Introduction
General, when we viewed from the Internet side, the firewall is in the foreground, the IDS/IPS is in the second place, the WAF is in the third, and the Web server is finally reached. Since each layer and attack can be defended differently, it is not enough to take measures against cyber attacks because one of them is included.
Firewall protects us at the network level by restricting access based on the source/destination IP address and port number. It will be prevents port scans, but cannot handle with attacks that pretend to be normal communications, such as communications to ports 80 and 443. Some attacks that exploit vulnerabilities in IDS/IPS platforms and attacks on file sharing services are detected and defended by pattern matching based on signatures. It prevents DoS attacks, Syn flood attacks, etc., but cannot deal with attacks that utilize vulnerabilities in Web applications.
WAF it specializes in protecting web applications, and is also effective in protecting against vulnerabilities in web servers like Apache, IIS, etc. , middleware like Tomcat, etc. , languages like PHP, JavaScript, etc. . It inspects the content of communication HTTP/HTTPS between the access source and the Web server, detects attacks based on signatures, and protects against them. It also checks with a white list, checks the validity of…
