UNIT-04

Security in E Commerce Threats in Computer Systems

Ecommerce Security:
E-Commerce security is the guideline that ensures safe transactions through the
internet. It consists of protocols that safeguard people who engage in online selling and
buying goods and services. Business need to gain your customers’ trust by putting in
place eCommerce security basics. Such basics include:

1. Privacy: Privacy includes preventing any activity that will lead to the sharing of
customers’ data with unauthorized third parties. Apart from the online seller that a
customer has chosen, no one else should access their personal information and account
details. So, an online business should put in place at least a necessary minimum of anti-
virus, firewall, encryption, and other data protection. It will go a long way in protecting
credit card and bank details of clients.

2. Integrity: Integrity is another crucial concept of eCommerce Security. It means

ensuring that any information that customers have shared online remains unaltered. The
principle states that the online business is utilizing the customers’ information as given,
without changing anything. Altering any part of the data causes the buyer to lose
confidence in the security and integrity of the online enterprise.

3. Authentication: The principle of authentication in eCommerce security requires that

both the seller and the buyer should be real. They should be who they say they are. The
business should prove that it is real, deals with genuine items or services, and delivers
what it promises. The clients should also give their proof of identity to make the seller
feel secure about the online transactions. It is possible to ensure authentication and
identification.

4. Non-repudiation: Repudiation means denial. Therefore, non-repudiation is a legal

principle that instructs players not to deny their actions in a transaction. The business
and the buyer should follow through on the transaction part that they initiated.
eCommerce can feel less safe since it occurs in cyberspace with no live video. Non-
repudiation gives eCommerce security another layer. It confirms that the
communication that occurred between the two players indeed reached the recipients.
Therefore, a party in that particular transaction cannot deny a signature, email, or
purchase.

Common Ecommerce Security Issues:

1. Lack of trust in the privacy and ecommerce security: Businesses that run
eCommerce operations experience several security risks, such as:

 Counterfeit sites– hackers can easily create fake versions of legitimate

websites without incurring any costs. Therefore, the affected company may
suffer severe damage to its reputations and valuations.

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 1
  Malicious alterations to websites– some fraudsters change the content of a
website. Their goal is usually to either divert traffic to a competing website
or destroy the affected company’s reputation.
 Theft of clients’ data– The eCommerce industry is full of cases where
criminals have stolen the information about inventory data, personal
information of customers, such as addresses and credit card details.
 Damages to networks of computers– attackers may damage a company’s
online store using worm or viruses attacks.
 Denial of service– some hackers prevent legit users from using the online
store, causing a reduction in its functioning.
 Fraudulent access to sensitive data– attackers can get intellectual property
and steal, destroy, or change it to suit their malicious goals.

2. Malware, viruses, and online frauds: These issues cause losses in finances, market
shares, and reputations. Additionally, the clients may open criminal charges against the
company. Hackers can use worms, viruses, Trojan horses, and other malicious
programs to infect computers and computers in many different ways. Worms and
viruses invade the systems, multiply, and spread. Some hackers may hide Trojan horses
in fake software, and start infections once the users download the software.

3. Uncertainty and complexity in online transactions: Online buyers face uncertainty

and complexity during critical transaction activities. Such activities include payment,
dispute resolution, and delivery. During those points, they are likely to fall into the
hands of fraudsters. Businesses have improved their transparency levels, such as clearly
stating the point of contact when a problem occurs. However, such measures often fail
to disclose fully the collection and usage of personal data.

E-commerce website security measures to cover the 24/7:

1. Use Multi-Layer Security: It is helpful to employ various security layers to fortify

your security. A Content Delivery Network (CDN) that is widespread can block DDoS
threats and infectious incoming traffic. They use machine learning to keep malicious
traffic at bay.

2. Get Secure Server Layer (SSL) Certificates: One of the primary benefits of SSL
Certificates is to encrypt sensitive data shared across the internet. It ensures that the
information reaches only the intended person. It is a very crucial step because all data
sent will pass through multiple computers before the destination server receives it.

If SSL certificate encryption is absent, any electronic device between the sender and the
server can access sensitive details. Hackers can thus take advantage of your exposed
passwords, usernames, credit card numbers, and other information. Therefore, the SSL
certificate will come to your aid by making the data unreadable to unintended users.

3. Use solid-rock Firewalls: Use effective e-commerce software and plugins to bar
untrusted networks and regulate the inflow and outflow of website traffic. They should
provide selective permeability, only permitting trusted traffic to go through.

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 2
4. Anti-Malware Software: Any electronic devices, computer systems, and web
system need a program or software that detects and block malicious software, otherwise
known as malware. Such protective software is called Anti-malware software. An
effective anti-malware should render all the hidden malware on the website.

5. Comply with PCI-DSS Requirements: Make it a routine to maintain the Payment

Card Industry Data Security Standard (PCI-DSS) to protect all credit card data.

VIRUS:
A computer virus is a kind of malicious computer program, which when executed,
replicates itself and inserts its own code. When the replication is done, this code
infects the other files and program present on your system. These computer viruses
are present in various types and each of them can infect a device in a different
manner.

A computer virus is a program which can harm our device and files and infect them
for no further use. When a virus program is executed, it replicates itself by modifying
other computer programs and instead enters its own coding. This code infects a file or
program and if it spreads massively, it may ultimately result in crashing of the
device.

Across the world, Computer viruses are a great issue of concern as they can cause
billions of dollars’ worth harm to the economy each year.

Since the computer virus only hits the programming of the device, it is not visible.
But there are certain indications which can help you analyse that a device is virus-hit.
Given below are such signs which may help you identify computer viruses:

 Speed of the System – In case a virus is completely executed into your

device, the time taken to open applications may become longer and the entire
system processing may start working slowly
 Pop-up Windows – One may start getting too many pop up windows on their
screen which may be virus affected and harm the device even more
 Self Execution of Programs – Files or applications may start opening in the
background of the system by themselves and you may not even know about
them
 Log out from Accounts – In case of a virus attack, the probability of accounts
getting hacked increase and password protected sites may also get hacked and
you might get logged out from all of them
 Crashing of the Device – In most cases, if the virus spreads in maximum files
and programs, there are chances that the entire device may crash and stop
working

Types of Computer Virus:

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 3
  Boot Sector Virus – It is a type of virus that infects the boot sector of floppy
disks or the Master Boot Record (MBR) of hard disks. The Boot sector
comprises all the files which are required to start the Operating system of the
computer. The virus either overwrites the existing program or copies itself to
another part of the disk.
 Direct Action Virus – When a virus attaches itself directly to a .exe or .com
file and enters the device while its execution is called a Direct Action Virus. If
it gets installed in the memory, it keeps itself hidden. It is also known as Non-
Resident Virus.
 Resident Virus – A virus which saves itself in the memory of the computer
and then infects other files and programs when its originating program is no
longer working. This virus can easily infect other files because it is hidden in
the memory and is hard to be removed from the system.
 Multipartite Virus – A virus which can attack both, the boot sector and the
executable files of an already infected computer is called a multipartite virus.
If a multipartite virus attacks your system, you are at risk of cyber threat.
 Overwrite Virus – One of the most harmful viruses, the overwrite virus can
completely remove the existing program and replace it with the malicious
code by overwriting it. Gradually it can completely replace the host’s
programming code with the harmful code.
 Polymorphic Virus – Spread through spam and infected websites, the
polymorphic virus are file infectors which are complex and are tough to
detect. They create a modified or morphed version of the existing program and
infect the system and retain the original code.
 File Infector Virus – As the name suggests, it first infects a single file and
then later spreads itself to other executable files and programs. The main
source of this virus are games and word processors.
 Spacefiller Virus – It is a rare type of virus which fills in the empty spaces of
a file with viruses. It is known as cavity virus. It will neither affect the size of
the file nor can be detected easily.
 Macro Virus – A virus written in the same macro language as used in the
software program and infects the computer if a word processor file is opened.
Mainly the source of such viruses is via emails.

Ways to Protect the Computer from Virus:

The most suitable way of making your computer virus-free is by installing an Anti-
virus software. Such software help in removing the viruses from the device and can be
installed in a computer via two means:

 Online download
 Buying an Anti-virus software and installing it

Anti-Virus:
An anti-virus is a software which comprises programs or set of programs which can
detect and remove all the harmful and malicious software from your device. This anti-

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 4
virus software is designed in a manner that they can search through the files in a
computer and determine the files which are heavy or mildly infected by a virus.

Given below is a list of few of the major antivirus software which is most commonly
used:

 Norton Antivirus
 F-Secure Antivirus
 Kaspersky Antivirus
 AVAST Antivirus
 Comodo Antivirus
 McAfee Antivirus
These are few of the many anti-virus software widely used to remove viruses from a
device.

E-Commerce Security Threats and Their Solutions:

1. Financial Fraud: Cybercriminals often target payment transactions, attempting to
siphon funds from unsuspecting users. These threats range from credit card fraud to
identity theft. The 2 most common types of financial fraud carried out by fraudsters
include credit card fraud and refund fraud.

2. Credit Card Fraud: This fraud is carried out through a stolen credit card or
through identity theft which enables the fraudster to create a credit card with that
identity. Transactions with stolen credit cards can be limited by installing address
verification systems. These systems check and verify between the billing addresses
provided by the customer to you and the bank.

3. Refund Fraud: Another trick up a fraudster’s sleeve is to file requests for refunds
or returns for non-existent orders or after using the products. They can also perform
unauthorized transactions and clear the trail, causing a loss of revenue for your e-
commerce business.

4. Phishing: Phishing attacks involve deceptive emails or websites that appear

legitimate but are designed to trick users into revealing their personal and financial
information. Customers can receive messages or emails from hackers pretending to be
your e-commerce business. They present fake copies of your website pages or another
reputable website to trick the users into believing them. This can pose a grave
problem in the trust customers have with your business.

5. DDoS Attacks: Distributed Denial of Service (DDoS) attacks flood a website with
overwhelming traffic rendering it inaccessible to legitimate users. E-commerce
businesses are attractive targets. Such a threat can cause your e-commerce platforms
to crash resulting in hefty sales and revenue loss.

6. Spamming: Spam emails, comments, and messages can clutter & disrupt the
experience of your e-commerce platform. They can also have malware or phishing
Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru
Page 5
links. They can also leave these links in their comments on blog posts and contact
forms. Clicking such a link directs your customers to malicious sites. Spamming not
only affects your website’s security but also reduces its speed and performance
drastically.

7. Bots: Bots can be programmed to perform tasks like scraping data, automating
purchases, or launching attacks. Malicious bots can wreak havoc on e-commerce sites
by scraping them for inventory and price information. Hackers can then use the data
to lower or modify the prices on their websites in an attempt to lower your sales and
revenue.

8. Brute Force Attacks: Brute force attacks involve repeated, automated login
attempts to gain unauthorized access to user accounts. Attackers can use brute force to
attack your administrator panel, crack your password, and compromise your account
to steal information. Automated tools help in trying out thousands of combinations in
an attempt to obtain your site’s passwords. It’s wise to use strong, complex passwords
and change them every few months.

9. Vulnerability Exploitation: Vulnerabilities that exist in your e-commerce website

can be exploited by hackers using SQL injections or cross-site scripting (XSS). SQL
injections affect your database by corrupting it using codes that are put into query
boxes on your site. XSS targets the users with the aid of malicious code snippets that
are planted in your site allowing hackers to access customers’ cookies.

10. Malware: Malicious software like spyware, viruses, trojans, and ransomware is
installed on your IT and computer systems without your knowledge. Customers,
admin, and other user devices may have trojan horses that can easily swipe away any
sensitive information from it and in the process affect your e-commerce site as well.

Solutions For E-Commerce Security Threats:

Solution 1: Implement A Secure Firewall- A robust firewall system like Astra

Firewall can detect and mitigate DDoS attacks on websites. It acts as a barrier against
malicious traffic and ensures that your e-commerce site remains accessible and keeps
away fishy networks, XSS, SQL injection, and DDoS attacks. They also help regulate
network traffic to and from your online store.

Solution 2: Secure Payment Gateways- Do not store client credit card information
on your database. Rather, use trusted third-party services like PayPal and Stripe to
handle payment transactions away from your website. This ensures better safety for
your customers’ personal and financial data. If your business does store financial
information, compliance with PCI-DSS is mandatory.

Solution 3: Switch to HTTPS Protocol- Using outdated HTTP protocols can put
your e-commerce website and your customers at risk. Utilize HTTPS to encrypt data
transmitted between the user’s browser and the website. It displays a trustworthy
green lock symbol on the URL bar. This ensures that sensitive information submitted
by customers and their user data remains confidential.

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 6
HTTP protocols are defunct and most browsers either display users with a warning
message or outright block access to such sites. Switch to HTTPS as it also will help
your e-commerce business rank better on Google since HTTPS is a ranking factor for
it.

Solution 4: Carry out Vulnerability Scans- Use automated vulnerability scanning

tools like Astra Vulnerability Scanner or OWASP ZAP to carry out quick website
vulnerability scans. Ensure that the tools also provide vulnerability scan reports with
severity scores and remediation steps so that mitigation of the vulnerabilities is easier
for you. The tool should also have a wide, constantly evolving vulnerability database
for the detection of the latest vulnerabilities.

Solution 5: Use Anti-malware and Anti-Virus Software- Regularly scan your

website for malware using anti-malware and antivirus software. This helps identify
and eliminate malicious code, reducing the risk of spamming and malware
infections. AI content generators can also assist in creating unique and engaging
content that enhances your website’s value to customers.

Anti-malware software helps detect, remove, and prevent infectious software from
infecting your devices and systems. On the other hand, antivirus software keeps
viruses at bay.

Solution 6: Have a Multi-layered Security- Utilize a multi-layer security approach

that includes CAPTCHA tests, and bot detection tools to differentiate between
genuine users and malicious bots. Multifactor authentication can be enabled too so
that genuine customers have the additional security and it protects your site from any
unauthorized requests. 2FA which uses OTP (one-time password) with personal
identification is a popular method of authentication.

Solution 7: Have Backups for Data- Regularly back up your website data and
configurations. This helps you quickly restore your e-commerce platform to a clean
state in case of a breach or attack. Having backups minimizes the downtime, data loss,
and revenue loss experienced by your business.

Solution 8: Stay Current on E-commerce Threats- Continuously monitor your

website’s software to detect and mitigate vulnerabilities. It is vital that as an e-
commerce business owner, you stay informed about evolving threats that can affect
your business. Your employees and customers should also have awareness of the
latest knowledge concerning handling user data and safe website engagement. It is
also important to revoke access for former employees from your systems.

Encryption: Encryption is a crucial cybersecurity measure that protects private and

personal data. It makes use of unique codes that ‘scramble’ the data, making it
impossible for hackers to read. Even if there’s a data breach, encryption ensures that
private data remains safe, even if an attacker manages to make it past a firewall.

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 7
Data encryption is a process by which any piece of information sent across the
internet is encoded and is readable only to those who are authorised encryption or
decryption key holders.

Cyber security encryption is the process by which data or digital information is

transformed into an unreadable set of complex codes. Encrypted data appears
scrambled to the outside world, protecting confidentiality and reputation.

Types of Encryption work:

There are two main types of data encryption.

Symmetric encryption, also known as primary key encryption, is the simplest form
of encryption. Involving only one private key to cipher-decipher the data or
information, it is the longest standing form of encryption, using numbers or strings of
characters mixed in with the data so that the information becomes unreadable.

The disadvantage of symmetric encryption is that the sender and receiver need an
exchange of keys so that the data can be encoded.

Asymmetric encryption, also known as public key encryption, uses a set of two keys
to encode the information. One secret key, and one public key. The public key is
available to anyone who wishes to communicate with you, whilst the secret key is
kept private to the source device. Data can only be decrypted using both keys.

This method of cyber security encryption is used in everyday communication

channels, such as emails, online chats and other internet services.

Importance of Encryption in Cybersecurity:

1. Security threats – attacks such as denial of service, malware, database

invasion and unauthorised internet access are highly prevalent, but can all be
averted using cyber security encryption.

2. Data interception – as data is passed over communication channels such as

email, it can be intercepted and stolen. However, if the data is encrypted, then
it will be useless to the cyber thief.

3. Unauthorised access – network intrusions can lead to data record leaks and
loss of confidential information. Encryption in network security can, however,
avoid any leaked data being accessed.

4. Virus attacks – when a network or other online resource comes under attack
by malware, viruses or Trojan horses, the security of the system or network
will be under threat, with the potential for considerable data loss. Encryption
will however prevent data being misused for criminal intent.

Encryption be used to protect sensitive information:

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru
Page 8
Here are some of the most common ways in which encryption is used on an everyday
basis in order to protect data:

HTTPS encryption – most modern websites use HTTPS or Secure Socket Layer
(SSL) encryption to protect internet traffic whilst it travels between a device and the
website being browsed. If the URL of the website you are viewing begins https rather
than just http, and shows a padlock, then you know it will be protected. This layer of
security ensures that intruders cannot listen in or alter any data whilst in transit. If you
don’t see the sign that the website is secure, be sure to avoid entering any financial or
personal information.

Email encryption – some email platforms encrypt all emails by default. Others will
use an external program to do so. Platforms such as Gmail and Outlook encrypt by
default, and the protection should be sufficient for the average email users. However,
for businesses, especially those in the regulated sector, it is advisable to upgrade to a
specialist security solution.

Virtual private networks – VPNs are used widely for data encryption, and are now a
common element of the remote working generation. A VPN keeps data secure whilst
in transit by routing it though an encrypted virtual tunnel. This disguises your IP
address, making its location invisible to everyone. A VPN is also secure against
external attacks.

Importance of encryption
Web Application Firewall:

Web Application Firewall protects the web application by filtering, monitoring, and
blocking any malicious HTTP/S traffic that might penetrate the web application. In
simple words, a Web Application Firewall acts as a shield between a web application
and the Internet. This shield protects the web application from different types of
attacks.
A web application firewall (WAF) is a firewall that monitors, filters and blocks
Hypertext Transfer Protocol (HTTP) traffic as it travels to and from a website or web
application. A WAF can be network based, host based or cloud based. It is often
deployed through a reverse proxy and placed in front of one or more websites or
applications.
A WAF can be software, an appliance or a service. It analyzes HTTP requests and
applies a set of rules that define what parts of that conversation are benign and what
parts are malicious.
A Web Application Firewall operated as Application Firewall for HTTP Applications,
it implements a set of rules for a HTTP Conversation and these rules will cover how
to deal common attacks such as Cross Site Scripting (XSS) and SQL Injection.

Working of Web Application Firewall:

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 9
 According to the OSI model, WAF is a protocol layer seven defense.
 When a WAF is deployed in front of a web application, a shield is created
between the web application and the Internet.
 The advantage of WAF is that it functions independently from the application, but
yet it can constantly adapt to the application behavior changes.
 The clients are passed through the WAF before reaching the server in order to
protect the server from exposure.
 WAF can be set to various levels of examinations, usually in a range from low to
high, which allows the WAF to provide a better level of security.

Features of WAF:
•Protection against web application attacks: WAFs can detect and mitigate
common web application attacks such as SQL injection, cross-site scripting and
buffer overflows by blocking or rate-limiting seemingly malicious incoming
traffic.
•Monitoring and logging: Most WAFs offer detailed monitoring and logging
capabilities, which are crucial in the investigation of potential security attacks. For
example, Amazon Web Services offers various monitoring and logging options
for its WAF resources, including AWS CloudWatch Alarms, AWS CloudTrail
logs and AWS WAF web access control list traffic logging.
•AI-powered traffic pattern analysis: Certain WAFs are equipped to perform
AI-based algorithms. They use behavioral baselines to detect malicious patterns
and anomalies that signal a potential attack.
•Application profiling: WAFs can identify and deny potentially malicious
requests through application profiling, which entails looking into an application's
structure, including common queries, URLs, values and permitted data types.
•Content delivery networks (CDNs): Because WAFs are configured at the
network edge, a cloud-hosted WAF can offer a CDN to cache the website and
reduce load times. The WAF deploys the CDN over several internationally
dispersed points of presence, serving site visitors from the closet site and reducing
latency.
•Customization: Security rules can be applied to application traffic through a web
application firewall. This lets organizations tailor the behavior of the WAF to their
specific requirements and avoid blocking genuine traffic.
•Scalability and flexibility: Most WAFs are scalable and can tackle high-traffic
websites and applications. They also provide a level of flexibility, as they can be
deployed in a variety of configurations, including on premises or within cloud-
based environments.
•Improved compliance: A WAF can help with compliance by adding an extra
layer of defense against web application assaults that could reveal sensitive user
data.
•Defense without access to source code: A WAF can defend web-based
applications without accessing the source code of the application. While a host-
based WAF can be integrated into application code, a cloud-hosted WAF can
defend the application without having access. In addition, a cloud WAF is easy to
deploy and manage, and it provides quick virtual patching options that let users
rapidly customize their settings to adapt to newly detected threats.

Types of Web Application Firewall:

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru
Page 10
 Network-based WAFs are usually hardware-based. They provide latency
reduction due to local installation. Network-based WAFs are the most expensive
and also require the storage and maintenance of physical equipment.
 Host-based WAFs may be completely integrated into an application’s software.
They exist as modules for a web server. It is a cheaper solution compared to
hardware-based WAFs, which are used for small web applications. The
disadvantage of a host-based WAF is the consumption of local server resources
because of which the performance may degrade.
 Cloud-based WAFs are low-cost and have fewer resources to manage. The
cloud-based solution is the perfect choice when a person doesn’t want to restrict
themselves with performance capabilities. The service providers can provide with
unlimited hardware pool but after a certain point of time, the service fees might
increase.

Purpose of a Web Application Firewall :

 Generally Firewalls are administered to monitor network traffic which acts as an
additional layer of protection that will scan all traffic at site and securing the
network against malicious bots and multiple different attack vectors.
 whereas WAFs just not only passively monitor activity but also proactively shore
up weaknesses in the web applications, they constantly scans the vulnerabilities,
WAFs also often observes the weaknesses in the network long before the user
notices and also makes a patch in the weak points.
 while patch does not serve as a long time resolution but it does gives the user time
to fix the issue and prevents potential breaches in network.

Benefits of Web Application Firewalls(WAFs) :

1. To stop customer data from being compromised –WAFs make sure the customer
data does not get exposed to any malicious attacks and potential vulnerabilities.

2. WAFs enforces compliance –WAF make sure that the data be strictly enforced to
the standards HIPAA and PCI to make sure data is strictly organized there by
blocking any opportunities or vulnerabilities which may create a space for hackers to
perform attacks.

3. Saves Resources –WAFs do save a lot of resource for the user by automatically
running security test and monitoring traffic.

4. Prevents attacks – By performing effective monitoring and running security tests

and creating patches to weak points WAFs prevent various attacks including SQL
injections, cross-site scripting (XSS) attacks, and distributed denial of service (DDoS)
attacks.

Policy in Web Application Firewall:

 The set of rules through which a WAF operates is called a policy.

 The purpose of these policies is to protect against the vulnerabilities in the
application by filtering out malicious traffic.

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 11
 The value of a WAF comes in part depending upon the speed and efficiency with
which the policy modification is implemented.

Types of Attacks a Web Application Firewall Can Prevent:

 DDOS Attack aims to target a particular web application/ website/ server with
fake traffic.
 Cross-Site Scripting (XSS) Attacks are aimed at those users who use vulnerable
web applications/ websites in order to gain access to and control their browsers.
 SQL Injection Attacks: A malicious SQL code is injected in the form of requests
or queries in the user input box on the web applications that the user is using.
 Man-in-the-middle attacks take place when the perpetrators position themselves
in between the application and the legitimate users in order to extract confidential
details.
 Zero-day attacks are unexpected attacks that take place. The organization knows
about the existence of vulnerabilities in the hardware/ software only when the
attack has taken place.

Blocklist and Allowlist in Web Application Firewalls:

 Blocklist: A WAF that is based on a blocklist protects against known attacks.

Visualize blocklist WAF as a college security guard who is instructed to deny
admittance to the students who don’t bring their ID-Cards.
 Allowlist: A WAF based on an allow list only admits traffic that has been pre-
approved. This is like the college security guard who only admits people who are
on the list.
Both Blocklist and Allowlist have equal advantages and disadvantages because of
which many WAFs offer a hybrid security model, which implements both.

Advantages:

 Low-cost for cloud-based WAF solution.

 Prevent attacks which include SQL injections, cross-site scripting (XSS) attacks,
etc.
 It prevents cookie poisoning. Cookie poisoning is the manipulation of cookies in
order to keep track of users’ information.
 Prevents data from being compromised.

Disadvantages:

 If the software has vulnerabilities, then there are chances that some attacks might
bypass them.
 Sometimes the complete solution comes at an expensive cost.
 A lot of resources are consumed.
 There is a lack of cloud support because WAFs are majorly deployed as hardware
on-premise.

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 12
Firewall Policy:
A firewall policy is a set of rules and standards designed to control network traffic
between an organization’s internal network and the internet. It aims to prevent
unauthorized access, manage data movement, and guard against potential security
threats. There are key components to consider, main types of firewall policies and
firewall configurations to be aware of, and sample policies to review that offer
valuable context in creating your own effective firewall policy.

Components of Firewall Policies:

1. User Authentication: Only authorized users or systems can access the
network through user authentication. This method often entails confirming
user credentials before giving access. It increases security by preventing
unwanted access and protecting critical resources.

2. Access Rules: Access rules, also known as access control lists (ACLs),
manage which traffic is permitted or prohibited. They define the conditions
under which network communication is authorized and serve as key building
blocks of network security regulations.

3. Logging & Monitoring: Logging and monitoring methods record and analyze
network activity. They provide a foundation for recognizing possible security
issues and aiding forensic analysis. To protect the network’s security and
integrity, administrators can track and analyze actions by keeping a log of
network events.

4. Rule Base: The rule base defines the criteria for accepting or rejecting
network traffic. This set of rules includes details such as source and
destination IP addresses, port numbers, and protocols. It serves as the
foundation of firewall regulations, specifying the basic criteria of filtering
traffic and controlling the flow of data.

5. Rule Objects: Rule objects define access rules and incorporate components
such as applications, source or destination hosts, and networks. Examples
include Users, User Groups, Applications, Application Groups, Countries,
IPv4/IPv6 Endpoints, Host DNS Names, and more. Rule objects improve
policy administration by providing a structured mechanism to group items
used in access rules.

6. User & Application-Based Rule Objects: User and User Group rule objects
are based on Windows Active Directory users and user groups. Application
rule objects employ the signature set to identify diverse software packages.
The application on Custom Port detects non-standard ports. Application
Groups combine various apps for unified handling. These rule objects provide
detailed control over user and application-specific traffic, boosting security
and resource management.

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 13
 7. Network-Based Rule Objects: IPv4/IPv6 Endpoints, Host DNS Names,
IPv4/IPv6 Address Ranges, and Networks define source/destination criteria.
Country rule objects allow/block traffic based on the countries of origin and
destination. For easier management, Network Group rule objects integrate
several network-related rule objects. These rule objects set communication
criteria, enabling or blocking traffic based on network properties.

8. Time-Based Rule Objects: Finite Time Period implements time interval-

specific constraints. Repeated rule enforcement can be executed with
Recurring Time Period and Recurring Time Period Group. Time-based rules
control network access by aligning with certain timeframes and intervals.

9. Service & Service Group Rule Objects: Service rule objects limit traffic
depending on IP protocols, ICMP codes, or TCP/UDP port numbers. Service
Group rule objects combine services for consistent policy management. These
rule objects establish communication parameters, ensuring control over certain
services and protocols.

Types of Firewall Policies:

1. Hierarchical Firewall Policy: The hierarchical firewall policy takes an
organized approach to rule organization by grouping rules in a hierarchical
style and assigning unique rules to each security zone. This gives businesses
granular control over network traffic, allowing them to fine-tune security
measures based on varied requirements inside distinct zones. While this
strategy provides thorough control, it needs rigorous maintenance for effective
and comprehensive security posture.

2. Global Network Firewall Policy: A global network firewall policy, in

contrast to the hierarchical model, opts for standard rules that are implemented
consistently across all security zones in an organization. This offers a
streamlined and uniform security environment. However, because the
standards are global in design, they may lack the specificity required for
businesses with varying security demands across many zones, potentially
resulting in a one-size-fits-all approach.

3. Regional Network Firewall Policy: The regional network firewall policy,

designed for enterprises with regionally distributed operations, achieves a
balance between meeting the security needs of many sites while keeping a
centralized approach to policy administration. This enables businesses to
successfully address difficulties and ensures that security measures are
optimized for the specific threats and landscapes encountered in various
geographic areas.

Steps to Create a Firewall Policy:

1. State the Purpose
List the firewall’s intended goal, such as securing sensitive data, restricting network
access, or protecting against specific threats. This clarity ensures that the firewall

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 14
matches with broader security goals and serves its intended purpose. If the primary
purpose is to protect sensitive customer information, for example, the policy should
highlight methods to secure data exchanges and prevent unwanted access.

2. Identify the Scope

Specify the networks, systems, and data that are covered by the policy to prevent
ambiguity and ensure that it covers the intended assets. Organizations can adapt their
firewall rules to protect specific assets by explicitly defining the scope, making the
policy more targeted and effective. If the scope encompasses both internal and cloud-
based systems, the policy may need to account for distinct security issues for each
environment.

3. Define Key Terms

Establish explicit definitions for terms to create a shared understanding among all
stakeholders involved in policy implementation. Determining the key terms ensures
that everyone interprets and manages the material consistently, lowering the chance of
miscommunication and errors. Consider creating the whole policy first to identify all
the key terms that may be unfamiliar to the general reader.

4. Establish Exceptions & Change Processes

Create a transparent procedure for requesting and approving changes and exceptions,
including the relevant paperwork, to balance flexibility with strong security rules.
This guarantees that exceptions are given based on valid business reasons and are
documented and reviewed on a consistent basis. If a department needs specific ports
open for a project, the exception process will define the stages for approval as well as
the documentation needed.

5. Detail Policies & Procedures

Outline specific duties, rules for inbound and outbound traffic, policy infractions, and
rule update procedures to ensure full policy execution. This phase provides detailed
guidance to assist organizations in constantly enforcing security measures. As an
example, detailing methods for modifying firewall rules, ensures that changes are
carried out in a uniform manner, reducing the chance of misconfigurations.

6. Address Compliance Requirements

Ensure that the firewall policy complies with relevant cybersecurity and privacy
requirements. This displays the organization’s dedication to legal and regulatory
norms, lowering the danger of legal ramifications. For example, if the firm handles
healthcare data, the firewall policy must comply with the Health Insurance Portability
and Accountability Act (HIPAA) to protect patient information and
ensure compliance.

7. Maintain Thorough Documentation

Keep detailed records of firewall setups, changes, exceptions, and testing results. This
documentation is useful for audits, troubleshooting, and future policy updates. Create
a documentation guideline to allow enterprises to monitor and easily review the

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 15
updates done for firewall setups. This supports easier troubleshooting and provides
insights for continual improvement.

Also set the frequency of review and revision in terms of time intervals (monthly,
quarterly, or annual). Specify the circumstances in which the policy must be reviewed
and revised, such as adapting to an advancement in firewall technology. Also specify
the strategies for continuous development based on feedback and insights.

Finally, fill out the policy version history to note any and all updates to the policy, as
well as the approvers of the newest version.

8. Define Violations & Penalties

Clearly define the consequences of policy infractions, such as purposeful firewall
bypassing or other prohibited conduct, to encourage a culture of accountability. For
example, state that attempting to disable the firewall without authorization leads to
warnings, disciplinary proceedings, or termination of employment. Encourage staff to
adhere to security regulations and prevent illegal activity.

9. Plan the Policy Distribution

The Distribution section guarantees that the policy reaches all relevant individuals in
charge of firewall-related responsibilities within the organization. This dissemination
ensures that everyone involved is aware of the policy, confirms receipt of it, and
agrees to comply with its terms. Each employee should acknowledge receipt and
compliance with the policy via their signature at the bottom of the document.

Firewall Configuration Types:

Firewall configuration types are distinct setups that balance network security control
with efficient implementation and maintenance. NIST highlights three configurations:
explicit rules, where regulations are manually defined; settings-based configuration,
which uses predefined configurations; and automatic policy creation, which uses
automations for policy generation and adaptation. Knowing these types helps specify
the procedures in the firewall policy draft.

Explicit Rules-
Administrators take a hands-on approach in this configuration type, establishing rules
that explicitly allow or deny specific network activity. These rules cover important
elements including protocols, source/destination addresses, and ports. While this type
of system provides a great level of control, it requires demanding manual setup and
regular maintenance.

Settings-Based Configuration
In settings-based configuration, administrators configure generic settings that generate
internal rules automatically. Overall security levels, intrusion detection and
prevention thresholds, and other global factors may be included in these settings. This
technique reduces configuration but may cost control granularity.

Automatic Policy Creation

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 16
Some firewalls can generate policies and rules automatically based on observed
network behavior or predetermined templates. Machine learning algorithms or
behavioral analysis may play a role in dynamically developing these rules. Based on
observed traffic patterns, the firewall adapts its ruleset autonomously. This approach
is often more adaptable to changing network conditions, but it necessitates extensive
testing to ensure accuracy and effectiveness.

Differences Between WAFs and Firewalls :

1. Both Function in different ways –

As we know a firewall is administered in a network while a WAF is generally
deployed near application here there is a complete difference in functionality of
them, WAF focuses on ensuring security on application network traffic whereas a
Firewall stresses on a network for protection and monitoring traffic.

2. Both are placed in different location of the network –

In General, a firewall is deployed near edge of a network which makes it a barrier
between known and trusted networks and any unknown networks. Whereas a
WAF is placed before application and servers thereby making it enabled to offer
protection against any threat designed to attack servers, this can be taken into
record as fundamental difference between both firewall and a WAF.

3. Both offer protection against different kind of threats –

Generally standard firewalls are designed to deny or permit access to networks,
thereby denying unauthorized access to networks, some examples of firewall
include blocking access to pornographic or questionable content from school
computer labs and logging to a LAN of computers in a computer Lab. WAFs
generally focuses on offering protection to HTTP/HTTPS applications and
servers to prevent threats. like Attacks via SQL Injection, DDOS attacks, XSS or
cross-site scripting attacks.

4. Both Concentrate on different layers of the OSI Model –

The OSI Layer represents the inner working and functions of a standard network,
it is regarded as bible map of network. Firewalls concentrate on layers 3 (network)
and 4(Transport) of the OSI model, Layer 3 generally is concerned on the transfer
of packets between nodes in the network, Layer 4 of the model is concerned about
transformation of data to a destination host via a source. Whereas, WAFs primary
focus is on layer 7(Applications) which is closest to user, Layer 7 is typically the
software or interface with which the user interacts with the network.

5. Both differ in amount of access control offered –

As WAF job is to focus on preventing attacks to applications by monitoring
network and not on restricting accesses WAFs don’t focus on access control or
restricting access while on other hand access control is the primary operation
performed by a firewall. These settings are more often customized to serve users
needs and more often firewall will be enacted to deny access to folders, websites,
networks – only allowing those with the proper credentials.

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 17
6. Firewalls and WAFs run different Algorithms –
Since Firewalls and WAFs differ in design and function, users expect them to run
different kind of algorithms which is true. WAFs run Anomaly Detection
Algorithms, Heuristic Algorithms, and Signature Based Algorithms. While on
other hand, Standard Firewalls run Proxy Algorithms, Packet-Filtering Algorithms
and Stateless/ Stateful Inspection Algorithms.

7. Both have DDOS protection in Different areas –

DDOS or Denial-Of-Service attacks are kind of attacks, which leaves a network in
crippled condition. This type of attack is exactly the what the name implies, it
denies access to a network usually by flooding access point with extra overload.
Each of these Firewalls offers some protection towards this DDOS attacks, while
the location of protection offered differs between the two, Since WAFs primarily
deals with the applications, their DDOS protection concentrates on application
layer which Layer 7 of the OSI model. While the Standard Firewalls protect
against Layers 3 and 4 of the Network Layer.

8. Both Have different modes of operation –

WAF operates in two different modes are as follows.
Passive Mode :
Passive Mode WAF operates passively that is without action, which effectively
renders the application network not secure and should be used for testing use case
only.
Active Inspection Mode :
In Active Inspection Mode, a WAF will continuously scan and offer protection
against any kind of threat.

9. Standard Firewall also operates in two modes –

Routed Mode :
A Routed Mode is Firewall’s main mode operating on Level 3 executing static
and routing protocols and acting similar to a network router.
Transparent Mode :
Transparent Mode works only on Layer 2 and allows transparent forwarding of
data due to the bridging of interfaces , completely bypassing Layer 3.

10. Both Have different Levels of application Protection –

As they differ in Design, Function, operating location Both WAF and Firewall
also has different kind of protection offered in application level. As Firewalls
operate in Levels 3 and 4 in the OSI Model, focus of protection permits minimal
attention to the application level, which allows Firewalls to on transfer of data
between networks. On the other hand, a WAF’s primary function is to protect
application layer(level 7) of the network, thus providing security to entire
application layer of network, this application layer includes applications, servers,
software and interfaces with which the user has direct access to network.

11. Both Have Different Use cases –

As The protection offered by each of these Firewalls gives each of them a
different use case, WAFs are deployed in zones that have contact with internet,
protecting HTTP/HTTPS applications and servers. The focus of its protection is

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 18
 safety of application or server. Whereas Firewalls are usually meant to protect
individual user as well as network of individuals(such as LAN or individual
network), Traditional Firewalls are effective but they mostly offers protection at
basic levels of network. This is the reason why WAF is deployed along with a
Firewall to make increased protection against multiple layers of network. With
Multiple Firewalls operating, a network becomes more strong and secure.
Conclusion :
Web Application Firewall(WAF) and Standard Application Firewalls fundamentally
differ in their operation and designed accordingly to provide secure and robust
network infrastructure to users. Knowing these differences will help Consultants to
provide best scenario and implementing design in business.

Network Firewall vs. Web Application Firewall (WAF):

A Network Firewall acts as a boundary providing protection between internal and

external network traffic.

It has present rules that define the traffic allowed on the network. It then looks at
source and destination IP addresses and the ports to determine if the incoming and
outgoing data packets are authorized or not.

A Web Application Firewall (WAF) specializes in protecting website applications

and APIs. A WAF protects HTTP(s) traffic and applications in the network’s internet-
facing zones.

The WAF and Network Firewall serve different purposes and protect different
network layers.

Proxy Server:
A proxy server refers to a server that acts as an intermediary between the request
made by clients, and a particular server for some services or requests for some
resources. There are different types of proxy servers available that are put into use
according to the purpose of a request made by the clients to the servers. The basic
purpose of Proxy servers is to protect the direct connection of Internet clients and
Internet resources. There are many Proxy providers in the market that provide
services to both individuals and businesses.
For example, Smartproxy has been offering unique solutions for online anonymity
and web data collection since 2018. It has a 55M+ residential proxy pool that opens

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 19
horizons for block-free web scraping and geo-targeting. They provide access to 195+
locations worldwide, including city-level and 50 US states targeting You can check
out Smartproxy’s official website to uncover more of its unique features.
The proxy server also prevents the identification of the client’s IP address when the
client makes any request to any other servers.
 Internet Client and Internet resources: For Internet clients, Proxy servers also
act as a shield for an internal network against the request coming from a client to
access the data stored on the server. It makes the original IP address of the node
remain hidden while accessing data from that server.
 Protects true host identity: In this method, outgoing traffic appears to come
from the proxy server rather than internet navigation. It must be configured to a
specific application such as HTTP or FTP. For example, organizations can use a
proxy to observe the traffic of their employees to get the work efficiently done. It
can also be used to keep a check on any kind of highly confidential data leakage.
Some can also use it to increase their website rank.

Need Of Private Proxy

 Defeat Hackers: To protect an organization’s data from malicious use, passwords
are used and different architects are set up, but still, there may be a possibility that
this information can be hacked in case the IP address is accessible easily. To
prevent such kind of misuse of Data Proxy servers are set up to prevent tracking
of original IP addresses instead data is shown to come from a different IP address.
 Filtering of Content: By caching the content of the websites, Proxy helps in fast
access to the data that has been accessed very often.
 Examine Packet Headers and Payloads: Payloads and packet headers of the
requests made by the user nodes in the internal server to access social websites
can be easily tracked and restricted.
 To control internet usage of employees and children: In this, the Proxy server
is used to control and monitor how their employees or kids use the internet.
Organizations use it, to deny access to a specific website and instead redirecting
you with a nice note asking you to refrain from looking at said sites on the
company network.
 Bandwidth savings and improved speeds: Proxy helps organizations to get
better overall network performance with a good proxy server.
 Privacy Benefits: Proxy servers are used to browse the internet more privately. It
will change the IP address and identify the information the web request contains.
 Security: Proxy server is used to encrypt your web requests to keep prying eyes
from reading your transactions as it provides top-level security.

Types Of Proxy Server

 Reverse Proxy Server: The job of a reverse proxy server to listen to the request
made by the client and redirect to the particular web server which is present on
different servers.
Example – Listen for TCP port 80 website connections which are normally placed
in a demilitarized zone (DMZ) zone for publicly accessible services but it also
protects the true identity of the host. Moreover, it is transparent to external users
as external users will not be able to identify the actual number of internal servers.
So, it is the prime duty of reverse proxy to redirect the flow depending upon the
configurations of internal servers. The request that is made to pass through the

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 20
 private network protected by firewalls will need a proxy server that is not abiding
by any of the local policies. Such types of requests from the clients are completed
using reverse proxy servers. This is also used to restrict the access of the clients to
the confidential data residing on the particular servers.
 Web Proxy Server: Web Proxy forwards the HTTP requests, only URL is passed
instead of a path. The request is sent to particular the proxy server responds.
Examples, Apache, HAP Proxy.
 Anonymous Proxy Server: This type of proxy server does not make an original
IP address instead these servers are detectable still provides rational anonymity to
the client device.
 Highly Anonymity Proxy: This proxy server does not allow the original IP
address and it as a proxy server to be detected.
 Transparent Proxy: This type of proxy server is unable to provide any
anonymity to the client, instead, the original IP address can be easily detected
using this proxy. But it is put into use to act as a cache for the websites. A
transparent proxy when combined with gateway results in a proxy server where
the connection requests are sent by the client , then IP are redirected. Redirection
will occurs without the client IP address configuration. HTTP headers present on
the server-side can easily detect its redirection .
 CGI Proxy: CGI proxy server developed to make the websites more accessible. It
accepts the requests to target URLs using a web form and after processing its
result will be returned to the web browser. It is less popular due to some privacy
policies like VPNs but it still receives a lot of requests also. Its usage got reduced
due to excessive traffic that can be caused to the website after passing the local
filtration and thus leads to damage to the organization.
 Suffix Proxy: Suffix proxy server basically appends the name of the proxy to the
URL. This type of proxy doesn’t preserve any higher level of anonymity. It is
used for bypassing the web filters. It is easy to use and can be easily implemented
but is used less due to the more number of web filter present in it.
 Distorting Proxy: Proxy servers are preferred to generate an incorrect original IP
address of clients once being detected as a proxy server. To maintain the
confidentiality of the Client IP address HTTP headers are used.
 Tor Onion Proxy: This server aims at online anonymity to the user’s personal
information. It is used to route the traffic through various networks present
worldwide to arise difficulty in tracking the users’ address and prevent the attack
of any anonymous activities. It makes it difficult for any person who is trying to
track the original address. In this type of routing, the information is encrypted in a
multi-folds layer. At the destination, each layer is decrypted one by one to prevent
the information to scramble and receive original content. This software is open-
source and free of cost to use.
 12P Anonymous Proxy: It uses encryption to hide all the communications at
various levels. This encrypted data is then relayed through various network routers
present at different locations and thus I2P is a fully distributed proxy. This
software is free of cost and open source to use, It also resists the censorship.
 DNS Proxy: DNS proxy take requests in the form of DNS queries and forward
them to the Domain server where it can also be cached, moreover flow of request
can also be redirected.
 Rotating Proxy: A rotating proxy assign a new or different IP address to each
user that connects to proxy. As users connect, the unique address is assign to it.

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 21
Proxy Server Operates
Every computer has its unique IP address which it uses to communicate with another
node. Similarly, the proxy server has its IP address that your computer knows. When
a web request is sent, your request goes to the proxy server first. The Proxy sends a
request on your behalf to the internet and then collect the data and make it available to
you. A proxy can change your IP address So, the webserver will be unable to fetch
your location in the world. It protects data from getting hacked too. Moreover, it can
block some web pages also.

Proxy Server
Advantages of Proxy Server
Proxy server has multiple benefits like
 Security: Proxy Server provides security between internet and system. They help
your system from unauthorized user to access your network
 Saves Bandwidth: A proxy server can save bandwidth, especially in those
environments where the same resources are accessed by multiple users.
 Performance: Proxy server improves performance, when a person requests for a
resource, then the proxy can serve it from its cache rather than fetching it from the
original server this helps to increase performance.
 Filteration: Proxy servers are used to filter content based on keywords or file
types.
 Access Control: There are some content which is restricted in various countries,
so proxy server helps to control geographical access.

Disadvantages of Proxy Server

 Proxy Server Risks: Free installation does not invest much in backend hardware
or encryption. It will result in performance issues and potential data security

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 22
 issues. If you install a “free” proxy server, treat very carefully, some of those
might steal your credit card numbers.
 Browsing history log: The proxy server stores your original IP address and web
request information is possibly unencrypted form and saved locally. Always check
if your proxy server logs and saves that data – and what kind of retention or law
enforcement cooperation policies they follow while saving data.
 No encryption: No encryption means you are sending your requests as plain text.
Anyone will be able to pull usernames and passwords and account information
easily. Keep a check that proxy provides full encryption whenever you use it.

Deepa M, Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru

Page 23