CYB_310_5-3_Activity_Web_Application_Firewalls_Joshua_Minnick

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

310

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

5

Uploaded by CommodoreWombatMaster597

Report
5 – 3 Activity: Web Application Firewalls Joshua Minnick Information Technology Department, Southern New Hampshire University CYB-310 Network Defense Professor Kevin Kenna February 11, 2024 1
I. Firewall Fundamentals A. Compare the different functions of a web application firewall and a basic firewall. Web Application Firewalls are designed to protect we applications from attacks by analyzing communications using the Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) as packets attempt to move from the internet into the web application. A basic firewall protects network infrastructure by inspecting packets of data transferring into, out of, and throughout the network when it passes by the segment of the network the firewall is installed on. Both use protocols and rules to analyze the packet data for compliance with the set rules within the firewall settings and only allow traffic to pass through that falls within the guidelines of the firewall’s configured rules. B. Identify where a web application firewall and a basic firewall operate in the layers of the OSI model. A web application firewall operates in layer seven, the application layer, of the OSI model, while a basic network firewall normally operates in layers three or four of the OSI model. Layer three is the Network layer where IP works while layer four is the Transport layer where TCP and UDP function. C. Discuss the significance of the layers for responding to threats. Both types of firewalls operate at a different layer of the OSI model and therefore protect against different threats. A basic firewall can help protect against attacks targeting the Domain Name System (DNS) Secure Shell (SSH) and many other protocols while a web application firewall can help protect against attacks 2
targeting applications like ActiveX, JavaScript, and others. This layering of security means protection against numerous attack types at the same time. II. Layered Security Strategy A. Describe the organizational security needs that would prompt the use of a web application firewall. A web application firewall helps protect online applications from attack. Any organization that hosts an online application such as a bank with an online banking application, credit card companies that allow online payments or transfers, medical service providers that have online patient portals for records review, and many others would need a WAF for protection against attacks hoping to compromise or steal the data of their customers. B. Discuss how a web application firewall assists with the overall defense in depth strategy of an organization. A web application firewall protects against attacks a basic network firewall cannot protect against because of the different layers of the OSI model they operate within. A web application firewall focuses specifically on HTTP and HTTPS traffic which helps it to protect against Cross-Site Scripting (XSS), SQL injection, and Web based distributed denial of service (DDoS) attacks as well as others. These types of attacks could bypass a network-based firewall because of the security rules and OSI layer it operates on. III. CIA Triad A. Explain how the web application firewall specifically addresses one tenet of the CIA triad (confidentiality, integrity, and availability). 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
A web application firewall addresses the CIA triad tenet of confidentiality by helping to ensure only authorized users can access information and only the information they are authorized to access. This is done by protecting from malicious HTTP/S traffic being allowed access to the application. This ensures all data contained within the application stays secured and therefore maintains the confidentiality of all user’s data. 4
References WAF VS. firewall: Web application & network firewalls . Radware. (2024). https://www.radware.com/cyberpedia/application-security/waf-vs-firewall-comparison- and-differences/ 5

Related Documents

Christopher Franke_Three Personas.docx
EAI6010_assignment3.docx
Project Proposal Winter 2024.docx
Module 3 Case - Santa.docx
PROJECT ROUGH DRAFT.docx
CYB_310_7-2_Project_Three_Submission_Joshua_Minnick.docx
Preliminary Scholarly Research Worksheet for Unit 3 Paper.pdf
CYB_310_6-2_Project_Two_Submission_Joshua_Minnick.docx
CYB_310_8-2_Cyber_Playbook_Submission_Joshua_Minnick.docx
Mod6activityBaez.docx
Assignment-Budget:Control.docx
Module 04 Quiz.docx