Research Paper draft on Firewalls

The Effectiveness of Application Firewalls

The Effectiveness of Application Firewalls

Fundamentally, an application firewall refers to a countersecurity measure whose aim is to limit access by an operating system’s applications. Earlier on, it is imperative to note that the performance of a firewall was mainly about control of data flow to and from the CPU where it examined each data packed and determined whether it should be forwarded to a specific destination. Today, application firewalls are offering additional protection through controlling file execution or specific handling of data by software (Tøndel, Bartnes & Jaatun, 2014). It has been acclaimed that the best performance of a firewall is only realized if the user can configure it so as to define the ports through which unwanted data may enter or leave. Notably, though the firewalls may be configured that does not means that an intruder will not get past it which brings forth the major contention of this paper. Are application firewalls effective in upholding the security of applications in the event of a cyber-attack?

A study carried out by Hannes Holm and Mathias Ekstedt (2013) to evaluate of the application firewalls’ efficiency in the event of an attack. Through use of injection attacks, the researchers found out that the prevention rate is 80% in case that all measures have been put in place and only 25% if all the measures have not been employed. Measures included involving a professional in configuring the firewall, having a skilled operator monitoring the firewall, and whether a black box (automated one) had been employed in tuning the firewall. When all these measures have been put in place, the researchers found out that a prevention rate of 80% if normally recognized. This is an indicator that even when best practices are adopted, an intruder is still able to infiltrate a system which means that a firewall may not be an effective tool.

At the organizational level, it is imperative to note that a majority of small and mid-sized organizations do not have the required personnel when it comes to application firewalls. The companies only purchase the software from vendors, install them, and enable the detection mode. However, as earlier noted this is not enough as there is a need for configuration and turning which improves the performance of the firewalls. When this is not done, studies have shown that firewalls are easily bypassed and an organization may not quickly learn about an infiltration. This comes out as a major weakness as it means that configuration must be done by professionals who should also closely monitor a system. These are some of the best practices that are unlikely to be realized by most organizations.

Additionally, there are constantly evolving web applications which require customized application firewalls. Today, it is common to see even 1990s CGI scripts which are paired with AJAX applications which are in turn using third party APIs and web services in a cloud. This indicates the evolution and complexity of the application structure which requires firewalls that are as well complex and customized (Tøndel et al., 2014). However, most organizations do not adhere to this meaning that the current firewalls are vulnerable hence can easily be bypassed especially in this era of rampant cyber security incidents.

It is worth noting that though application firewalls are good at offering preventive security where they can prevent simple vectors such as SQL injections, they may not be able to keep out unknown application logic vulnerabilities. Such vulnerabilities normally require an in-depth understanding of application’s business logic (Tøndel et al., 2014). Today, there are a number of vendors that are trying to design firewalls that are using incremental ruleset hardened in pair with IP reputation as well as behavioral white-listing and machine learning in a bid to prevent applications from the logic vulnerabilities. However, these new designs have not proven effective as they are still bypassed. This is due to the fact that they must pass some complicated learning cycles which tend to take a longer time meaning they are not reliable enough.

In today’s application security, firewalls are no longer entirely effective in upholding the security of applications they must work in conjunction with other security features such as vulnerability scanners which enable easier scanning and identification of a particular threat. Additionally, it has been recommended that every organization should look for application firewalls that are easy to customize and those that are compatible with other security controls as a means of promoting the security level. More so, it is deemed best practices if an organization can hire experts such as IT professionals who will monitor a system for threats and also configure the system in the best manner. This indicates that though application firewalls are in use in various institutions and organizations, they are not as effective and should be paired with other security features. This is considered a best approach especially when a business organization is at a higher risk of an attack such as banks and hospitals.

References

Holm, H., & Ekstedt, M. (2013). Estimates on the effectiveness of web application firewalls against targeted attacks. Information Management & Computer Security 21(4), 250-265.

Tøndel, I. A., Bartnes, M., & Jaatun, M. G. ( 2014). Information security incident management: Current practice as reported in the literature. Computers & Security 45(1), 42-57.