Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Mone

from [Ivan Ristic] Network Security [Permanent Link]
Subject: Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?
Date: Sun, 13 Jan 2008 09:54:23 +0000 
On Jan 12, 2008 3:55 PM, B Snake <bsnak3@gmail.com> wrote:

It seems like 90+% of companies that implement WAFs deploy them in
listening-only mode and don't do any blocking for fear of false positives
cutting off legitimate user activity.

I'm new to WAFs and this may be a stupid question, but what security value
does a WAF add if it's not doing any blocking of malicious activity?


I have found that most people talk about blocking when they are
discussing web application firewalls, in spite of this type of
deployment being just one of the possible use cases. This is very
peculiar because, at the network level, so many people are deploying
intrusion detection systems (which do not block) yet the question of
usefulness is not being asked all the time. This might be because
intrusion detection is a mature technology and everyone is comfortable
(understands) what their role is, whereas web application firewalls
still have a way to go toward wide recognition.

Whether to block or not is a matter of taste. I, for example, prefer
to focus on detection. This is because I feel that, at the very basic
level, the most important thing a web application firewall (or any
other security device) can give me is the ability to detect problems,
telling me when I am being attacked. In other words, I want
visibility. I want to know what is going on. From there I can decide
to block if that's what I want to do.

Ask yourself this: if there is a vulnerability in your web application
and it's being exploited and you do not have a web application
firewall actively looking at the traffic to warn you about it, how are
you going to detect you are being attacked? For how long is the attack
going to continue until some external signs start giving you clues
that something is not right?


-BSnake





-- 
Ivan Ristic

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web 
application security assessments should be considered a crucial phase in the 
development of any web application. What methodology should be followed? What 
tools can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?, Ryan Barnett
Next by Date:  RE: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?, Ofer Shezaf
Previous by Thread:  Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?, Ryan Barnett
Next by Thread:  Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?, Henry Troup
Indexes:  [Date] [Thread] [Top] [All Lists]