Skip to main content

SSL and WAF

 SSL and WAF: Brief Info and Explanation


SSL 

As already known (Secure Sockets Layer) is nothing but an encrypted cipher-based Pub-Pvt Key (Size of the key depends on chosen key length) pair wherein the Public Key is issued by a known Certificate Authority (CA) which in turn is again identified by another or same Intermediate Certificate Authority (ICA). This public key is then paired with a private key information to which is only known to the originator of the certificate request. (CSR)

This SSL acts as a layer of security for the HTTP based communication over the web making it HTTP(S). Wherein an end-client executes any transaction/sends any information in plain text and the data is processed by the server.

This plain text is encrypted by the public key in the communication sent from the end-client and the same is decrypted with the help of private key only available to the originator/responding host server. This way the SSL helps cipher and decipher the plain text data after transit and let it travel more safely while in transit.


However, SSL is not itself sufficient enough to safeguard the traffic between the client and the server communication. So there comes in aid, WAF i.e. Web Application Firewall


WAF

This is an application which again uses either own SSL server or Host Server's SSL certificate to decrypt the incoming request and check for possible threats from around the web as available in its registered and regularly updated threat record database. It then filters those requests and responds them from WAF end only. 




Those requests which are found malicious are blocked and same is responded then and there from WAF only. And only those requests are forwarded further to actual HOST Server which are not malicious, which pass all the preliminary tests of the WAF layer.


So, WAF in addition to SSL helps you add value to the overall security layer provided to the data in transit. 

However, same SSL need not be placed in both the communication channels. If you check the two images above carefully, you will be able to find that the communication with END CLIENT and WAF and then between WAF and HOST Server are two different communication channels. 

And both the channels can run on different ports internally with different SSL for each communication. The mentioned heterogenous design of this communication is what makes it more difficult against man-in-the-middle attacks as well as request interception.

And the internal architecture after WAF can again be more complex and yest helpful to the end-client for data security. This can be your WEB->APP->DB layer.

Labels:

Comments

Post a Comment

Provide your valuable feedback, we would love to hear from you!! Follow our WhatsApp Channel at
https://whatsapp.com/channel/0029VaKapP65a23urLOUs40y

Popular posts from this blog

Working with OAuth Tokens in .NET Framework 4.8

  Working with OAuth Tokens in .NET Framework 4.8 OAuth (Open Authorization) is a widely used protocol for token-based authentication and authorization. If you're working with .NET Framework 4.8 and need to integrate OAuth authentication, this guide will walk you through the process of obtaining and using an OAuth token to make secure API requests. Step 1: Understanding OAuth Flow OAuth 2.0 typically follows these steps: The client requests authorization from the OAuth provider. The user grants permission. The client receives an authorization code. The client exchanges the code for an access token. The client uses the token to access protected resources. Depending on your use case, you may be implementing: Authorization Code Flow (for web applications) Client Credentials Flow (for machine-to-machine communication) Step 2: Install Required Packages For handling HTTP requests, install Microsoft.AspNet.WebApi.Client via NuGet: powershell Copy Edit Install-Package Microsoft.AspNet.W...
Post a Comment
Read more

Changing the Default SSH Port on Windows Server 2019: A Step-by-Step Guide

Changing the Default SSH Port on Windows Server 2019: A Step-by-Step Guide By default, SSH uses port 22 for all connections. However, for enhanced security or due to policy requirements, it may be necessary to change this default port. In this guide, we'll walk you through how to change the SSH port on Windows Server 2019 . Changing the default port not only reduces the chances of brute-force attacks but also minimizes exposure to potential vulnerabilities. Let's get started! Why Change the Default SSH Port? Changing the default SSH port can offer several advantages: Security : Automated scripts often target the default SSH port (22). Changing it can prevent many basic attacks. Compliance : Certain compliance regulations or internal policies may require the use of non-standard ports. Segregation : If multiple services are running on the same server, different ports can be used for easier management and separation. Prerequisites Before proceeding, ensure that you: Have administ...
Post a Comment
Read more

Understanding Microservices: What They Are and How They Differ from Traditional Services and APIs

  Understanding Microservices: What They Are and How They Differ from Traditional Services and APIs In recent years, microservices have become one of the most popular architectural styles for building modern applications. But what exactly are they, and how do they differ from traditional services or APIs? In this blog, we’ll break down what microservices are, their key features, and how they differ from the more traditional service-oriented architectures (SOA) or simple APIs. What Are Microservices? In the simplest terms, a microservice is a way of designing software as a collection of small, independent services that each handle a specific task or business function. Imagine you're building an online shopping application. Rather than having a massive, monolithic (one big block of) application that handles everything—user management, product catalog, payment processing, etc.—you can break it down into smaller services. For example: User Service : Manages user accounts, login...
Post a Comment
Read more