Hauv peb cov khoom dhau los ntawm cov ncauj lus huab, peb , yuav ua li cas tiv thaiv IT cov peev txheej hauv huab huab pej xeem thiab vim li cas cov tshuaj tiv thaiv ib txwm tsis haum rau cov hom phiaj no. Hauv cov ntawv tshaj tawm no, peb yuav txuas ntxiv cov ntsiab lus ntawm huab kev nyab xeeb thiab tham txog kev hloov pauv ntawm WAF thiab dab tsi zoo dua los xaiv: kho vajtse, software lossis huab.
WAF yog dab tsi
Ntau tshaj 75% ntawm hacker tawm tsam yog tsom rau qhov tsis zoo ntawm cov ntawv thov web thiab cov vev xaib: qhov kev tawm tsam no feem ntau pom tsis pom ntawm cov ntaub ntawv kev nyab xeeb thiab cov ntaub ntawv kev nyab xeeb. Vulnerabilities nyob rau hauv web applications muaj, nyob rau hauv lem, muaj kev pheej hmoo ntawm kev cuam tshuam thiab kev dag ntawm cov neeg siv nyiaj thiab cov ntaub ntawv tus kheej, passwords, thiab credit card tooj. Tsis tas li ntawd, lub vev xaib vulnerabilities ua qhov chaw nkag rau cov neeg tawm tsam rau hauv lub tuam txhab network.
Web Application Firewall (WAF) yog lub vijtsam tiv thaiv uas thaiv kev tawm tsam ntawm cov ntawv thov web: SQL txhaj tshuaj, kev sau ntawv hla chaw, kev tua cov chaw taws teeb, brute quab yuam thiab kev tso cai bypass. Ntxiv nrog rau kev tawm tsam uas siv cov kev tsis zoo rau xoom-hnub. Daim ntawv thov firewalls muab kev tiv thaiv los ntawm kev saib xyuas cov nplooj ntawv nplooj ntawv, suav nrog HTML, DHTML, thiab CSS, thiab lim cov kev thov HTTP / HTTPS uas ua phem rau.
Thawj qhov kev txiav txim siab yog dab tsi?
Thawj qhov kev sim tsim Web Application Firewall tau ua rov qab rau thaum ntxov 90s. Tsawg kawg peb tus engineers paub tias tau ua haujlwm hauv daim teb no. Thawj zaug yog computer science xibfwb Gene Spafford los ntawm Purdue University. Nws tau piav qhia txog kev tsim qauv ntawm daim ntawv thov foob pob hluav taws thiab luam tawm hauv xyoo 1991 hauv phau ntawv .
Qhov thib ob thiab thib peb yog cov kws paub txog kev ruaj ntseg xov xwm William Cheswick thiab Marcus Ranum los ntawm Bell Labs. Lawv tsim ib qho ntawm thawj daim ntawv thov firewall prototypes. Nws tau muab faib los ntawm DEC - cov khoom raug tso tawm raws li lub npe SEAL (Secure External Access Link).
Tab sis SEAL tsis yog qhov kev daws teeb meem WAF tag nrho. Nws yog classic network firewall nrog kev ua haujlwm siab heev - muaj peev xwm los thaiv kev tawm tsam ntawm FTP thiab RSH. Vim li no, thawj WAF kev daws teeb meem niaj hnub no suav tias yog cov khoom lag luam ntawm Perfecto Technologies (tom qab Sanctum). Xyoo 1999 nws AppShield qhov system. Lub sijhawm ntawd, Perfecto Technologies tau tsim cov ntaub ntawv kev nyab xeeb kev daws teeb meem rau kev lag luam e-lag luam, thiab cov khw muag khoom hauv online tau dhau los ua lub hom phiaj ntawm lawv cov khoom tshiab. AppShield muaj peev xwm txheeb xyuas HTTP thov thiab thaiv kev tawm tsam raws li cov ntaub ntawv kev ruaj ntseg cov cai.
Nyob ib ncig ntawm tib lub sijhawm li AppShield (hauv 2002), thawj qhov qhib WAF tau tshwm sim. Nws tau los ua . Nws tau tsim nrog lub hom phiaj ntawm kev nrov WAF technologies thiab tseem tau txais kev txhawb nqa los ntawm IT zej zog (ntawm no nws yog ). ModSecurity thaiv kev tawm tsam ntawm daim ntawv thov raws li cov txheej txheem ntawm cov kab lus tsis tu ncua (kos npe) - cov cuab yeej rau kev tshuaj xyuas kev thov raws li cov qauv - .
Yog li ntawd, cov neeg tsim khoom tau tswj hwm kom ua tiav lawv lub hom phiaj - WAF cov kev daws teeb meem tshiab pib tshwm sim hauv khw, suav nrog cov tsim los ntawm ModSecurity.
Peb tiam yog keeb kwm lawm
Nws yog ib txwm ua kom paub qhov txawv ntawm peb tiam ntawm WAF systems, uas tau hloov zuj zus nrog kev tsim cov thev naus laus zis.
Thawj tiam. Ua haujlwm nrog cov lus qhia tsis tu ncua (lossis cov qauv sau ntawv). Qhov no suav nrog ModSecurity. Tus neeg zov me nyuam kawm txog hom kev tawm tsam ntawm cov ntawv thov thiab tsim cov qauv uas piav qhia txog kev thov raug cai thiab muaj peev xwm ua phem. WAF tshawb xyuas cov npe no thiab txiav txim siab yuav ua li cas hauv ib qho xwm txheej tshwj xeeb - txhawm rau thaiv tsheb lossis tsis.
Ib qho piv txwv ntawm kev tshawb pom raws li cov lus qhia tsis tu ncua yog qhov project uas twb tau hais lawm qhib qhov chaw. Lwm qhov piv txwv - , uas kuj yog qhib qhov chaw. Cov kab ke nrog cov lus hais tsis tu ncua muaj ntau qhov tsis zoo, tshwj xeeb, thaum pom qhov muaj qhov tsis zoo tshiab, tus thawj coj yuav tsum tsim cov cai ntxiv manually. Nyob rau hauv cov ntaub ntawv ntawm ib tug loj-scale IT infrastructure, tej zaum yuav muaj ob peb txhiab txoj cai. Kev tswj hwm ntau cov lus hais tsis tu ncua yog qhov nyuaj heev, tsis txhob hais txog qhov tseeb tias kev kuaj xyuas lawv tuaj yeem txo qis kev ua haujlwm hauv network.
Cov lus hais tsis tu ncua kuj muaj qhov tsis tseeb siab qhov zoo. Tus naas ej linguist Noam Chomsky tau npaj ib qho kev faib tawm ntawm cov qauv sau ntawv uas nws muab faib ua plaub theem ntawm qhov nyuaj. Raws li qhov kev faib tawm no, cov lus qhia tsis tu ncua tuaj yeem piav qhia txog cov cai ntawm firewall uas tsis cuam tshuam los ntawm tus qauv. Qhov no txhais tau hais tias cov neeg tawm tsam tuaj yeem yooj yim " ruam" thawj tiam WAF. Ib txoj hauv kev los tawm tsam qhov no yog ntxiv cov cim tshwj xeeb rau daim ntawv thov uas tsis cuam tshuam rau lub logic ntawm cov ntaub ntawv tsis zoo, tab sis ua txhaum txoj cai kos npe.
Ob tiam neeg. Txhawm rau tiv thaiv qhov ua tau zoo thiab qhov raug teeb meem ntawm WAFs, thib ob daim ntawv thov firewalls tau tsim. Tam sim no lawv muaj cov parser uas yog lub luag haujlwm los txheeb xyuas cov hom kev tawm tsam (ntawm HTML, JS, thiab lwm yam). Cov parsers no ua haujlwm nrog cov cim tshwj xeeb uas piav qhia cov lus nug (piv txwv li, hloov pauv, txoj hlua, tsis paub, naj npawb). Muaj peev xwm ua phem rau cov cim qhia tau muab tso rau hauv ib daim ntawv teev npe, uas WAF system niaj hnub tshuaj xyuas. Txoj hauv kev no tau pom thawj zaug ntawm Black Hat 2012 lub rooj sib tham hauv daim ntawv C / C ++ , uas tso cai rau koj mus ntes SQL txhaj.
Piv rau thawj tiam WAFs, cov parsers tshwj xeeb tuaj yeem ua tau sai dua. Txawm li cas los xij, lawv tsis tau daws cov teeb meem cuam tshuam nrog manually teeb tsa lub kaw lus thaum muaj kev tawm tsam tshiab tshwm sim.
Peb tiam. Cov evolution nyob rau hauv lub thib peb-tiam nrhiav kom tau logic muaj xws li kev siv tshuab kev kawm txoj kev uas ua rau nws muaj peev xwm mus nqa lub nrhiav kom tau cov qauv sau ntawv ze li sai tau mus rau lub tiag tiag SQL / HTML / JS cov qauv sau ntawv ntawm cov txheej txheem tiv thaiv. Qhov kev tshawb nrhiav qhov kev tshawb nrhiav no tuaj yeem hloov kho lub tshuab Turing los npog cov qauv sau ntawv uas suav nrog. Ntxiv mus, yav dhau los txoj haujlwm ntawm kev tsim lub tshuab Turing hloov tau tsis tuaj yeem daws tau kom txog thaum thawj cov kev tshawb fawb ntawm neural Turing tshuab tau luam tawm.
Kev kawm tshuab muab lub peev xwm tshwj xeeb los hloov cov qauv sau ntawv los npog txhua hom kev tawm tsam yam tsis muaj kev tsim cov npe kos npe raws li qhov yuav tsum tau ua hauv kev tshawb pom thawj zaug, thiab tsis muaj kev tsim cov tokenizers / parsers tshiab rau hom kev tawm tsam tshiab xws li Memcached, Redis, Cassandra, SSRF txhaj. , raws li xav tau los ntawm cov txheej txheem tiam thib ob.
Los ntawm kev sib txuas tag nrho peb tiam ntawm kev tshawb pom logic, peb tuaj yeem kos ib daim duab tshiab uas lub cim thib peb ntawm kev tshawb pom tau sawv cev los ntawm cov qauv liab (Daim duab 3). Cov tiam no suav nrog ib qho ntawm cov kev daws teeb meem uas peb tab tom siv hauv huab ua ke nrog Onsek, tus tsim tawm ntawm lub platform rau kev tiv thaiv kev tiv thaiv lub vev xaib thiab Wallarm API.
Cov kev tshawb nrhiav pom tam sim no siv cov lus tawm tswv yim los ntawm daim ntawv thov kom kho nws tus kheej. Hauv kev kawm tshuab, lub voj kev tawm tswv yim no hu ua "kev txhawb zog." Feem ntau, muaj ib lossis ntau hom kev txhawb nqa xws li:
- Analysis ntawm daim ntawv thov teb tus cwj pwm (passive)
- Scan/fuzzer (active)
- Tshaj tawm cov ntaub ntawv / cov txheej txheem cuam tshuam / cov cuab yeej (tom qab qhov tseeb)
- Phau ntawv (txhais los ntawm tus thawj saib xyuas)
Raws li qhov tshwm sim, qhov kev tshawb pom thib peb kuj tseem hais txog qhov tseem ceeb ntawm qhov raug. Tam sim no nws muaj peev xwm tsis tsuas yog zam qhov tsis zoo thiab tsis muaj qhov tsis zoo, tab sis kuj txhawm rau txheeb xyuas qhov tseeb qhov tsis zoo, xws li tshawb pom ntawm SQL hais kom ua cov ntsiab lus siv hauv Control Vaj Huam Sib Luag, nplooj ntawv web template loading, AJAX thov cuam tshuam nrog JavaScript yuam kev, thiab lwm yam.
Tom ntej no, peb yuav txiav txim siab txog cov peev txheej thev naus laus zis ntawm ntau yam kev siv WAF.
Kho vajtse, software lossis huab - xaiv dab tsi?
Ib qho ntawm cov kev xaiv rau kev siv daim ntawv thov firewalls yog kev daws teeb meem kho vajtse. Cov tshuab no yog cov cuab yeej siv tshwj xeeb uas lub tuam txhab teeb tsa hauv zos hauv nws qhov chaw khaws ntaub ntawv. Tab sis nyob rau hauv cov ntaub ntawv no, koj yuav tsum yuav koj tus kheej cov cuab yeej thiab them nyiaj rau integrators rau kev teeb tsa thiab debugging nws (yog hais tias lub tuam txhab tsis muaj nws tus kheej department IT). Nyob rau tib lub sijhawm, txhua yam khoom siv dhau los ua dhau los thiab siv tsis tau, yog li cov neeg siv khoom raug yuam kom siv nyiaj rau kev hloov kho kho vajtse.
Lwm qhov kev xaiv rau kev xa tawm WAF yog kev siv software. Cov kev daws teeb meem tau teeb tsa ua ib qho ntxiv rau qee qhov software (piv txwv li, ModSecurity tau teeb tsa rau saum Apache) thiab khiav ntawm tib lub server nrog nws. Raws li txoj cai, cov kev daws teeb meem no tuaj yeem siv tau ob qho tib si ntawm lub cev server thiab hauv huab. Lawv qhov tsis zoo yog txwv scalability thiab cov neeg muag khoom txhawb nqa.
Qhov kev xaiv thib peb yog teeb tsa WAF los ntawm huab. Cov kev daws teeb meem zoo li no yog muab los ntawm cov neeg muab kev pabcuam huab ua ib qho kev pabcuam subscription. Lub tuam txhab tsis tas yuav yuav thiab teeb tsa cov khoom siv tshwj xeeb; cov haujlwm no poob rau ntawm lub xub pwg nyom ntawm tus neeg muab kev pabcuam. Lub ntsiab lus tseem ceeb yog qhov niaj hnub huab WAF tsis hais txog kev tsiv teb tsaws ntawm cov peev txheej mus rau tus kws kho mob lub platform. Lub xaib tuaj yeem xa mus rau txhua qhov chaw, txawm tias nyob hauv tsev.
Peb yuav piav qhia ntxiv vim li cas tib neeg tam sim no tab tom nrhiav rau huab WAF.
WAF tuaj yeem ua dab tsi hauv huab
Hais txog kev muaj peev xwm thev naus laus zis:
- Tus kws kho mob yog lub luag haujlwm rau kev hloov kho tshiab. WAF yog muab los ntawm kev tso npe, yog li tus neeg muab kev pabcuam saib xyuas qhov cuam tshuam ntawm kev hloov tshiab thiab daim ntawv tso cai. Kev hloov kho kev txhawj xeeb tsis yog tsuas yog software, tab sis kuj kho vajtse. Tus kws kho mob hloov kho lub chaw nres tsheb server thiab tswj nws. Nws tseem yog lub luag haujlwm rau kev sib npaug ntawm kev thauj khoom thiab rov ua dua. Yog tias WAF server tsis ua haujlwm, kev khiav tsheb tam sim ntawd raug xa mus rau lwm lub tshuab. Kev faib tawm ntawm kev khiav tsheb tso cai rau koj kom tsis txhob muaj xwm txheej thaum lub foob pob hluav taws nkag mus tsis tau qhib hom - nws tsis tuaj yeem tiv nrog cov khoom thauj thiab nres qhov kev thov lim.
- Virtual patching. Virtual thaj ua rau thaj txwv tsis pub nkag mus rau qhov cuam tshuam ntawm daim ntawv thov kom txog thaum tus tsim tawm kaw qhov tsis zoo. Raws li qhov tshwm sim, tus neeg siv khoom ntawm huab cua tau txais lub sijhawm los ua siab ntev tos kom txog thaum tus neeg xa khoom ntawm qhov no lossis cov software tshaj tawm cov ntaub ntawv "patches". Ua qhov no kom sai li sai tau yog qhov tseem ceeb rau tus muag khoom software. Piv txwv li, hauv Wallarm platform, ib qho software cais yog lub luag haujlwm rau kev ua haujlwm virtual. Tus thawj coj tuaj yeem ntxiv cov kev cai tsis tu ncua los thaiv cov lus thov tsis zoo. Lub kaw lus ua kom nws tuaj yeem kos qee qhov kev thov nrog tus chij "Cov ntaub ntawv zais cia". Tom qab ntawd lawv cov kev txwv tau npog, thiab tsis muaj qhov xwm txheej lawv kis tau sab nraud ntawm qhov chaw ua haujlwm firewall.
- Built-in perimeter thiab qhov tsis zoo scanner. Qhov no tso cai rau koj los txiav txim siab ntawm tus kheej lub network ciam teb ntawm IT infrastructure siv cov ntaub ntawv los ntawm DNS queries thiab WHOIS raws tu qauv. Tom qab ntawd, WAF cia li txheeb xyuas cov kev pabcuam khiav hauv ib puag ncig (ua qhov chaw nres nkoj scanning). Lub firewall muaj peev xwm txheeb xyuas txhua hom kev tsis zoo - SQLi, XSS, XXE, thiab lwm yam - thiab txheeb xyuas qhov yuam kev hauv software configuration, piv txwv li, tsis tso cai nkag mus rau Git thiab BitBucket repositories thiab hu tsis qhia npe rau Elasticsearch, Redis, MongoDB.
- Kev tawm tsam yog saib xyuas los ntawm huab cov peev txheej. Raws li txoj cai, cov chaw muab kev pabcuam huab muaj ntau lub zog ntawm kev suav. Qhov no tso cai rau koj los txheeb xyuas cov kev hem thawj nrog qhov tseeb thiab nrawm. Ib pawg ntawm cov lim nodes raug xa mus rau hauv huab, dhau los ntawm txhua txoj kev hla mus. Cov nodes thaiv kev tawm tsam ntawm cov ntawv thov web thiab xa cov txheeb cais mus rau Analytics Center. Nws siv tshuab kev kawm algorithms los hloov kho cov cai thaiv rau txhua daim ntawv thov kev tiv thaiv. Kev siv cov txheej txheem zoo li no tau qhia hauv daim duab. 4. Cov cai tswj kev ruaj ntseg zoo li no txo ββqis cov tswb hluav taws xob cuav.
Tam sim no me ntsis txog cov yam ntxwv ntawm huab WAFs nyob rau hauv cov nqe lus ntawm lub koom haum teeb meem thiab kev tswj:
- Hloov mus rau OpEx. Nyob rau hauv cov ntaub ntawv ntawm huab WAFs, tus nqi ntawm kev siv yuav yog xoom, vim hais tias tag nrho cov kho vajtse thiab cov ntawv tso cai twb tau them los ntawm tus muab kev pab; kev them nyiaj rau cov kev pab cuam yog ua los ntawm subscription.
- Cov phiaj xwm tariff sib txawv. Cov neeg siv kev pabcuam huab tuaj yeem pab sai lossis lov tes taw cov kev xaiv ntxiv. Kev ua haujlwm yog tswj los ntawm ib lub vaj huam sib luag tswj, uas tseem muaj kev ruaj ntseg. Nws tau nkag los ntawm HTTPS, ntxiv rau muaj ob qhov kev lees paub qhov tseeb raws li TOTP (Time-based One-Time Password Algorithm) raws tu qauv.
- Kev sib txuas ntawm DNS. Koj tuaj yeem hloov DNS koj tus kheej thiab teeb tsa lub network routing. Txhawm rau daws cov teeb meem no tsis tas yuav nrhiav thiab cob qhia tus kheej tshwj xeeb. Raws li txoj cai, tus neeg muab kev pabcuam kev pabcuam tuaj yeem pab nrog kev teeb tsa.
WAF thev naus laus zis tau hloov zuj zus los ntawm qhov yooj yim firewalls nrog cov cai ntawm tus ntiv tes xoo mus rau cov txheej txheem tiv thaiv nyuaj nrog kev kawm tshuab algorithms. Daim ntawv thov firewalls tam sim no muaj ntau yam ntawm cov yam ntxwv uas nyuaj rau kev siv hauv 90s. Muaj ntau txoj hauv kev, qhov tshwm sim ntawm kev ua haujlwm tshiab tau ua tau ua tsaug rau huab technologies. WAF cov kev daws teeb meem thiab lawv cov khoom txuas ntxiv mus. Ib yam li lwm qhov chaw ntawm kev ruaj ntseg cov ntaub ntawv.
Cov ntawv nyeem tau npaj los ntawm Alexander Karpuzikov, cov ntaub ntawv kev ruaj ntseg khoom tsim kho tus thawj tswj hwm ntawm huab muab #CloudMTS.
Tau qhov twg los: www.hab.com