There are two types of Network Security Model:
- Positive Security Model
- Negative Security Model
In this post, we will discuss Positive Security Model in detail.
Positive Security Model
While setting up Web facing applications, a lot of consideration is given to how the security posture for such applications would be like. Especially in case of large enterprise or Data Centers, Web Application Firewalls (WAFs) are an inseparable part of the security setup. These firewalls are required to implement security mechanism based on some standard approach. This is where a Positive Security Model comes to play, which is also called “Whitelist Model”. Positive security model is all about reducing the attack surface area by only allowing known so called good traffic only.
Let’s comprehend the model in more detail – Positive Security model blocks everything in the start and what is allowed is positive. This model is built on the concept of permitting specific, approved traffic, action and other functions. Due its positive behaviour and allowing only that traffic “which is positive”, this model is mostly used by firewalls and to provide a safer communication path. Positive Model WAF allows access to certain specific rules. This means that each rule which gets added renders greater access and contrary to this, having no rules in place will block everything by default.
Positive model is useful when you know what type of content you offer and you are well aware that what you need to allow i.e. which port for your webserver and the content on servers never changes. So that’s why a positive security model is required. Firewalls in a network works on this model. The main advantage of implementing a positive security model in the network is that zero-day attack can be prevented. However, there are some caveats to positive model i.e. if change in behaviour of an application occurs or its communication flow is modified, we need to create a new policy in order the application to work.
Gartner’s Magic quadrant rating is considered the de facto reference source for organizations to evaluate vendor products. In case of Web Application Firewalls, Gartner strictly considers Positive Security model support and its adherence as one of the key parameters to rate and categorize respective vendor product in the Magic Quadrant. Hence, customer buying is significantly impacted by Gartner’s rating.
To summarize, we can enlist some key attributes of positive security model as under –
- You decide what is valid, everything else will be blocked.
- Pros: Much Better protection compared to Negative Model.
- Cons: Requires “Whitelisting” to be performed in order to not block legitimate visitors. Also incurs additional overhead compared to “Negative Security Model”.