When we hear the word firewall we think or see a mental picture of a physical box with a few ports and some lights that are blinking very fast, it could also be a software appliance. In any case, what is the actual purpose and why do we need firewall(s): hardware or software or WAF.
In order to understand this, we first need to look at the definition of a firewall:
“a network security device that prevents unauthorized access to a network, by monitoring and controlling incoming and outgoing traffic”
Every organization big or small has firewalls in place to shield their computer systems and network from malicious and unnecessary network traffic, even home routers have a small feature of firewall built-in. Like any other device, appliance or a component or a flashy object or even a car; there a different features and purposes, some are expensive and some are less expensive, some have more features and some have some than extra features (even some features that people done use :P), the point is there are different types and variation based on vendor, feature, and purpose. Similar WAF has been designed or we can a purpose-built device/component
Now let’s see the easy definition of WAF:
Web Application Firewall (WAF) is a cloud-based security service that protects your websites, web apps, and services by analyzing and filtering HTTP traffic.
It’s time for a quick comparison that everyone loves and yeah, they are easy to understand and you can have a quick overview
If we compare both we’ll see some major differences
|Network Firewall||Web Application Firewall (WAF)|
|Mode(s) of Operations||Transparent & Routed modes||Active Inspection & Passive mode|
|Algorithms||Stateful, Stateless, Packet Filtering, Proxy, NGFW||Heuristics, Signature based, Anomaly based|
|Device Protection||HTTP and HTTPS traffic||Networks, Servers, PC’s and etc.|
|Attack Protection||Unauthorize Access, Malicious or unnecessary network traffic and etc.||Cross-Site Scripting (XSS), DDoS, SQL Injection and etc.|
Alibaba Web Application Firewall (WAF)
- Accurate access control for HTTP and HTTPS traffic
- Protect web applications against OWASP top 10 attacks and more.
- Mitigate HTTP flood attacks, filter malicious and bot traffic.
- Risk control such as abuse of business APIs.
- Support transmission of back-to-origin traffic over HTTPS or HTTP to reduce workloads of the origin server.
- Real-time storage, analysis, and custom reporting of full logs over a long period of time.
- Sync online logs with 3rd party platforms and tools
- Cloud Security Alliance (CSA) STAR certification
- China classified protection of cybersecurity-Level III
- Cloud Computing Compliance Controls Catalog (C5)
- Green Finance Certification Scheme Hong Kong Quality Assurance Agency (HKQAA)
- Outsourced Service Providers Audit Report (OSPAR)
- ISO 9001, 20000, 22301, 27001, 27017, 27018, 27701, 29151, BS 10012
- Service Organization Control (SOC) 1, 2, and 3
- Payment Card Industry Data Security Standard (PCI DSS)
- Monthly and Yearly billing
- Subscription Period: 1 month, 3 months, 6 months, or 1 year
- Based on the deployment plans and specifications
Global Industries that are using Alibaba Cloud Web Application Firewall (WAF)
- Finance and Insurance
- Private web apps and servers