Implementing Azure Web Application Firewall
As we continue with our defense-in-depth strategy, we should look at the different types of traffic on the network, their protocols, and their direction, such as inbound/outbound and lateral traffic flows; this can be referred to as north/south and east/west traffic.
We should evaluate the most appropriate defense mechanism based on our desired outcomes. If we allow any HTTP(s) protocols into our Azure networks, such as to allow access to web applications, we need to implement measures to protect against Layer 7 web protocol attacks, such as cross-site scripting and SQL injection.
This outcome can be achieved by implementing a Layer 7 Web Application Firewall (WAF), rather than a Layer 4 network firewall.
It is important to note that a traditional Layer 4 network firewall will not offer protection against these inbound Layer 7 attacks; an Intrusion Detection and Prevention System (IDPS) solution will also be ineffective in detecting...
