Petr A. BARANOV

Associate Professor, Department of Innovations and Business in IT, National Research University Higher School of Economics

Address: 20, Myasnitskaya Street, Moscow, 101000, Russian Federation E-mail: pbaranov@hse.ru

Eldar R. BEYBUTOV

MSc Program Student, Faculty of Business and Management,

National Research University Higher School of Economics

Address: 20, Myasnitskaya Street, Moscow, 101000, Russian Federation

E-mail: eldar.beybutov@gmail.com

This paper provides an overview of core technologies implemented by comparably new products on the information security market – web application firewalls. Web applications are a very widely-used and convenient way of presenting remote users with access to corporate information resources. They can, however, become single point of failure rendering all the information infrastructure inaccessible to legitimate clients. To prevent malicious access attempts to endpoint information resources and, intermediately, to web servers, a new class of information security solutions has been created.

Web application firewalls function at the highest, seventh layer of the ISO/OSI model and serve as a controlling tunnel for all the traffic heading to and from a companyrsquo;s web application server(s). To ensure decent levels of traffic monitoring and intrusion prevention, web application firewalls are equipped with various mechanisms of data exchange session laquo;normalityraquo; control. These mechanisms include protocol check routines, machine learning techniques, traffic signature analysis and more dedicated means, such as denial of service, XSS injection and CRRF attack prevention. The ability to research and add user rules to be processed along with vendor-provided ones is important, since every company has its own security policy and, therefore, the web application firewall should provide security engineers with ways to tweak its rules to reflect the security policy more precisely.

This research is based on broad practical experience of integrating web application firewalls into the security landscape of various organizations, their administration and customization. We illustrate our research into available filtering mechanisms and their implementations with exemplary product features by market leaders.

Key words: information security, web application firewall, application server protection.

Citation: Baranov P.A., Beybutov E.R. (2015) Securing information resources using web application firewalls. Business Informatics, no. 4 (34), pp. 71–78. DOI: 10.17323/1998-0663.2015.4.71.78.

Introduction

owadays, many companies and businesses have an information security policy which assumes remote access to their information resources (calculation powers, cloud services, data storage). By saying laquo;remote accessraquo;, we mean access over the Internet. This could be made through letting all Internet users gain certain types of access to resources or through letting only identified corporate users remotely use the companyrsquo;s resources. Direct access to information resources is both inconvenient for users and comparably insecure because of the lack of a single access point which hinders security policy implementation. The solution is well-known and it is called Application Servers, or application-layer intermediate nodes. External users gain access to these nodes using the regular web browser, interact with unified interface and put queries to it. These queries are afterwards translated by the Application Server into more specific queries to internal information resources and, after getting a response from these resources, the Application Server transforms them into an easy-to-understand view and shows it to the external user in his/her web browser. The scheme is transparent and, once all components are installed and set up, has predictable and controllable technical support expenses. Information security breaches often lead to increased technical support expenses. In these terms, to gain control over technical support funds the company management must be sure that the security level of the single access point – the web application – is high enough to prevent malicious attempts at access and use of company data from getting through the Application Server to the data hosting infrastructure. There are national [1, 2], industry branch [3, 4] and corporate [5, 6] standards of writing secure web applications. Application development in accordance with these standards is a labor-intensive, expensive and hard-to-scale procedure. It does not guarantee safety of the result if software developed by a third party is applied. Information security officers need a versatile and configurable tool to control traffic flowing through the web application server and it must be able to prevent data endpoints and the application server itself from receiving and processing maliciously crafted traffic and queries.

Web application firewalls present a solution for the problem described. There are numerous vendors offering a variety of products who claim their products have all the mechanisms needed to provide security on top of standard web application rules. Speaking of Web application firewalls (WAF), people often become confused because of the different associations they have in mind on what features such a specific tool should contain. Even key functions of WAF are sometimes misunderstood. In this research, we would like to introduce a WAFrsquo;s typical functionality and the defense mechanisms that are essential for WAF in the modern state of the industry. The research is based on pr

剩余内容已隐藏，支付完成后下载完整资料

一、英文文献一 1

SECURING INFORMATION RESOURCES USING WEB APPLICATION FIREWALLS 1

2. Signature analysis 3

3. Machine learning 3

4. Injection nd XSS protection 4

5. User-defined rules of detecting illegitimate queries 4

6. laquo;Denial of serviceraquo; attack prevention 5