WAF

• 1: Overview
• 2: How-to guides
• 2.1: WAF Build Process Guide
• 3: Release Note

1 - Overview

Service Overview

WAF (Web Application Firewall) is a service that monitors website traffic to securely protect web applications. It quickly detects and analyzes HTTP and HTTPS–based security threats that target website vulnerabilities.

Features

• Powerful Detection/Blocking: We monitor the HTTP and HTTPS traffic of web pages registered by the customer to detect hacker attack attempts in real time. We classify attacks such as SQL Injection, Cross-Site Scripting (XSS), Web Scan, and provide various defense features needed for web security to respond immediately to new web attack types.
• Stable Web Service Operation Support: Respond to new security threats through web firewall signature patterns and firmware updates. Detect hacker attack attempts such as the top 10 OWASP (Open Web Application Security Project) attacks, the 8 major vulnerabilities identified by the National Intelligence Service, Zero-Day attacks, emerging web threats, and Bad Bots, to help operate efficient and stable web services.
• Convenient Security Management: Provides monthly reports, allowing you to conveniently review event details.

Service Architecture Diagram

Provided features

We provide the following features.

• Provides intrusion detection/analysis
  • 24x365 event monitoring (alert issuance, monthly report provision), however, the public-facing WAF service does not provide this.
  • Attack classification (Injection, XSS, File Include, File Up/Download, Web Scan, etc.) through web firewall event analysis
  • Detection of latest attack patterns (e.g., Apache Struts vulnerabilities)
• Intrusion Response
  • Provide IP information for attack attempts targeting registered URLs

Component

We install a WAF license on the Virtual Server within the VPC of Samsung Cloud Platform and provide the service.

Constraints

To use WAF, first verify the following items.

• If the WAF is configured as a single instance, service continuity cannot be guaranteed in the event of a failure of the WAF installation VM or the WAF application.
  • The Load Balancer and WAF of Samsung Cloud Platform do not support bypass.
• The security monitoring service provided by Samsung Cloud Platform is offered only for Pentasecurity products. (operation + monitoring product)
  • The public-facing WAF service does not provide security monitoring services.
• The WAF service is installed with direct support from an engineer, and it takes a certain amount of time from request to deployment.

Provision status by region

WAF is available in the environments below.

Prior Service

This is a list of services that must be pre-configured before applying for the service. For details, refer to the guide provided for each service and prepare in advance.

• When using the WAF service, a WAF license is installed on the Virtual Server and provided. Install a Virtual Server that matches the service specifications you want first.

2 - How-to guides

Users can apply for the service by entering the required information for using the WAF service through the Samsung Cloud Platform Console.

Apply for WAF

You can apply for and use the WAF service from the Samsung Cloud Platform Console.

To request the creation of a WAF service, follow these steps.

1. Click the All Services > Security > WAF menu. You will be taken to the WAF’s Service Home page.

2. On the Service Home page, click the WAF Service Request button. You will be taken to the Support Center > Service Request List > Service Request page.

3. Service Request page: enter or select the required information in the mandatory input fields.

   • Select WAF creation in the task type.

     Input field	Detailed description
     Title	Enter the title of the service request Example: WAF Service Creation Request
     Region	Select the location of the Samsung Cloud Platform Automatically filled with the region corresponding to the Account
     Service	Select the service category and service. If you click the WAF service request button, it is entered automatically Service Category: Security Service: WAF
     Task classification	Select the type you want to request Create WAF: select when requesting a new service
     content	Customer Basic Information Entry and Application Process Guide Content: End Customer/MSP Information
     Attachment	Upload the completed WAF service application (required) and any additional files you wish to share You can attach up to 5 files, each no larger than 5 MB Only doc, docx, xls, xlsx, ppt, ppts, hwp, txt, pdf, jpg, jpeg, png, gif, and tif files are allowed

     Table. WAF Service Creation Request Items

4. After reviewing the application process and reference information, click the Form Download > Service Request Form Download button to download the WAF Service Application Form.

5. Please complete the WAF Service Application.

   • Refer to the item descriptions in the Application Information and Monitoring Information tabs and complete the required fields.

     Category	Detailed description
     Application Information	Write required items such as application type, usage period, throughput information, basic information, etc.
     Monitoring information	Enter required items such as WAF service application information and SSL certificate information Public-sector customers do not need to fill this out

     Table. Main contents of the WAF service creation request form

6. Attach the completed application form in the attachment area.

7. Click the Request button on the service request page.

   • When the request is completed, check the submitted details on the Support Center > Service Request List page.

8. After the monitoring personnel review the submitted service request, they proceed with the process to use the service.

9. The WAF service is being launched.

Terminate WAF

To request termination of the WAF service, follow the steps below.

1. Click the All Services > Management > Support Center menu. Go to the Support Center > Service Home page.
2. On the Support Center Service Home page, click the Service Request button. You will be taken to the Service Request List page.
3. On the Service Request List page, click the Service Request button. You will be taken to the Service Request page.
4. Service Request page: enter or select the required information in the mandatory input fields.
   • Select WAF termination in the task type.

     Input field	Detailed description
     Title	Enter the title of the service request Example: WAF Service Termination Request
     Region	Select the location of the Samsung Cloud Platform automatically entered with the region corresponding to the Account
     Service	Select service category and service Service Category: Security Service: WAF
     Task classification	Select the type you want to request WAF termination: select if you are terminating the service
     content	Customer Basic Information Entry and Application Process Guide Content: End Customer/MSP Information
     Attachment	If you have a completed WAF service application (required) and any additional files you wish to share, proceed with the upload You can attach up to 5 files, each no larger than 5 MB Only doc, docx, xls, xlsx, ppt, ppts, hwp, txt, pdf, jpg, jpeg, png, gif, and tif files are allowed

     Table. Table. WAF service termination request items
5. After reviewing Application Process and Notes, click the Form Download > Service Request Form Download button to download the WAF Service Application Form.
6. Please complete the WAF Service Application.
   • Refer to the item descriptions in the Application Information and Monitoring Information tabs and complete the required fields.

     Category	Detailed description
     Application Information	Fill out required fields such as application type, usage period, transaction volume information, and basic information.
     Monitoring information	When terminating the entire service, no input is required.

     Table. Main contents of WAF service termination request form
7. Attach the completed application form to the attachment area.
8. Click the Request button on the service request page.
   • After the request is completed, verify the submitted information on the Support Center > Service Request list page.
9. After the monitoring staff verifies the submitted service request, the termination process is completed once the monitored URL, port, and IP are removed.
   • Service termination requires three business days, including the cancellation request date.

2.1 - WAF Build Process Guide

To start the WAF service, you need to apply for the service and then perform WAF license installation and monitoring integration verification. After you request the WAF service, the person in charge will review the service request details and contact you. Please refer to the process below to request the WAF service.

Preliminary preparation work

The preliminary preparation steps for using the WAF service are carried out according to the following procedure.

1. Submit a service request to install the WAF. (MSP → SDS)
2. Please request WAF SW installation. (SDS → Engineer)
3. Please provide the engineer information for the WAF installation work. (SDS → MSP)

Samsung Cloud Platform Console task (MSP execution)

To use the WAF service, the Samsung Cloud Platform Console performs the following steps.

1. Register an SSL certificate in the Certificate Manager service.
   • Application path: Samsung Cloud Platform Console > Security > Certificate Manager
   • Purpose: Operation
2. Create a Virtual Server service for WAF.
   • Application path: Samsung Cloud Platform Console > Compute > Virtual Server
   • Determine CPU, memory, and block storage capacity based on WAF specifications.
   • WAF Virtual Server specifications: view quotation
3. Create a Load Balancer service.
   • Application path: Samsung Cloud Platform Console > Networking > Load Balancer
4. Create an L7 service for SSL offloading.
5. Create an L4 service when load balancing is required for WAF redundancy.
6. Create an L4 service when load balancing is required for web server redundancy.
7. Configure the required Load Balancer/Firewall/Security Group.
   • Configure the Firewall and Security Group to match the Load Balancer’s communication path as follows.
   • The source inputs the user’s network information.

     Category	Common Security Zone FW	Internet Gateway FW	Load Balancer FW	Virtual Server SG
     Inbound (destination)	LB service public IP	LB service private IP	LB service private IP	LB Link IP
     IP (example)	123.43.8.xxx	10.10.0.xxx	10.10.0.xxx	192.168.254.xxx
     Port	LB service port	LB service port	LB service port	Forwarding/Health Check Port

     Table. FW/SG configuration items according to the Load Balancer's communication path
8. Configure HTTP redirection for the LB service. (Optional)
   • Set the Load Balancer’s HTTP redirection option as follows.

     LB service	L7 HTTP	L7 HTTPS
     LB Profile > Profile Type	Application	Application
     LB Profile > Service Classification	L7 HTTP	L7 HTTP
     LB Profile > HTTP Redirection	Settings	Not set
     IP/NAT IP	Set the same	Set the same
     service port	80	443
     forwarding port	80	80
     Server Group > When Using WAF	Not set	WAF Virtual Server
     Server Group > When WAF is not used	Not set	WEB Virtual Server
     Certificate registration	Unregistered	Register

     Table. Load Balancer HTTP redirection configuration items
9. Grant the WAF engineer access permissions to the Virtual Server for WAF.

WAF SW Installation and Test (WAF Engineer & MSP)

When the WAF specifications are finalized, the engineer installs the WAF software and conducts testing.

Policy request and implementation for WAF security monitoring

Create and apply policies required for WAF security monitoring.

1. Request the required policy from the Samsung Cloud Platform Console. (SDS → MSP)
2. Deliver and apply the created policy. (SDS → MSP)
3. Check the items that require policy registration. (Direct Connect Firewall/Security Group/Routing)
   • SDS → Verify that the WAF access path for each client is secured. If additional registration is required, request it by email.
   • Check whether the WAF → SIEM log transmission path is secured for each client. If additional registration is needed, request it via email.

Constraints

When installing the WAF, first check the following constraints before proceeding.

• When WAF is configured as a single instance, service continuity cannot be guaranteed in case of a failure of the WAF-installed Virtual Server or the WAF application. (Bypass is not supported between Samsung Cloud Platform LB and WAF)
• If service availability of the website where WAF is applied is critical, WAF redundancy must be implemented. If WAF redundancy is required, a separate request must be made.
• Security monitoring through the Samsung Cloud Platform service is available only for Penta Security products.
• Other vendors’ products are listed in the marketplace, but Samsung SDS security monitoring services are not offered.

3 - Release Note

WAF