1) To decrypt an https traffic the WAF should be having both public and private keys and that are only maintained by Application web server and the client, then how come this WAF has both the keys.. Sandeepp>> Yes, Web server has SSL or TLS implementations and WAF needs or configured with Public/Private keypairs in order to decrypt the secured traffic. I would suggest have realtime example (ACE Web Application Firewall from Cisco) of this scenario: https://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_waf/v60/user/guide/axg_ug_ssl.html
2) If WAF has the keys to do decrypt and encrypt, then their can be a performance issue and also load on WAF.? Sandeep>> Yes, Its always your decision in implementing defence in depth strategy. You have to decide which mechanism shall be used for effective security of information systems. Also, most of WAF replicates the https traffic for decryption / deep inspection. It is also possible that by the time attack is detected, attack might already have excecuted succesfully its payload. Further, WAFs which does replicate https traffic for its decryption, assume that https has no role in these web communications, then WAF blocks or scales up traffic to be http only traffic and then perform deep inspection for possible attacks. Finally, WAFs which has multi-layered approach need not worry of type of traffic, as it scans all kinds of traffic (request/response) at every layer. In other words, WAF will be built right into Webserver APIs' which web applications usually call. This will provide effective security but will have load / performance issues. Choose this solution depending on the type of network you are in! 3) And last is WAF is effective and required? Finally, as a Security professional, every small idea/tool/solutions when capable of detecting/defending/preventing/protecting something then you have to take call where to keep these solutions. Every such solutions are always required for better work arounds and effective when utilised at right environment. Hope you can understand this! Regards Sandeep Thakur -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
