…and why is an Application Firewall important?

The Internet is at Flood Stage

When they think of the Internet, most users think of the web sites they visit using Internet Explorer, and perhaps the email they exchange with family and friends. Those who use the Internet at work think of the web sites they use on the job. If they think of the underlying infrastructure that stores this information and transmits it to their browser, they think of it only when a glitch prevents them from doing something they wanted to do. At present, this happens only rarely with most users.

Unfortunately appearances do not correspond with reality. At present, a significant amount of traffic on the Internet is not transferring legitimate content to users who requested it. Users are mostly aware of one aspect of this problem, spam in their mailboxes. According to the widely-respected anti-spam organization SpamHaus, 85% or more of the email sent across the Internet is spam – email that the end users did not ask for and (in most cases) do not want. The vast majority of spam advertises questionable or outright fraudulent products or services, and is sent using computers compromised by trojan or vius software and controlled by the spammers to form botnets. In other words, many spammers are using stolen resources to send their spam. The spammers use a wide variety of techniques – DNS poisoning, fast-flux hosting, and others – to switch between hundreds or thousands of these computers, making it extremely difficult to find all the compromised computers and remove the virus or trojan.

Increasingly, the web sites advertised in this type of spam are also hosted on the same compromised computers. Originally the spammers compromised mostly consumer workstations running Microsoft Windows 2000 or Windows XP, but increasingly they are targeting business workstations and servers that may run Windows or any of several types of Unix. For example, one widely-tracked (and widely loathed) spam botnet organization targets Unix computers running insecure versions of the Apache web server. This organization, and others like it, host false bank or financial institution web sites (called phishing web sites), child pornography (CP), unlicensed pharmaceutical web sites, and many other types of web sites promoting illegal or questionable products or services on computers without the permission or knowledge of the owners. This results in lost use of computer resources, embarrassment, and inconvenience to the owners when these spammed web sites are tracked to their server rooms.

This is where the Citrix Application Firewall, or another application firewall, becomes important for any business or organization with a web site. The Application Firewall is a filter that sits between web applications and users, examining requests and responses and blocking dangerous or inappropriate traffic. The Application Firewall protects web servers and web sites from unauthorized access and misuse by hackers and malicious programs, such as viruses and trojans (or malware). It provides protection against security vulnerabilities in legacy CGI code or scripts, web server software, and the underlying operating systems. It helps keep the bad guys out of your company’s computers.

I’ll have specific examples of types of web site abuse and how to prevent them in upcoming posts.