Canon Marketing Japan Co., Ltd. ESET SPECIAL SITE Canon MJ Security information Cyber Security Information Bureau ESET WAF?Can it be a decisive hit to prevent cyber attacks on a website?
In recent years, various acts have become online, and websites are increasing in everyday life and business.Against this background, cyber attacks aimed at websites that are relatively valuable are intensifying.In this article, we will explain the mechanism and the benefits of using WAF that protect the website from cyber attacks.
What is WAF?Its role and mechanism
WAF（Web Application Firewall）はWebアプリケーションの脆弱性を狙うタイプの攻撃を防ぐための仕組みである。一般的に、定義されたシグネチャ*1を用いて、通信の内部までチェックすることによって不正な攻撃を検知し、通信を遮断する。ファイアウォールと混同されがちだが、ファイアウォールとの違いはWebアプリケーションに特化し、検知可能な範囲が広いことだ。WAFで防御可能な攻撃として代表的なものを以下に挙げていく。
*1 Rules defined based on fraudulent communication and attack methods that occurred in the past今なお継続するSQLインジェクションによる攻撃を防ぐための対策とは？
Background that requires WAF
With the increase in the importance of websites, the loss of trouble has also increased, and the need for WAF is increasing.I will explain the background in detail.
1) With the spread of smartphones, the existence of websites to be used in infrastructure
With the spread of smartphones (hereinafter referred to as smartphones), the use of the Internet is no longer common.Everything can be done on the website, such as purchasing products and interacting with SNS.It is indispensable for everyday life, such as the deposit and withdrawal of bank accounts and insurance applications on the website.
2) For corporate business, website is indispensable
The web is an indispensable part of diverse cloud services and VPNs, as well as remote work.It can be said that there is no day when we do not use the web in business, such as creating materials, exchanging messages, and video conferences.Web sites are also indispensable for corporate information dissemination and mutual transactions.On the other hand, security risks in website management are increasing due to the diversification and complexity of related systems, including the use of CMS such as WordPress.
3) Attacks aimed at vulnerabilities on the website have increased significantly
With the increase in the importance of websites for users and companies, cyber attacks aimed at vulnerabilities on websites are increasing.According to an incident report compatible report announced by JPCERT (JPCERT Coordination Center) in October 2021, the number of reports of falsification of websites from July 2021 to September 2021 was 579, from 251 in the previous quarter.It is doubling.
Against this background, interest in WAF is increasing to prevent Web falsification and unauthorized access.
Damage cases due to Web tampering, etc.
So what kind of damage will you be damaged when web falsification?The actual case that occurred in 2021 will be introduced below.
1) The website of a major publisher is tampered with
In April 2021, a major publisher website received unauthorized access and was tampered with.When the user accessed the company's website, he was guided to a malicious external site.According to the company's report, no leakage of personal information has been confirmed.
2) The website of the web marketing company is tampered with
In May 2021, a website of a company that operates the web marketing business has been tampered with.It is due to vulnerability caused by the lack of appropriate updates in WordPress used on the company's website.The tampered website was embedded with source code to guide you to an external website.
3) Information leaks on Japanese restaurant EC sites
In June 2021, unauthorized access to EC sites specializing in Japanese tableware occurred.It is said that payment applications have been tampered with and credit card information may have leaked.It is said that unauthorized access was caused by the vulnerability of the company's system.
As you can see from these three cases, falsification of the web vulnerabilities can be used to expose users who have visited their websites.Personal information leakage and spoofing scam may be liable for damages.In addition, the impact on business activities, such as cost burden such as system renovation and impact on sales due to temporary suspension of temporary systems, is enormous.Web改ざんはどのように行われるのか？ その手口と対策
Benefits of introducing WAF
As mentioned earlier, leaving the vulnerability of the web application increases the risk of unauthorized access and tampering.As a result, they have a negative effect on business activities.The introduction of WAF can reduce those risks.
1) Can control the risk of falsification of Web applications
No matter what web application is, vulnerabilities are attached.The introduction of WAF can detect attacks that pierce the vulnerabilities of the Web application, which can suppress the risk of tampering.
2) There is a grace to renovate vulnerabilities
In some cases, vulnerability is discovered in applications or servers, and it may not be possible to renovate immediately due to costs and range of effects.If WAF is introduced at that time, you can earn time, such as patch application and system renovation.
3) Provisions in the event of a problem
Based on the logs recorded in the WAF, it is possible to efficiently and appropriately proceed with measures such as investigating the cause, temporary response, and system renovation in the event of an unauthorized access.
Points when choosing WAF
WAF is large, has two types, a tailor -made type and a cloud type.I would like you to refer to the advantages and disadvantages of each.
1) Advantages and disadvantages of custom -made WAF
The custom -made type is a type of WAF that redefines signatures according to the company that is introduced.The custom -made type can customize its functions for the company, enhance safety, but tends to be relatively high in installation and operation costs.However, in cases where there are multiple business establishments, cost performance may be improved in cases where there are many target Web servers.
2) Advantages and disadvantages of cloud type WAF
Cloud -type WAF is provided by SaaS.Although the cost and operational load can be lower than the custom -made type, the function cannot be customized in principle.In addition, since the cost is continuously incurred during the introduction, it may be higher than the custom -made type when viewed in the medium to long term.
Not only WAF introduction but also comprehensive security measures are required
Web sites are indispensable in daily life and corporate activities.However, if the security is neglected because it pursues too much convenience, it will be overturned.The impact on the business when the website receives unauthorized access and the fact that the leakage of personal information and payment information occurs is immeasurable.
WAF can be one of the measures for that.It is also important for companies to take basic measures such as employee security awareness and terminal management.Please consider the following measures.
UTM (Unified Threat Management) is called comprehensive threat control.Products and services equipped with multiple security functions such as firewalls, anti -viruses, and IPS/IDS.DOS attacks and ports scannings can be detected and blocked.
Vulnerability diagnosis, penetration test
Vulnerability diagnosis is a service that comprehensively checks the vulnerabilities of the web application.In the penetration test, White Hacker tests whether it can invade from the outside to an internal system.In each case, the vulnerabilities of web applications and systems can be detected.システム侵入の実現性を検証するペネトレーションテストとは?【前編】
Introduction of security software to terminals
Web site administrators and terminals of stakeholders may be infected with malware and may lead to unauthorized access.It can be said that the introduction of security software to each device is no longer essential.
Training and enlightenment for employees
There are also attackers who plan unauthorized access and web tampering with employee password management and settings.Each person wants to understand the risk of information leakage and take appropriate measures.
In order to compete with sophisticated and sophisticated cyber attacks, complex measures are required.In developing business in the digital era, security measures may be one of the lifeline of the company.この記事をシェア