Although both web application firewalls (WAF) and network firewalls are called ‘firewalls’, but they are not the same technology. For comprehensive network and web app protection, both are necessary. To understand how they differ, we have to first understand the Open Systems Interconnection (OSI) model.
The OSI Model and Network Layers
The OSI model provides a standardised framework for understanding how devices communicate over a network. It’s a conceptual model, outlining seven distinct layers, each with specific functions.
A key difference between a network firewall and a WAF is the layer on which they operate. Network firewalls typically operate at layers 3 to 7, with the primary focus on layers 3 and 4. On the other hand, WAFs are designed to operate at layer 7.
Diving Into Network Firewalls
A network firewall acts as a barrier and safeguards a secured local-area network from unauthorised access to mitigate attack risks. It separates a secure zone from a less secure one and controls communication between the two.
Network firewalls can block or permit traffic originating from specific IP addresses or ranges. Some examples of network attacks include:
- Unauthorised network access attempts: Hackers might try to gain unauthorised access to your network by exploiting vulnerabilities or brute-forcing login credentials. Firewalls block these attempts based on predefined rules.
- Man-in-the-Middle attacks: These attacks involve attackers intercepting communication between two devices on a network. Firewalls can help prevent this by filtering traffic and ensuring secure connections.
Understanding Web Application Firewalls
While network firewalls guard the entire network perimeter, WAFs act as specialised shields for your web applications. These applications are the gateways to your valuable data and user information, making them prime targets for cyber attackers.
WAFs meticulously examine incoming Hypertext Transfer Protocol (HTTP) traffic, the language web browsers and servers use to communicate. By scrutinising each HTTP request, WAFs can identify and block malicious attempts to exploit vulnerabilities within your web applications.
Some common web application attacks that WAFs combat:
- SQL injection: Hackers inject malicious code into user inputs to manipulate databases and steal sensitive information. WAFs can detect and block these attempts.
- Cross-site scripting (XSS): Attackers inject malicious scripts into web pages, which can then be executed by unsuspecting users. WAFs can identify and block these scripts.
Key Differences Between WAFs and Network Firewalls
Imagine a well-guarded castle. The network firewall acts like the outer wall, defending the entire kingdom (your network) from intruders. The WAF functions as a specialised shield specifically protecting the castle’s treasure chamber (your web applications). Both are security solutions that defend against cyber attacks but they differ in some ways:
Network Firewall | Web Application Firewall |
Protection at OSI model layers 3 and 4 | Protection at OSI model layer 7 |
Safeguard against unauthorised access to networks | Safeguard against web attacks |
Address cyber threats such as MITM, unauthorised network access, DDoS attacks at the network level, etc | Defend against attacks such as SQL Injection, XXS, DDoS at the application layer, etc |
Why Both a WAF and Network Firewall are Important
For a truly robust security posture, a multi-layered approach that combines both these essential security tools is necessary. As highlighted in the previous sections, both technologies offer protection at different layers and thus, shield against different cyber threats.
Introducing WebOrion® Protector
Interested in shielding your web applications from critical security risks? WebOrion® Protector can block common web attacks such as the OWASP top 10 threats and more.
Contact us for a free demo and see how WebOrion® Protector can complement your current cybersecurity strategy.