Protecting Your Internal Resources with Intranet Application Firewalls

Abstract

Web application firewalls (WAFs) are rapidly becoming a key component of end-to-end network security. Although the market is still struggling to move beyond the early adopter stages, WAF placement in the network is now well known and generally accepted as a necessary requirement. When looking at total security architecture, securing public Web applications over ports 80 and 443 is the next logical step to perimeter security: the concept of restricting access from the outside to the resources on the inside. Coupled with network firewalls, HTTP application firewalls can close perimeter security holes opened by allowing unrestricted access to public Web servers. Bui focusing solely on external, public application security is only half of the solution. Internal Web-based applications, such as corporate intranets, HR systems, CRM systems, HTTP-based databases, and report management applications, can also be al risk for the same open-access reasons, but from trusted internal attackers.