Cloud Engineering
Communications & Media

Web App Firewall for Increased Security

Build a highly available and recoverable solution for a client that required enhanced security for an on-prem network serving government contracts with classified information. This project led to building out a similar solution for another on-prem location at a larger scale. 

Problem Statement

This client had government contracts and maintained applications that contained classified information, making them highly desirable targets for security events. These contracts required the client to build a more robust security stance than was necessary for their corporate customers.

Solution Approach

Due to past successful engagements with the client, they hired Trility to help enhance on-prem security posture by building a highly available solution for their people to manage and meet business continuity/disaster recovery requirements. 

The client sought to leverage a Web Application Firewall (WAF) and DNS filter appliances. They also wanted it configured for only the traffic that needed protection. Trility configured the WAF using the current OWASP Top 10 threats to defend against: Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration, Vulnerable and Outdated Components, Identification and Authentication Failures, Software and Data Integrity Failures, Security Logging and Monitoring Failures, and Server-Side Request Forgery (SSRF).

The authorization application serves as the first line of defense and is protected by the WAF, and the DNS proxy filters all outbound queries. The client’s development team created and curated the script to update the DNS allow list as needed. 

Outcomes

The client achieved a trusted zone network with a DNS Data filter that allowed their team to maintain and manage the out-of-bound (OOB) traffic. This highly available and recoverable solution serves as the gatekeeper for their government contracts and helps this client maintain and strengthen their business position in the industry.

The client hired Trility to build out the solution for another on-prem location at a larger scale.

Project Attributes

  • Reduced Risk
  • Reduced Technical Debt
  • Increased Security
  • Coaching
  • Documentation

Technologies Used

  • WAF
  • DNS Filter
  • Citrix VDI
  • Filter Transfer Service
  • SecureAuth MFA