is it an advantage to use some fibre say between 2 switches on the backplane with spf, use a splitter cable and only the tx of the 3rd spf (pretty much a physical man in the middle but for network security), as even dns query would not return from the middle machine with packet filtering firewall rules and packet inspection, have daul nic board with shared port spf modules tx and rx to force a physical route change
Hi John, lot of points you mentioned in the WAF section(session awareness, protocol support, rate limiting(thresholding)) are already available in IPS solutions (snort, suricata). I generally like your videos but there is lot of misinformation in this video.
When do you think i need to go for a WAF and when should i go for an IPS.WAF as per my understanding is more specific to web servers and is seldom used for other assets in the infrastrucuture where as IPS can be used for any components within the infrastructure.If someone can help me understand where i can place these in the network would be great.
Thanks for the presentation. Would it be an overkill to have an IPS and a WAF connected serially as I understand while WAF will look deeper on the TOP10 vulnerabilities, an IPS would have a broader database? Thank you
It wouldn't be overkill as both devices do different things, but just keep in mind the complexity and latency introduced with daisy-chaining security devices. Unfortunately, there's not a security device that "does it all" today...so you have to introduce multiple devices to accomplish all the security needs you have. That said, it's better to have a central point of coordination/orchestration for managing security devices if you can do that...essentially one place to decrypt the traffic and then send it to all the different devices and then re-encrypt and send it on to the destination.
Max Spekle I’ll recommend you deploy WAF and IPS in the cloud , with other threat protect stuffs while you deploy a RASP to secure the on premise app. See www.baffinbaynetworks.com and contrastsecurity.com
Very good comparision, can you plz comment if ng ips like sourcefire which uses snort which is basically used in some waf also can provide somewhat similar protection like waf
Hi Syed, great question! You are correct that more modern Next Gen Firewalls have advanced capabilities that provide similar "WAF-like" protection. So, as technology improves, some of the newer, more advanced NGFW will be able to do some of these WAF functions. Having said that, I would still recommend a WAF because it can very typically do more than a NGFW and you will very likely want the protection of both the NGFW and the WAF. I hope this helps!
When an HTTPS request is made by a client, the WAF terminates the SSL/TLS connection, decrypts the traffic, and then inspects it for malicious content or other security issues.
most of the firewall now a days are stateful which basically means they keep well track of the user in the state table...and yes IPS are are also now a days very aware about the session
I am not sure if IPS can protect against advanced web Application Attacks like Blind SQL Injection attacks, Cross Site Scripting, Command Injection, file upload vulnerabilities...The IPS is more of a signature based and more relevant against Network and Transport layer attacks with few Application Layer Attacks to go with it whereas WAF is likely to protect against all Application layer attacks.
@@devcentral This set up is simple but the nicest I've seen for describing things. When I steal this I'll post a shout out link. Thanks guys, this IPS vs WAF video also helped with my security fundamentals class.
Hello John,
now a days there are vendor building IPS engine which is even having awareness about the users and reputations too.
Simple explanation without going into details, great video!
glad you enjoyed it!
is it an advantage to use some fibre say between 2 switches on the backplane with spf, use a splitter cable and only the tx of the 3rd spf (pretty much a physical man in the middle but for network security), as even dns query would not return from the middle machine with packet filtering firewall rules and packet inspection, have daul nic board with shared port spf modules tx and rx to force a physical route change
Hi John, lot of points you mentioned in the WAF section(session awareness, protocol support, rate limiting(thresholding)) are already available in IPS solutions (snort, suricata). I generally like your videos but there is lot of misinformation in this video.
Very well explained, like to see more
glad you enjoyed it!
When do you think i need to go for a WAF and when should i go for an IPS.WAF as per my understanding is more specific to web servers and is seldom used for other assets in the infrastrucuture where as IPS can be used for any components within the infrastructure.If someone can help me understand where i can place these in the network would be great.
Thanks for the presentation. Would it be an overkill to have an IPS and a WAF connected serially as I understand while WAF will look deeper on the TOP10 vulnerabilities, an IPS would have a broader database? Thank you
It wouldn't be overkill as both devices do different things, but just keep in mind the complexity and latency introduced with daisy-chaining security devices. Unfortunately, there's not a security device that "does it all" today...so you have to introduce multiple devices to accomplish all the security needs you have. That said, it's better to have a central point of coordination/orchestration for managing security devices if you can do that...essentially one place to decrypt the traffic and then send it to all the different devices and then re-encrypt and send it on to the destination.
Max Spekle I’ll recommend you deploy WAF and IPS in the cloud , with other threat protect stuffs while you deploy a RASP to secure the on premise app. See www.baffinbaynetworks.com and contrastsecurity.com
Very good comparision, can you plz comment if ng ips like sourcefire which uses snort which is basically used in some waf also can provide somewhat similar protection like waf
Hi Syed, great question! You are correct that more modern Next Gen Firewalls have advanced capabilities that provide similar "WAF-like" protection. So, as technology improves, some of the newer, more advanced NGFW will be able to do some of these WAF functions. Having said that, I would still recommend a WAF because it can very typically do more than a NGFW and you will very likely want the protection of both the NGFW and the WAF. I hope this helps!
great content. thanks
Glad you liked it and thanks for the comment!!
How does the WAF protect against HTTPS if the data is encrypted and therefore the WAF wouldn't understand it?
When an HTTPS request is made by a client, the WAF terminates the SSL/TLS connection, decrypts the traffic, and then inspects it for malicious content or other security issues.
most of the firewall now a days are stateful which basically means they keep well track of the user in the state table...and yes IPS are are also now a days very aware about the session
yeah that's what i thought the seccond he said that, for example in Checkpoint there is a feature called "identity awareness"/
I am not sure if IPS can protect against advanced web Application Attacks like Blind SQL Injection attacks, Cross Site Scripting, Command Injection, file upload vulnerabilities...The IPS is more of a signature based and more relevant against Network and Transport layer attacks with few Application Layer Attacks to go with it whereas WAF is likely to protect against all Application layer attacks.
Nicely explained.
glad you enjoyed it!
@@devcentral Yes, ofcourse 😉
Are you writing on glass with the camera reversed? Nice setup.
thanks! here's a behind the scenes view of how we do it: ruclips.net/video/U7E_L4wCPTc/видео.html
@@devcentral This set up is simple but the nicest I've seen for describing things. When I steal this I'll post a shout out link. Thanks guys, this IPS vs WAF video also helped with my security fundamentals class.
@@devcentral Thank you for sharing :)
IPS knows protocols too, otherwise how can it detect the malicious code/payload, right?
very well explained. Thank you
glad you enjoyed it!
Peyton Manning’s son is Killin’ this Cyber stuff!
IPF is also behaviour based
how is no one commenting on how he's writing backwards?
Thanks for the comment and here is how we produce the Lightboard Lessons: ruclips.net/video/U7E_L4wCPTc/видео.html
3:47 a WA""""""F :D