Final Research Paper On Firewalls
Application Security Firewalls 1
Application Security Firewalls 11
Introduction
Fundamentally, application security refers to the utilization of tools such as hardware and software to protect various applications from the imminent threats. In today’s era, security of the application has become a major undertaking and firms are yearning for the most effective approaches that are applicable in ensuring that a network is free from threats (Tøndel, Bartnes & Jaatun, 2014). Threats are today about manipulation of applications which may have far-reaching implications on a firm especially those whose performance is directly tied to the performance of a particular application that e-commerce retailers. Additionally, it is imperative to note that cyber threats are evolving rapidly meaning that security tools and designs also need to evolve as fast. In some cases, the specific actions that are taken in a bid to ensure applications are secure are referred to as countermeasures. One of the most common countermeasures is the design and use of application firewalls. The major aim of the firewalls is to ensure that execution of files and handling of data has been limited to specific programs. Application firewalls are currently being used and this research paper will aim at establishing whether application firewalls are actually effective in offering protection in an age where cyber threats are rampant.
Background
An application firewall refers to a security tool whose main aim entails protecting an application from application-based security threats. The firewalls normally block and filter application vulnerabilities before they can manipulate the applications. It is imperative to note that the firewalls are normally deployed between the network edge routers and the application servers. This means that they serve as a flexible barrier that filters all the in-bound and out-bound traffic (Chen, Jarvis & Macdonald, (2014). From this, it can be seen that an application firewall differs from the traditional firewall due to the fact that it inspects and validates the traffic getting to the applications.
When it comes to performance, it is worth noting that the application firewalls use three models in relation to performance. First, there is the blacklist model where the firewall uses generic signatures of known attacks to filter traffic that is perceived a threat to an application. Second, firewalls use a whitelist model where the firewall use signatures and sometimes logic so as to only permit data that is seen to meet a particular criterion (Chen et al., 2014). Finally, there are firewalls that utilize whitelist and blacklist models in blocking and filtering the traffic.
From the above sections, it can be seen that application firewalls have a model that majors in filtering and blocking traffic that gets to an application. However, it is worth noting that there have been questions relating to the level of security of offered by the application firewalls. For instance, do they have the capability to protect an application from all types of threats? Are the firewalls effective in dealing with newer forms of threats? These are some of the questions that have led to new developments where organizations and firms are nor focusing on tools that are more effective in addressing all forms of threats.
Problem Statement
Hannes Holm and Mathias Ekstedt (2013) carried out an empirical study with the aim of determining the effectiveness of the application firewalls when it comes to prevention of injection attacks. The researchers found out that the prevention rate median is 80% when all the measures and best practices and 25% when all the measures have not been put in place. The measures refer to practices such as deploying expert professionals in monitoring activities, use of an automated black box in tuning the firewall, and whether experienced operators were deployed in tuning the application firewalls. From this study, it was found out that application firewalls are not effective when it comes to prevention of injection attacks. This means that an application is left vulnerable in the event of an injection attack.
The above section shows that there are gaps that are not addressed when a firm or a business organization utilizes application firewalls. Additionally, it has been noted that organizations do not invest in rapid design of application firewalls in response to the ever-evolving cyber threats. Most organizations leave the applications vulnerable which has seen recommendations that they should deploy other mechanisms for security such as moving the resources to a cloud environment.
Research Questions
In order to evaluate the effectiveness of the application firewalls, the following questions will be answered.
1. Are application firewalls effective in addressing all cyber threats that are a danger to s system applications?
2. What are the best practices that will help promote the effectiveness of application firewalls in addressing all types of cyber threats.
The above questions are the overall questions that will guide the research process. At the end, the questions will be addressed hence offering actionable information that may be acted on by the modern firms and business organizations. Additionally, most recent developments will be considered in order to offer credible and reliable information in relation to application security.
Literature Review
There are numerous studies that have looked into the vulnerabilities in the web applications and servers that tend to lower the efficiency of the application firewalls. Without these vulnerabilities being addressed, the application firewalls will not be effective. The vulnerabilities are as follows; the network system has various applications that run of varying operating systems which lower the efficiency of the system (Vokorokos, Baláž & Ádám, 2015). When all these applications tend to have their own inherent vulnerabilities, that exposes the server and the network to attacks. The application firewalls may not be able to detect and contain all of the attacks associated with the vulnerabilities. Security bugs are key threats to a system where attacks such as phishing attacks and viruses may exploit the bugs in accessing the system (Kumar & Sharma, 2017). These bugs make the systems too vulnerable where the application firewalls may not be able to timely detect all the attacks exploiting the unsecured ports due to the bugs.
Barrerem, Badonnel, and Festor (2013) outline the vulnerabilities that result from automation of the system. Some organizations have put in place internal controls that are supposed to ensure that any threats are automatically detected. However, failure to update the internal controls such as automated application firewalls leads to inefficiencies. The internal controls must be up to date for efficiency to be guaranteed. Also, this needs to be supported by input validation where traffic getting into the system is validated by the internal control. Kaur and Kaur (2014) note that though input validation is key in detection of threats and attacks, it leads to low performance. The application firewalls put in place must be able to act rapidly and fast which calls for frequent updating and reconfiguration.
Poor approaches to the management of security protocol have been a major issue that needs to be addressed. According to Radack and Kuhu (2011), hackers target sensitive data and such databases need to have security protocol that dictate access to the resources. Such protocols need to be considered in the configuration of the application firewalls so that they can filter all the traffic that is considered a threat to the databases. This should also involve implementation of vulnerability assessment protocols that will identify the security gaps that may need to be addressed before harm is caused. Singh and Joshi (2016) have noted that without a vulnerability assessment protocol, the application firewalls may not be able to timely identify attacks disguised as legitimate traffic.
Deepa and Thilagam (2016) have stressed on the importance of security policies that need to be put in place to dictate the management of the internal controls. This stems from firewall policies that dictate the configuration of firewalls in line with the desired goals. They note that the policies must work in line with the application firewalls in identifying all vulnerabilities that might expose the system. The policies must also define and dictate the authentication processes, especially when a system is connected to a third party. Some third parties may trick the system into executing a particular malicious code or may trick the firewalls into executing an allow decision instead of a deny decision (Barnes & Director, 2011). Firewall policies need to be effective in identifying such tricks, among other forms of attacks.
Joshi and Singh (2014) have looked into security misconfigurations that expose web applications to security incidents. The authors have noted that there is a need for configurations to be goal-oriented so that they can work in harmony with the application firewalls that have been put in place. A secure configuration should keep out traditional attacks such as DoS and Cross-site scripting attacks. Without putting in place the right configurations, it is likely that nontraditional attacks will not be detected in a timely manner.
Ramachandran and Ramachandran (2012) note that there are behavioral factors that introduce vulnerabilities in a network. They have noted that some users do not regularly update the antivirus software while others are so lazy to configure the firewall policies. Automating the firewalls is not enough and more needs to be done. Rahman, Kawshik, Sourav, and Gaji (2016) note that there should be user policies that promotes the security of a system. Such policies need to complement the application firewalls that are mainly about detection of technical problems such as attacks. More so, Ramachandran and Ramachandran (2012) have noted that without complementary efforts that reduce the vulnerabilities in a network, the efficiency of the application firewalls will not be realized.
Vieira and Serrao (2016) have outlined automated port scanning as an important approach to identification of vulnerabilities. Scanning tools can be put in place to identify the vulnerabilities making the work of the application firewall much easier. Application firewalls do not identify vulnerabilities but only filter the traffic and execute and allow or a deny decision based on the nature of the traffic. This indicates that the performance of the firewalls is mainly based on the resources getting into or exiting the systems and not the nature of the system itself (Sumithra & Ramaraj, 2010). This limitation can be addressed through updating and patching of the web servers while also ensuring that data has been stored insecurely configured files. Finally, Rastogi and Nygard (2019) have noted that for vulnerabilities to be addressed, it is imperative that an organization hires the best skills and expertise. The authors have noted that organizations with better skilled IT experts show reduced amount of vulnerabilities. In response, it is deemed a good practice if properly skilled IT experts can be hired and their roles defined.
Discussion
The above section has looked into the various vulnerabilities such as misconfigurations and behavioral factors that lead to increased vulnerabilities to a network. Studies have revealed that organizations face vulnerabilities as a result of the adopted practices that vary from one organization to the other. For instance, there are organizations that put in place firewall policies that guide the configurations done. Also, there are organizations that have a routine procedure for updating the antimalware software. These practices are not uniform and there are those with poor practices that expose the system to attacks. Even though these organizations put in place similar application firewalls, the outcomes are different. The ones with more vulnerability are much likely to experience attacks.
It was earlier noted that the application firewalls are for detecting and containing threats in the traffic getting to and exiting a system but not identification of vulnerabilities in the system. Actually, firewalls serve as the gate to a system and do not validate the nature of the system itself. In response, it is imperative that there are efforts that validate the system itself to ensure that there are limited vulnerabilities (LeBlanc & Messerschmidt, 2016). It was earlier noted that there are organizations that put in place port scanning systems that scan all the ports to ensure they are secure from any forms of attacks. Also, there are those that have put in place policies that guide the manner in which the firewalls are configured. These efforts are key in ensuring that the firewalls are attaining a higher level of efficiency.
To ensure that application firewalls are effective, it is imperative that the system’s vulnerabilities are addressed. Currently, there are no standards that need to be employed hence organizations tend to employ approaches they deem best. This creates a complex system with multiple lines of defense. It is not possible for one to conclude on the best practices as every system has its own vulnerabilities. There is a need for more to be done in a bid to create a standard that needs to be adhered to by the various organizations. Before this feat can be achieved, it is imperative that an organization implements the various solutions that have been seen to reduce the vulnerability of the system. For instance, firewall policies, port scanning tools, regular updating of antimalware software, and storing data insecurely configured files can be undertaken. Though these efforts will not completely address the underlying problems, they are important in addressing the vulnerabilities. Also, it is important that an organization hires the best skilled IT experts who will implement policies that reduce the vulnerabilities of the system. In essence, application firewalls should be part of the lines of the defense and not the only line of defense.
References
Barnes, R., & Director, E. A. S. (2011). Database Security and Auditing: Leading Practices. Enterprise Auditing Solutions Applications Security.
Barrere, M., Badonnel, R., & Festor, O. (2013). Vulnerability assessment in autonomic networks and services: a survey. IEEE communications surveys & tutorials, 16(2), 988-1004.
Chen, T. M., Jarvis, L., & Macdonald , S. (2014). Cyberterrorism: Understanding, Assessment, and Response. New York, NY: Springer.
Deepa, G., & Thilagam, P. S. (2016). Securing web applications from injection and logic vulnerabilities: Approaches and challenges. Information and Software Technology, 74, 160-180.
Joshi, C., & Singh, U. K. (2014). Admit-A five-dimensional approach towards standardization of network and computer attack taxonomies. International Journal of Computer Applications, 100(5), 30-36.
Holm, H., & Ekstedt, M. (2013). Estimates on the effectiveness of web application firewalls against targeted attacks. Information Management & Computer Security 21(4), 250-265.
Kaur, N., & Kaur, P. (2014). Input validation vulnerabilities in web applications. Journal of Software Engineering, 8(3), 116-126.
Kumar, M., & Sharma, A. (2017). An integrated framework for software vulnerability detection, analysis and mitigation: an autonomic system. Sādhanā, 42(9), 1481-1493.
LeBlanc, J., & Messerschmidt, T. (2016). Identity and Data Security for Web Development: Best Practices. New York, NY: O'Reilly Media, Inc.
Radack, S., & Kuhn, R. (2011). Managing security: The security content automation protocol. IT professional, 13(1), 9-11.
Rahman, A., Kawshik, K. R., Sourav, A. A., & Gaji, A. (2016). Advanced Network Scanning. American Journal of Engineering Research (AJER), 5(6), 38-42.
Ramachandran, S., & Ramachandran, A. (2012). Rapid and proactive approach on exploration of vulnerabilities in cloud based operating systems. International Journal of Computer Applications, 42(3), 37-44.
Rastogi, A., & Nygard, K. (2019). Software Engineering Principles and Security Vulnerabilities. Proceedings of 34th International Confer, 58, 180-190.
Singh, U. K., & Joshi, C. (2016). Quantifying security risk by critical network vulnerabilities assessment. International Journal of Computer Applications, 156(13), 26-33.
Singh, U. K., & Joshi, C. (2017). Information Security Risk Management Framework for University Computing Environment. IJ Network Security, 19(5), 742-751.
Sumithra, A., & Ramaraj, E. (2010). A Strategic Approach for Risk Analysis of Production Software Systems. International Journal of Computer Applications, 975, 8887.
Tøndel, I. A., Bartnes, M., & Jaatun, M. G. ( 2014). Information security incident management: Current practice as reported in the literature. Computers & Security 45(1), 42-57.
Vieira, T., & Serrao, C. (2016). Web applications security and vulnerability analysis financial web applications security audit–a case study. International Journal of Innovative Business Strategies, (2), 86-94.
Vokorokos, L., Baláž, A., & Ádám, N. (2015). Secure web server system resources utilization. Acta Polytechnica Hungarica, 12(2), 5-19.