Stream News & Views

28 May 2024
Today we're asking ChatGPT to help us with our title tag SEO
Whenever you search for something on Google, the results are displayed with a main title and a description below. In addition to standing out, the...
14 Dec 2023
TrailBoss website goes live
Trailboss is an established towbar brand in the Australian market with a reputation of delivering quality products for over 40 years. We were asked to...
16 Nov 2023
Dr John Flood Website
We replaced an ageing Wordpress site with one of our Footprint websites. Check it out.
14 Nov 2023
Parkside Towbars website goes to the next level with a carefully considered refresh
Parkside Towbars have always provided great service and professionalism to their local customers from their 3 stores in Perth, Western Australia. In...
08 Nov 2023
FLOWAMS - The all-new Association Management Software (AMS) by Stream Interactive
We've taken our ever reliable streamSWEET software and reconfigured it into FLOW AMS
06 Sep 2023
Should I consider a WAF (Web application firewall) as part of my website security?
A WAF, or Web Application Firewall, is a vital tool for safeguarding web applications (websites). Its primary function is to filter and monitor HTTP...
21 Aug 2023
10 essential benefits of a website re-skin
A website re-skin, also known as a website redesign or makeover, involves updating the visual elements and user interface of a website while keeping...
04 May 2023
Nonprofit Courses chooses PD able to track its Professional Development
Matt Hugg, President and Founder of Nonprofit Courses tells us how he tried unsuccessfully to find a suitable professional development system for his...
02 May 2023
Insurance Brokers Association of New Zealand (IBANZ) Website
When IBANZ made the shift to rebrand their organisation they also engaged us to refresh their existing membership website. Utilizing streamSWEET,...
01 May 2023
Our Tech 10 - May 2023
The latest goings-on in the tech world as seen by us. Some very cool 'James Bond' toys in this round... Enjoy!
30 Mar 2023
Xmas better late than never
At Stream we try to keep a good work-life balance but things got the better of us at the end of last year and continued into 2023.
16 Mar 2023
Is the hype around AI and ChatGPT really something worth looking into? We decided to find out!
We asked chatGPT to produce an AI generated presentation about one of our favourite topics: Why is Professional Development key to your business...
05 Dec 2022
Trojan E-commerce Website Upgrade
5 years ago Stream Interactive launched the Trojan website, moving the business into full online, e-commerce capability. ERP integration was also...
08 Sep 2022
Professional Development Tracker Software
In our opinion, this is one of the best Professional Development trackers in the world today.
04 Jul 2022
Should I make the switch to Google Analytics 4?
Oh heck Google will no longer be supporting Universal Analytics from 1 July 2023, instead you will now need to migrate over to their latest and...
20 Jun 2022
What are image 'alt' tags and how do they affect SEO?
Image Alt Text and SEO
30 Mar 2022
Should I create a custom 404 page for my website?
What is a 404 page anyway? A 404 page shows when someone gets lost on your website by using the wrong URL. This can happen for a variety of...
22 Nov 2021
Could Google be manipulating your webpage title tags?
In recent months Google has been rewriting Title tags in it’s SERPs at a rate of about 13%, (sometimes up to 20%).
19 Nov 2021
Our Tech 10
Something tech-focussed and fun to read during your tea or coffee break
18 Jun 2021
Can my newsletter look great on all devices & what about those pesky spam algorithms?
Email is still one of the most dependable direct marketing channels available. You've done all the hard work building up a reliable email database...

Should I consider a WAF (Web application firewall) as part of my website security?

06 Sep 2023

A WAF, or Web Application Firewall, is a vital tool for safeguarding web applications (websites). Its primary function is to filter and monitor HTTP traffic flowing between a web application (your website) and the Internet (users of your website). In many respects a WAF is like a standard firewall, however a WAF is tightly optimised for website activity. They often exist off-site, offered as an online tool by a 3rd party specialist. Their services are consumed by directing internet traffic through their servers using standard DNS/network techniques.

A WAF gives strong protection from malicious activity such as cross-site forgery attacks, cross-site scripting attacks, file inclusion attacks, and SQL injection attacks. A good WAF will also offer a level of protection against DDoS attaches. With its robust capabilities, a WAF plays a crucial role in maintaining the security and integrity of web applications.

Here are 10 key points to enhance your understanding of WAFs:

1. Security Policies

WAFs work based on predefined security policies that include rules and conditions to identify and block malicious traffic. These policies can be customised to suit the specific needs of the web application and its potential vulnerabilities.

2. Positive and Negative Security Models

WAFs can operate using positive security models (allow only known good traffic) or negative security models (block known bad traffic). Positive security models are more restrictive but highly effective against many types of attacks.

3. Behavioural Analysis

Some advanced WAFs incorporate behavioural analysis and machine learning techniques to detect anomalies and zero-day attacks, enhancing their ability to protect against evolving threats.

4. Logging and Reporting

WAFs often provide extensive logging and reporting capabilities, allowing security teams to monitor traffic, investigate incidents, and fine-tune security policies based on real-time data.

5. SSL/TLS Inspection

Many WAFs can inspect encrypted HTTPS traffic to identify and block threats hidden within encrypted connections.

6. Integration with Other Security Tools

WAFs are often part of a broader security ecosystem and can integrate with other security solutions such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and Security Information and Event Management (SIEM) platforms for a more comprehensive defence strategy.

7. Challenges and False Positives

WAFs may face challenges in distinguishing between legitimate traffic and false positives, which can result in blocking legitimate users or allowing malicious traffic. Proper tuning and monitoring are essential to minimise these issues. This requires ongoing investment in monitoring of outcomes and tuning of rules.

8. Scalability

As web traffic grows, WAFs must be scalable to handle increased load effectively. Cloud-based WAF solutions can provide scalability advantages.

9. Continuous Updates

WAFs require regular updates to their rule sets to stay effective against new attack vectors and emerging threats. Keeping the WAF up-to-date is crucial for maintaining security.

10. User Authentication and Access Control

Some WAFs offer user authentication and access control features to restrict access to certain parts of a web application based on user roles and permissions.



Cloudflare
 

Cloudflare WAF solutions

Stream Interactive has a significant and growing number of clients adopting use of the extended Cloudflare WAF. Stream handles the implementation  on behalf of our clients as part of the overall development and hosting package. The process involves planning, initial setup, close early monitoring and tuning and then ongoing monitoring and tuning. The Cloudflare offer is an online solution that is injected as a 'reverse proxy', and which offers a number of clear advantages:

  1. Affordable plans which can be tuned to suit business needs.
  2. Can be implemented relatively easily, without flow-on effects that trigger need for other rationalisation.
  3. Powerful WAF capability to give greatly enhanced security outcomes.
  4. Performance and speed enhancement through caching, dynamic optimisation of content and a powerful CDN.
  5. Strong set of tools to address DDoS attacks.

Stream has always taken great care to run with best practices that minimise exposure to malicious actors, including working to industry defined coding patterns, establishing well structured hosting environments and running security audits. The need to continue with this approach remains. A WAF is an important tool in the arsenal, giving another very specialised 'layer to the onion'. It gives the best chance for your business to run with high quality service levels, with the least risk of disruption or worse.

In conclusion, a Web Application Firewall is a valuable component of web application security, but it should be part of a comprehensive security strategy that includes other layers of defence and ongoing monitoring and adjustment to adapt to changing threats and traffic patterns.

Contact us to discuss your website security needs, or call the office on +64 9 889 1880.


Login





Forgot password?
Create an Account