you can read about the top 10 web application security problems. The “OWASP Top 10” highlights the primary security concerns when creating or implementing a WAF on your server. These are the main attacks that a WAF is designed to stop, and the list also tells you a bit about how a WAF works to secure your server.
The OWASP Top 10 Web Application Security Risks
Here’s the latest including a brief description of the types of exploits a WAF is designed to stop:
ModSecurity – Open Source WAF based on OWASP
When it comes to open source web application firewalls, ModSecurity is at the top of the list. In some ways, it’s the only open-source WAF, because other open source solutions are targeted for specific frameworks, for example, NAXSI which is just for NGINX, and Webknight which is for Microsoft servers.
ModSecurity, which is an OWASP project, covers Apache, NGINX and Microsoft web servers and is highly based upon the Top 10 list and providing a base level of protection for every server. The primary drawbacks are that ModSecurity is a command-line only tool and is “help yourself” when it comes to support.
For DIY solutions, ModSecurity is a great place to start. If you’re willing to roll up your sleeves and do some hand-coding, it can provide reasonable protection. Things to look out for along the way are keeping up-to-date with the latest versions and making sure ModSecurity doesn’t interfere with the applications when they are running, especially when you begin modifying the rules for your specific needs.
Why Choose BitNinja WAF 2.0 for your server?
1. Industry Standards and Compatibility
BitNinja WAF 2.0 built on the backbone of ModSecurity. It’s the industry standard and compatible across a wide range of platforms. Using ModSecurity as the base for our platform ensures that our WAF is always up-to-date with the latest best practices according to OWASP and the worldwide security community.
2. Less Configuration, More Protection
While ModSecurity provides adequate protection for web servers, BitNinja wanted to go a step further and create a WAF that would protect against vulnerabilities before they were discovered.
The command line interface also presents a big roadblock for using ModSecurity “out of the box”. With BitNinja WAF 2.0 our goal was to create a WAF that was easy to use and didn’t require constant configuration. We wanted to be able to make changes with a few clicks.
3. Easy-to-Use Dashboard
Here’s a screenshot of the BitNinja WAF 2.0 dashboard in action. You can enable/disable the firewall or activate/deactivate a pattern or ruleset for all your servers, all in one place:
4. Pre-defined rulesets for low false positives
One of the primary challenges as you add layers of security to ModSecurity is preventing the WAF from blocking web apps. Often you’ll implement one rule to protect an app, only to find that it blocks access to another app.
BitNinja developed and continually refined a default rule set for all the websites hosted on your server. This ruleset is rigorously tested to ensure the lowest false positive rates and constantly updated with safety rules that protect your server while allowing access to all your web apps.
For those who want a greater level of control, it also gives you the option to change the rules one-by-one or manage them by categories.
5. Domain-based WAF controls to keep users happy
The primary goal for any server admin is to keep their customers and users happy. Every website has its own specific needs, and there are often individual requests from users and site owners.
To make day-to-day life easier, BitNinja created a built-in option in our WAF that allows you to add custom patterns and rulesets for each domain. You can also disable the WAF entirely for only a subdomain if necessary. This is a great way to keep your customers satisfied and still provide great protection.
6. Lock-down feature for emergency situations
When disaster strikes, it helps to be prepared. BitNinja WAF 2.0 includes a handy lock-down feature that immediately disables POST requests (registrations, logins, posting, etc) and converts the site to read-only mode. This restricted mode leaves the site available for visitors while preventing further hacking attempts as the situation is mitigated. It’s a win-win situation that allows you to calmly address sudden increases in attacks from botnets and other distributed types of attacks.
7. Log-only or Active Protection
To provide a way to monitor activity without blocking it. Sometimes, you need to troubleshoot the configuration of a web app, and you need to rule out the possibility of the WAF interfering.
In Log-only mode, you can see all the logged (but not blocked) incidents using the Dashboard. In this case, connections are not interrupted by the WAF. This allows you to monitor any incidents and manually block the IPs if you find positive hits, as well as implement web apps with complex configuration before turning the switch to the firewall “on”.
To keep your other sites and servers protected while you monitor traffic or install an app, you can choose between Log-only mode and Active Protection by the server and even by domain.
WAF 2.0 is completely integrated with the BitNinja Security Suite
At BitNinja, take a holistic approach to cybersecurity. Different types of attacks require different types of defence for a server. It is like security at a castle Vs an airport. With a castle, you put all your defences in one place, leaving you vulnerable to multiple attacks. However, in the case of an airport, you have multiple checkpoints for defence protecting you by closing all the security loopholes.
In addition to WAF 2.0, BitNinja’s Security Suite includes 8 other security modules: IP Reputation, Port Honeypot, Web Honeypot, DoS Detection, Log Analysis, Malware Detection, Outbound WAF and Protection for HTTPS. Each of these modules works together to provide multiple points of defence for your servers against a wide range of attacks, from hackers, botnets and whatever’s next on the horizon.
Try WAF 2.0 and the BitNinja Server Security Suite with E2E Networks compute in one click during the launch of an instance or enable with your running instances without any obligation.