SMB SSL-VPN: Web Application Firewall on SSLVPN and its features explained
Web Application Firewall is subscription-based software that runs on the SonicWall SRA appliance and protects Web applications running on servers behind the appliance. It provides real-time protection against a whole suite of Web attacks such as Cross-site scripting, SQL Injection, OS Command Injection, and many more. To use the Web Application Firewall feature, the administrator must first license the software or start a free trial. Web Application Firewall must then be enabled on the Web Application Firewall > Settings page of the SonicWall SSL VPN management interface. Web Application Firewall can be configured to log or block detected attacks arriving from the Internet.
Cross Site Scripting
For Cross Site Scripting, Injection Flaws, Malicious File Execution, and Insecure Direct Object Reference vulnerabilities, the Web Application Firewall feature uses a black list of signatures that are known to make Web applications vulnerable. New updates to these signatures are periodically downloaded from a SonicWall signature database server, providing protection from recently introduced attacks.
Information Disclosure Protection
prevents Information Disclosure and Improper Error Handling by providing a way for the administrator to configure text containing confidential and sensitive information so that no Web site accessed through the Web Application Firewall reveals this text. These text strings are entered on the Web Application Firewall > Settings page. Beside the ability to pattern match custom text, signatures pertaining to information disclosure are also used to prevent these types of attacks.
Cookie Tampering Protection - Encrypt Server Cookies and Exclusion List usage details – What will be the real time usage scenario and impact of this feature?
Customers seeking PCI compliance or advanced security protection for their websites will want to hide the cookies when transmitted over HTTP or uncertified SSL sessions. Even for a SSL session with proper cert, the user can launch a tool like fiddler or do a browser-based packet capture to look at the cookies and discover something more about the application. Encrypting the name and value of the cookies ensures absolute safety. But, it can also lead to problems accessing a web application if the application has client-side scripts relying on the cookie name/value to be decrypted. So, we may need to add them to the exclusions list.
Website Cloaking - Functionality of this feature with respect to the client to Server communication?
This is useful in hiding information about the OS, development platform and web server used by the web application to be protected. For example, OWA and Sharepoint reveal the ASP version and also disclose the application version in their HTTP headers. The Cloaking feature is used to strip these headers so that hacker does not have additional information in exploiting the vulnerabilities of the application.
Session Management timeout and difference from that of Global timeout. Which one takes more precedence?
They are both the same. It is just a short cut to configure the global timeout. We need this under WAF because it is an important setting from a WAF perspective as much as it is from a SSLVPN perspective.
For more details on Web application firewall features, please download the Feature document here - WAF Feature Module.PDF