Once your WAF has finally been implemented, assess how any future Web application firewall changes may impact your Web applications, and vice versa. Naturally, it is important to document any network infrastructure changes for reference and troubleshooting. This involves tracking any changes made to their configuration now and in the future.
Changes to the production environment should always take place during a monitored maintenance time period. Make sure all of the organization's affected parties are advised in advance of the timing and that they are aware of the scope of the changes. To ensure that configurations aren't changed unintentionally or without due process, you must control physical as well as logical access to your security devices. Strict adherence to change control, business continuity, and disaster recovery policies will all play a part in protecting the WAF and your business.
Instead of examining just network addresses and ports, application-layer firewalls review the entire network packet. This capability provides more in-depth log analysis and allows the recording of application-specific commands. Don't let this data go to waste. Log file analysis can warn you of impending or current attacks. Ensure that you define what information you want your firewall to log -- preferably the full request and response data, including headers and body payloads. Make sure your staff has the expertise and adequate time to review and analyze it.
Web applications will never be 100% secure. Even without internal pressures to deploy Web applications quickly, there will be vulnerabilities that can be exploited. Having a Web application firewall in place as part of a layered security model, however, you can observe, monitor and look for signs of intrusion. A WAFcan also mean the difference between scrambling to fix a flaw or having the breathing room to repair the vulnerability to your own timetable.
For more on Web application firewall selection and deployment
Understanding your Web application firewall (WAF) product options
Comparing Web application firewall (WAF) security features
Web application firewall implementation: Software vs. hardware
How to deploy a Web application firewall (WAF)
Web application firewall (WAF) management
About the author:
Michael Cobb, CISSP-ISSAP, is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications.