What is a WAF and How Are They Different from Firewalls – Linux Security Podcast Ep. 5
Web application firewalls (WAF) have become ubiquitous in our always connected, cloud-driven world. Any device that is exposed to the internet is vulnerable and WAFs can eliminate the risk of entire classes of attacks and vulnerabilities from ever threatening system security. However, not all WAFs and configurations are created equal. Good WAFs block what you do not want let in but offer access to what you do. Bad WAFs can either let in bad things or inadvertently block good things. In the latter case, business users are likely to complain and WAF configurations are often made more permissive as a result or turned off altogether. This can lead to an even more vulnerable security posture because there is an assumption of some protection when in fact, the defenses have been neutered.
In this week’s Linux Security Podcast, Atomicorp CEO Mike Shinn discusses the origin of WAFs, how they have evolved and what makes them effective or ineffective. Mike is also one of the earliest contributors to the open source Modsecurity WAF framework and has built over 10,000 rules to support it. WAFs are driven by rules and Mike goes into detail about Modsecurity as well as open source rules such as OWASP and other options for more advanced protection. He even outlines the differences between WAFs and traditional firewalls.