![Web Application Firewall (noun) [Word Notes] - Hacking Humans cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2F81b1d6b4-1647-11f1-93dc-c3456fa477c7%2Fimage%2F441b0ca2db080b93b935568d381ce462.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1200&q=75)
Episode Overview
Podcast: Hacking Humans – N2K Networks
Episode: "Web Application Firewall (noun) [Word Notes]"
Date: March 3, 2026
This episode explores the concept, history, and evolution of the Web Application Firewall (WAF) within cybersecurity. Drawing on notable moments, expert commentary, and a memorable story from Bell Labs, the discussion highlights how WAFs fit into the larger landscape of network security and their evolving role in defending against application-layer threats.
Key Discussion Points & Insights
What is a Web Application Firewall? (01:28)
- Definition:
- "A layer 7 firewall designed to block threats at the application layer of the Open System Interconnection model. The OSI model." (B, 01:28)
- Example Use:
- "With a web application firewall or WAF, firewall administrators can make rules like the marketing group can go to Facebook, but the sales group can't." (B, 01:55)
Historical Evolution of Firewalls (02:00-06:10)
- First Generation (Late 1980s):
- Initial research on firewall technology by Jeff Mogul, Brian Reed, and Paul Vicsey (Digital Equipment Corporation) (02:06)
- Second Generation (1989-1990):
- Dave Presotto and Howard Trickey (Bell Labs) developed circuit relay firewalls and implemented early application layer firewalls (02:15)
- Third Generation (1990-1991):
- Gene Spafford (Purdue), Bill Cheswick (Bell Labs), and Marcus Ranum independently advanced application layer firewalls, paving the way for future innovation (02:22)
- Commercialization (1992):
- Digital Equipment Corporation shipped "Deck Seal"—the first commercial firewall, including proxies from Marcus Ranum (02:31)
- Stateful Inspection (1994):
- Check Point Software released the first stateful inspection commercial firewall (layer 3: rules based on IPs, ports, protocols) (02:40)
- William Cheswick and Steve Bellavin published "Firewalls and Internet Security: Repelling the Wily Hacker," the first book on firewall technology (02:53)
Motivations for Firewalls: Not Just for Keeping Out Hackers (03:04)
- Many early firewall concepts were developed "not to keep intruders out... but to keep employees from going to bad places on the Internet." (B, 03:16)
Next Generation Firewalls (2007-onward) (03:28)
- Palo Alto Networks:
- Launched the first next-generation firewall, supporting both Layer 3 (network) and Layer 7 (application) policies (03:30)
- Introduced controls based on authenticated user actions and specific applications (03:41)
The Rise of Security Orchestration and Web Gateways (Early 2010s) (03:50-04:27)
- Firewalls evolved into "Swiss army knives" of security — combining multiple functions like intrusion detection, anti-malware, etc., in one box.
- Secure web gateways emerged, focusing specifically on endpoint user web traffic and simplifying policy control at the application level (03:55-04:13)
WAF vs. Secure Web Gateway (04:14)
- Secure Web Gateway:
- “Abandoned the orchestration engine idea and just performed layer 7 policy functions, but specifically for endpoint user web traffic.”
- Web Application Firewall:
- “Can do most of the same things as secure web gateways, plus some basic heuristics and anomaly detection to prevent exploitation of application vulnerabilities.” (B, 04:24)
Notable Quotes and Memorable Moments
The Bell Labs Firewall and the Morris Worm (06:11–07:56)
- Bill Cheswick describes being hired at Bell Labs and his introduction to firewall technology:
- "I decided even if at the end of the day they decided I was a jerk and they never wanted to see me again, it was a pretty remarkable day. And it turns out they hired me." (C, 06:39)
- Taking over as postmaster and inheriting firewall responsibilities:
- "I volunteered to work as postmaster, which is kind of like volunteering to be proctologist. It's a thankless job because if you get it right, nobody notices and if you don't, they're really pissed off with you." (C, 06:59)
- "I also took over a prototype firewall...started running it." (C, 07:05)
- Firewall vs. the Morris Worm:
- "About a year later the Morris worm came out and our firewall stopped it. In fact, I woke up the morning the Morris worm hit the Internet and a friend...said, there's something bad on the Internet, you might want to check it out...There was Peter Weinberger on the phone...saying, did you get the worm? We didn't." (C, 07:16)
- "And of course it was my firewall that was keeping it out." (C, 07:56)
Important Timestamps
- 01:28 — Introduction of the term "Web Application Firewall" and its definition
- 02:00–04:27 — Detailed history and technological progression of firewalls, from foundational work to next-generation products
- 04:14 — Comparison between Secure Web Gateways and Web Application Firewalls
- 06:11–07:56 — Bill Cheswick’s personal account of early firewall experiments at Bell Labs, including the Morris worm incident
Conclusion
This episode provides a robust, engaging primer on Web Application Firewalls, placing them within the larger story of firewall technology and enterprise network defense. From technical definitions and practical use cases to historical anecdotes and professional milestones, listeners gain both foundational knowledge and a deeper appreciation for the persistent evolution in cybersecurity defenses. Key voices like Bill Cheswick bring the material to life, connecting present-day WAFs to their sometimes-unexpected origins in the annals of computing history.