December 3, 2024 at 05:39PM
Many organizations using CDN-provided WAF services are misconfiguring them, exposing back-end servers to direct attacks. This affects nearly 40% of Fortune 100 companies, including major brands. Researchers found that inadequate request validation and lack of security best practices are primary causes of this widespread vulnerability, making servers accessible to Internet threats.
### Meeting Takeaways:
1. **WAF Misconfiguration Issue**: A significant configuration error is causing many organizations using Web Application Firewall (WAF) services from Content Delivery Network (CDN) providers to leave their back-end servers vulnerable to direct internet attacks.
2. **Scope of the Problem**: Researchers at Zafran found that approximately 40% of Fortune 100 companies are affected, including major brands such as Chase, Visa, and Intel.
3. **WAF Functionality**: WAFs serve as intermediaries that inspect traffic to protect web applications from various threats, yet misconfiguration can expose actual back-end servers to direct access.
4. **Research Findings**: Zafran identified 2,028 domains from 135 Fortune 1000 companies with WAF-protected servers accessible over the internet, potentially allowing for denial-of-service and ransomware attacks.
5. **Shared Responsibility**: Misconfiguration responsibility primarily lies with customers of CDN/WAF providers, but the providers also share the burden for not implementing adequate risk avoidance measures.
6. **Validation Failures**: The main issue stems from insufficient validation of web requests sent to back-end servers, which should be isolated from direct internet traffic.
7. **Best Practices Ignored**: Many organizations have not followed recommended protective measures, such as IP filtering and mutual TLS authentication, leaving back-end servers exposed.
8. **Easily Discoverable Vulnerabilities**: Information about enterprise origin services is often publicly available through certificate transparency logs, making it easier for attackers to locate vulnerable back-end servers.
9. **Critical Statistics**: 13% of randomly sampled servers protected by Cloudflare showed this misconfiguration, indicating a widespread vulnerability across domains.
10. **Mitigation Efforts**: Zafran is reaching out to affected companies and CDN/WAF providers to help identify and resolve these misconfigurations promptly.
Overall, there is a critical need for organizations to adopt best practices in Web application security, proper WAF configuration, and ongoing collaboration with CDN providers.