December 14, 2016

Cybersecurity and how to protect the application layer

Davitt Potterby Davitt Potter
Sr. Engineering Manager, Cybersecurity
Arrow ECS

The role of the application layer in a cyber attack is increasingly of concern, and has become a necessity for any organization that needs true visibility into their environment.  As the network perimeter becomes more secure, attackers look for new ways to exploit an organization. The challenge of attacks at the application layer, also known as Layer 7, is that legacy firewalls do not understand and cannot identify the traffic passing via layer 7.  For example, a legacy or non-application aware firewall assumes that any traffic on ports 80 and 443 are web and secure web traffic.  Knowing this, hackers can mask the code to appear as normal application data – using ports 80 and 443 to pass malicious traffic.

Layer 7 supports both application and user processes like SMTP and HTTP. By using the application layer to appear as a standard application or port, hackers can disguise malicious code, commands or even entire applications as valid requests that are then accepted by the network itself. This means not only are intrusion attempts harder to identify at this layer, they are also becoming more frequent.

1. Application Layer Firewalls

Application Firewalls provide better content filtering capabilities over traditional firewalls and have become the most important tool in protecting the application layer.  An application firewall allows for more granular control over network traffic by providing the ability to permit or deny specific application requests or commands vs. traditional firewalls which only allow or deny activity from a host. Application layer firewalls feature built-in filtering capabilities along with protocols that can analyze traffic as it passes through the network, and provides detailed logs and real-time analytics that can be used to identify and thwart suspicious activity.  An application layer firewall understands what actual web traffic looks like at a packet level.  It can identify Skype traffic, regardless of the port.  With this level of control, true network visibility and control become much better, and help further refine a company’s security posture.

2. Data Classification

Classifying data is a best practice that allows you to understand what types of data are stored.  Sensitive data such as financial information or intellectual property is of higher value to the organization and therefore more valuable to hackers as well.  Classifying data is key to setting rules in the firewall and understanding the firewall logs. A failure to classify and understand your data leaves your application data at risk for a breach.  There are automated tools to help do this; a good security policy and audit are also things that every organization should have reviewed at least annually.  New application aware firewalls also have the ability to identify, alert on, and prevent the transmission of sensitive data, as well.

3. Deep Packet Inspection

One of the most important ways to prevent penetration of your application layer involves Deep Packet Inspection capabilities. Stateful Packet Inspection used by traditional firewalls examines very basic packet information and is little more than a gatekeeper. Deep packet inspection reaches into the data in the packet looking for malicious code and rejects packets based on their content.

To protect applications, DPI are able to dive into application centric information. As part of the application filtering system DPI can reach beyond the network’s address and ports, and examine entire packets as they move across the network. This provides dramatically detailed log information, which in turn sheds valuable insight on vulnerabilities and produces warning signals of possible attacks.

Application Firewall Expertise

Your organization’s application security can not be left to chance. Arrow Enterprise Computing Solutions offers a comprehensive portfolio from the world’s leading technology suppliers to solve your customers most pressing network, computing and security issues. Arrow connects your organization with the unique tools and services needed to solve the challenges you and your customers face on a daily basis.