A security administrator is deploying a firewall solution specifically to protect a public-facing web server from attacks like SQL injection and cross-site scripting (XSS). At which layer of the OSI model does this type of specialized firewall primarily operate?
A Web Application Firewall (WAF) is designed to protect web applications from application-layer attacks such as SQL injection and cross-site scripting (XSS). It operates at Layer 7 (the Application layer) of the OSI model, where it can inspect the content of HTTP and HTTPS traffic. Traditional network firewalls operate at Layer 3 (Network) and Layer 4 (Transport), filtering traffic based on IP addresses and ports, and cannot inspect the application-specific data needed to stop these attacks. Layer 2 is the Data Link layer, which handles node-to-node data transfer using MAC addresses.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the OSI model?
Open an interactive chat with Bash
What functions do traditional firewalls perform?
Open an interactive chat with Bash
What types of attacks do Web Application Firewalls protect against?