Using WAF to protect the university’s internal services in the Zero Trust structure

Abstract

The article presents the results of a pilot study on the use of a Web Application Firewall (Web Application Firewall or WAF) to protect the internal services of the information educational environment of the university (IEEU). It is shown that this task is extremely important in the context of globalization of education. The use of WAF is performed in the Zero Trust structure. The system was tested in two stages. Firstly, tools were used to automate the search for web vulnerabilities (web vulnerability scanners) IEEU. At the second stage, manual testing of applications for vulnerabilities of SQL injection, cross-site scripting and Path Traversal attacks was carried out. It is shown that the results obtained make it possible to improve the protection of services in the university’s local networks, which is important for achieving the ultimate goal effective protection of end users and IEEU services in the context of globalization of education. It has been established that the use of WAF in systems with zero trust is a fairly common option for protecting services within organizations, including educational ones. It is shown that the use of open WAF solutions in the Zero Trust structure allows you to more flexibly and personally adjust protection to the appropriate needs of university services.