New Blog Post | Enhancements to Azure WAF for Application Gateway now in General Availability
Enhancements to Azure WAF for Application Gateway now in General Availability - Microsoft Community Hub Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection for your web applications against common vulnerabilities and exploits. Web applications are increasingly targeted by malicious attacks that vulnerabilities. SQL Injection (SQLi) and Cross-Site Scripting (XSS) are examples of some well-known attacks. Preventing such attacks in application code can be challenging and may require rigorous maintenance, patching, and monitoring at many layers of the application topology. A centralized web application firewall helps make security management much simpler and gives better assurance to application developers and security teams against threats or intrusions. The Azure Web Application Firewall (WAF) engine is the component that inspects traffic and determines whether a web-request represents a potential attack, then takes appropriate action depending on the configuration. Previously, when you used the Azure WAF with Application Gateway, there were certain limitations in the way you could configure and monitor your WAF deployments. We are happy to announce several enhancements to the configurations and monitoring capabilities of Azure WAF when used with Azure Application Gateway going forward.SEP 26, 2023 | Ask-Me-Anything | Azure Firewall, Azure WAF and Azure DDoS
UPDATED, post-AMA: Here is the AMA recording in case you missed the live session. ************************************************************* Please join us in this Ask Me Anything session with the Azure Network Security CxE PM team. During this session, the Azure Network Security SME (Subject Matter Experts), will answer your questions on Azure Firewall, Azure Firewall Manager, Azure Web Application Firewall and Azure DDoS. This will be a great forum for our Public Community members to learn, interact and have their feedback listened to by the Azure Network Security team. Feel free to post your questions about Azure Network Security solution areas anytime in the comments before the event starts. The team will be answering questions during the live session, with priority given to the pre-submitted questions from the comments below. If you are new to Microsoft Tech-Community, please follow the sign-in instructions. To register for the upcoming live AMA Sep 26, 2023, visit aka.ms/SecurityCommunity. Mohit_Kumar andrewmathu SaleemBseeu davidfrazee ShabazShaik tobiotolorin gusmodena
Unable to block my website in specific countries with Azure WAF custom rulea
Hi All, Recently I got a requirement from my client to block the access of the website from specific countries. I've gone through lot of documentation over the Internet and found that we can use restrict access by blocking IP ranges and Azure WAF custom rules. I've created custom rules because I had to block almost 60 countries. But that is not working somehow. Can anyone help me on this?Azure WAF Security Protection and Detection Lab now Available
Azure Web Application Firewall Security Protection and Detection Lab is now available. The intent of this lab is to allow customers to easily test and validate the security capabilities of Azure WAF against common web application vulnerabilities/attacks. A significant amount of work has been put into developing the lab environment and the playbooks for our customers, and we are incredibly proud of the teamwork, collaboration, and support throughout the various stages of the process. The lab is now available on Azure Tech Community blog space and is organized in 5 sections. The step by step instructions in the lab allows anyone to rapidly deploy the lab environment and test Azure WAF’s protection capabilities against common web application attacks such as Reconnaissance, Cross-Site Scripting, and SQL Injection with no or minimal know-how of offensive security testing methodology. The lab also demonstrates how to use Azure WAF Workbook to understand how WAF handles malicious traffic and payloads. Click here for a Tutorial Overview an introduction to the testing framework used in the lab, and the four-part instructions one the lab setup.New Blog Post | Text4Shell RCE vulnerability: Protecting against and detecting CVE-2022-42889
Text4Shell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-42889 - Microsoft Community Hub Similar to the Spring4Shell and Log4Shell vulnerabilities, a new critical vulnerability CVE-2022-42889 aka Text4Shell was discovered on October 13, 2022. Text4Shell is a vulnerability in the Java library Apache Commons Text. This vulnerability, in specific conditions, allows an attacker to execute arbitrary code on the victim's machine (Remote Code Execution or "RCE"). Customers can detect and protect their resources against Text4Shell vulnerability using Azure native network security services, Azure Firewall Premium and Azure Web Application Firewall (WAF). You can utilize one of these services or both for multi-layered defense. Customers using Azure Firewall Premium, and Azure WAF have enhanced protection for this RCE vulnerability from the get-go. Customers can protect their assets by upgrading their Apache Commons Text version to the patched version 1.10. However, there are situations when upgrading software is not an option or may take a long period of time. In such case, they can use products like Azure Firewall Premium and Azure WAF for protection. Original Post: New Blog Post | Text4Shell RCE vulnerability: Protecting against and detecting CVE-2022-42889 - Microsoft Community HubNew Blog Post | DRS 2.1 for Azure FrontDoor WAF General Availability
Full Blog: DRS 2.1 for Azure FrontDoor WAF General Availability - Microsoft Community Hub The Default Rule Set 2.1 (DRS 2.1) on Azure's global Web Application Firewall (WAF) with updated rules against new attack signatures is now available to Web Application Firewall customers. This ruleset is available on the Azure Front Door Premium tier. DRS 2.1 is baselined off the Open Web Application Security Project (OWASP) Core Rule Set (CRS) 3.3.2 and includes the Microsoft Threat Intelligence (MSTIC) rules that are written in partnership with the Microsoft Intelligence team. As with the previous DRS 2.0, the MSTIC team analyzes Common Vulnerabilities and Exposures (CVEs) and adapts the CRS ruleset to provide increased coverage, patches for specific vulnerabilities, and better false positive reduction. Also, Azure Front Door WAF with DRS 2.1 uses anomaly scoring mode, hence rule matches are not considered independently. Original Post: New Blog Post | DRS 2.1 for Azure FrontDoor WAF General Availability - Microsoft Community Hub
not able to see Diagnostic Setting option under monitoring for Load balancer to collect log data
hi all , i am not seeing that option to collect and ingest data in to log analytic workspace. please help Diagnostic settings option is not there , how to ingest data in that case like i was bale to see that option in Application gateway , but not in load balancerI don't understand the two WAF Mode
I have read the documentation on the two types of Waf (Detection and Prevention). Detection mode: Monitor and log all threat alerts. Enable logging diagnostics for Application Gateway in the Diagnostics section. You must also ensure that WAF logging is selected and enabled. The Web Application Firewall does not block incoming requests when operating in Detect mode. Prevention mode: Blocks intrusions and attacks that are detected by the rules. The attacker receives a "403 unauthorized access" exception and the connection is closed. Prevention mode logs these attacks in the WAF logs. But then in Owasp Rules we have the ability to assign WAF actions that Allow, Block, Log, Anomaly Score. I don't understand, because if I create a WAF police in prevention mode, I think it is not necessary to change the WAF actions, right? How do you see when an anomaly score is detected and where do you see this internal score, is this seen in the logs? This for me is very confusing, and I need help. Thanks!
New Azure Network Security and Azure Sentinel Blog Posts | Integrating Azure Sentinel/Azure Firewall
We’re excited to announce a seamless integration between Azure Firewall and Azure Sentinel. Now, you can get both detection, prevention and response automation in the form of an easy-to-deploy Azure Firewall solution for Azure Sentinel. Combining these capabilities allow you to ensure that you both prevent sophisticated threats when you can, while also maintaining an “assume breach mentality” to detect and quickly/automatically respond to cyberattacks. The Azure Firewall Solution for Azure Sentinel is now available. Please see the security community blog to learn about the new threat detections, hunting queries and automation for Azure Firewall that are included in this new solution <Optimize security with Azure Firewall solution for Azure Sentinel - Microsoft Security>. The automation capability for Azure Firewall with Azure Sentinel is provided with the new Logic App Connector and Playbook Templates. With this integration, you can automate response to Azure Sentinel incidents which contains IP addresses (IP entity), in Azure Firewall. The new Connector and Playbook templates allow security teams to get threat detection alerts directly in a Microsoft Teams Channel when one of the Playbooks attached to an Automation Rule triggers based on a Sentinel detection rule. Security incident response teams can then triage, perform one click response and remediation in Azure Firewall to block or allow IP address sources and destinations based on these alerts. To learn more about deploying, configuring and using the automation for Azure Firewall with the new Custom Logic App connector and Playbooks, please review the instructions in the blog here <Automated Detection and Response for Azure Firewall with the New Logic App Connector and Playbooks (microsoft.com)>. Original Post: New Azure Network Security and Azure Sentinel Blog Posts | Integrating Azure Sentinel/Azure Firewall - Microsoft Tech CommunityNew Blog Post | Zero Trust with Azure Network Security
Read the full article here: Zero Trust with Azure Network Security - Microsoft Community Hub As more organizations continue to migrate workloads into the cloud and adopt hybrid cloud setups, security measures and controls can become complicated and difficult to implement. The zero-trust model assists and guides organizations in the continuous digital transformation space by providing a reliable framework to manage complexity, secure digital assets and manage risk. The Zero Trust model assumes breach and verifies each request as though it originated from an uncontrolled network regardless of where the request originates or what resource it accesses, instead of believing everything behind the corporate Firewall is safe. For this blog, we will guide you through strengthening one of Zero trust principles - Assume breach. To read more about Zero Trust principles see Zero Trust implementation guidance | Microsoft Learn Azure Network Security Solutions – Firewall, DDoS Protection, and Web Application Firewall (WAF) provide Zero Trust implementation at the network layer ensuring that organizations’ digital assets are secured from attacks and there is visibility into the network traffic. In this blog, we will look at how Azure DDoS Protection, Web Application Firewall and Azure Firewall can be deployed to achieve Zero Trust. The deployment is set up with end-to-end TLS encryption showcasing the ability of WAF and Azure Firewall to inspect encrypted traffic. Original Post: New Blog Post | Zero Trust with Azure Network Security - Microsoft Community Hub
