Subscribe to our Blog
An unprotected web server potentially leaves customer card data and other sensitive information vulnerable to a breach. Most hosting providers will supply their clients with a basic firewall, which whilst useful, will not completely protect the website. By their nature, firewalls are built to protect a network. For example, your firewall at home can be set up to stop any external access to your computers. However, in order to let people visit your website, you can’t have a firewall that blocks all access. If you did, you’d end up with a dead website and zero business.
People need to be able to get through the firewall to see the content you’re offering. Not all of these people are going to be good, some of them will have malicious intentions. This is where a Web Application Firewall (WAF) comes in.
A basic network firewall is usually configured to only inspect the basics of any network packet - this is known as Stateful Packet Inspection (SPI). These include: the destination IP address, port number, whether it belongs to a valid session and information located within the packet header and footer.
An SPI firewall simply controls the incoming traffic and will not prevent attacks such as innocuous web browsing, spyware, adware, Trojans or other malware, as the content of the packets are not inspected. Intelligent network firewalls are available, which provide Deep Packet Inspection (DPI), where not only is the packet header and footer inspected, but the data part of the packet is searched and compared against a set of pre-defined rules.
These types of advanced network firewalls will protect against certain types of known malware, Trojans, and spyware (depending on the rule configuration) but will not protect against application-based attacks such as SQLinjection, Cross Site Scripting, or brute force attacks. These are regularly seen by the Foregenix forensics team as the root cause of most eCommerce website breaches.
A WAF (Web Application Firewall), however, is able to determine the exact intention of the HTTP(S) content at the application level filtering out illegitimate traffic based on rule sets. This makes the WAF considerably more versatile when protecting your web environment.
WAF’s are often used to monitor the information being input into a webform or search tool. The WAF will be able to detect whether the data being input is legitimate or malicious (assuming it is configured correctly). For example, dates, post codes and product information may all be legitimate. But if you put code into that form with the intention of manipulating the application, you can sometimes find exploits that will give you direct access to the database that’s contained behind it.
Having an additional layer of checks against the data being input will defend against things like database injections and buffer overflows. Having something at the application level validating input into the web fields becomes critically important especially when sensitive data is involved. No single firewall solution can provide your server with complete and all-round protection as it is vulnerable from both network and application attacks. Therefore, it is vital to have protection in both network and web application firewalls to achieve the ultimate defense in depth.
So, in answer to our headline question ‘Is my hosting provider protecting my webserver?’ the response is: Possibly, but most likely only at a network layer. Naturally websites that get breached have hosting providers, as otherwise they wouldn't be trading online. Most hosting providers will tell you that a network firewall is enough to keep you protected, but this is not the case. A Web Application Firewall offers the extra layer of protection needed to keep you secure. If you're only running a WAF or only a network firewall, you're susceptible to an attack; both are required to fully protect your website. It doesn’t take long to find out what's protecting your website and it could save you the cost of a breach.
