Scribd Logo
Upload

Welcome to Scribd!

  • Akamai Kona WAF Help Manual

    Uploaded by

    SamarRoy
    648 views39 pages
    akamai kona WAF Help Manual, Web application firewall and site security

    Original Title

    akamai kona WAF Help Manual

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    akamai kona WAF Help Manual, Web application firewall and site security

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    648 views39 pages

    Akamai Kona WAF Help Manual

    Uploaded by

    SamarRoy
    akamai kona WAF Help Manual, Web application firewall and site security

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 39

    Web Application Firewall

    2012 Akamai FASTER FORWARD


    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    What Were Seeing
    Attacks Are Happening On Multiple Levels
    Target of
    Traditional
    DDoS
    Attacks
    Network Layer
    (Layers 3/4)
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    What Were Seeing
    Attacks Are Happening On Multiple Levels
    Target of
    Traditional
    DDoS
    Attacks
    Network Layer
    (Layers 3/4)
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    What Were Seeing
    Attacks Are Happening On Multiple Levels
    Target of
    Traditional
    DDoS
    Attacks
    Network Layer
    (Layers 3/4)
    Application Layer
    (Layer 7)
    Where increasing
    number of attacks
    are focused
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Web Attacks Are Getting More Sophisticated (e.g. multi-
    vector)
    Layers 3&4, Layer 7, DNS, Direct-to-Origin, Large, Small & Stealthy
    Unreported
    37%
    SQL Injection (SQLi)
    27%
    Denial of Service
    23%
    Banking Trojan, 3%
    Brute Force, 3%
    Cross-Site Request Forgery, 2%

    Predictable Resource
    Location, 2%
    Stolen Credentials, 2%
    Clickjacking, 1%
    What Attack Methods do Hackers Use?
    Source: TrustWave Spider Labs - 2011 - Web Hacking Incident Database
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Web Applications (Layer 7) Are Increasingly Targeted
    ~10,000,000 More Attacks in 1H2011 over 1H2010 (~45% increase)
    0
    5,000,000
    10,000,000
    15,000,000
    20,000,000
    25,000,000
    30,000,000
    35,000,000
    2009 2010 1H2011
    Total # Web Application
    Attacks at Mid-Year 20092011
    Source: HP CyberSecurity Risks Report 1H2011
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Web Applications (Layer 7) Are Increasingly Targeted
    ~10,000,000 More Attacks in 1H2011 over 1H2010 (~45% increase)
    63%
    37%
    Layer 3/4 Attacks versus non-
    Web Layer 7 Attacks 1H2011
    Layer 3/4 Attacks
    Layer 7 Attacks
    0
    5,000,000
    10,000,000
    15,000,000
    20,000,000
    25,000,000
    30,000,000
    35,000,000
    2009 2010 1H2011
    Total # Web Application
    Attacks at Mid-Year 20092011
    Source: HP CyberSecurity Risks Report 1H2011
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    On the Web, the Application is the Perimeter
    Firewall
    Hardware WAF
    App server
    DB
    Web server
    Traditional Data Center Security
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    In-The-Cloud Security
    On the Web, the Application is the Perimeter
    Firewall
    Hardware WAF
    App server
    DB
    Web server
    Traditional Data Center Security
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    In-The-Cloud Security
    On the Web, the Application is the Perimeter
    The threats are distributed, your response needs to be distributed!
    Firewall
    Hardware WAF
    App server
    DB
    Web server
    Traditional Data Center Security
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense

    Akamai Intelligent Platform
    Deflecting Network Layer Attacks at the Edge
    Network Layer attack mitigation
    ! Built-in protection is always on
    ! Only Port 80 (HTTP) or Port 443 (HTTPS) traffic
    allowed on Platform
    o All other traffic dropped at the Akamai Edge
    Attack traffic never makes it onto Platform
    Customer not charged for traffic dropped at Edge
    o Absorbs attack requests without requiring identification
    o Requires CNAME onto Akamai Intelligent Platform

    Absorbs attacks through massive scale
    ! ~5.5 Tbps average throughput; up to 8Tbps
    ! Distribution of HTTP request traffic across 100,000+
    servers; 1,100+ networks
    ! No re-routing, added latency, or point of failure
    Examples of attacks types dropped
    at Akamai Edge
    ! UDP Fragments
    ! ICMP Floods
    ! SYN Floods
    ! ACK Floods
    ! RESET Floods
    ! UDP Floods
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense

    Web Application Protection
    Web Application Firewall
    Application-layer controls
    ! Does deep packet inspection to protect
    against attacks such as SQL Injections
    & Cross-Site Scripts
    Custom Rules
    ! Create policy-based rules that are
    enforced before or after execution of the
    application layer controls
    ! Serve as Virtual Patches for new
    website vulnerabilities


    Network Layer Controls
    ! Allow or restrict requests from
    specific IP addresses
    Protect customer Origin from
    application layer attacks
    ! Implements IP Blacklists & Whitelist
    ! Geo blocking
    ! 10,000 CIDR entries supported
    Named lists e.g., Tor exit nodes
    30 45 minute deployment
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense

    Custom Rules
    Web Application Firewall
    Description
    ! WAF Custom Rules implemented
    in Akamai metadata written by
    Akamai Professional Services
    ! Rules are created and managed in
    customer portal
    ! Rules are then associated with
    firewall policies and deployed with
    WAF in 45 minutes
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense

    Custom Rules
    Web Application Firewall
    Description
    ! WAF Custom Rules implemented
    in Akamai metadata written by
    Akamai Professional Services
    ! Rules are created and managed in
    customer portal
    ! Rules are then associated with
    firewall policies and deployed with
    WAF in 45 minutes
    The Result
    ! New rule logic can be built to handle
    specific use cases for the customer
    ! Rules can be built that execute when
    one or more baseline rules or rate
    control rules match
    ! Output of application vulnerability
    products can be implemented as
    virtual patches
    ! Advanced piping to user validation
    actions can be achieved (prioritization)
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense

    Custom Rules
    Web Application Firewall
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Adaptive Rate Controls
    Malicious Behavior Detection
    ! Specify number of requests per
    second against a given URL
    o Controls requests based on behavior
    pattern not request structure
    Use client IP address, session ID, cookies, etc.
    ! Configure rate categories to
    control request rates against digital
    properties
    Mitigate rate-based DDoS attacks
    ! Statistics collected for 3 request phases
    o Client Request Client to Akamai Server
    o Forward Request Akamai Server to Origin
    o Forward Response Origin to Akamai Server
    ! Statistics collected allow us to ignore large
    proxies and pick out a malicious user
    hiding behind a proxy
    ! Statistics collected allow for detection
    of pathological behavior by a client
    o Request rate is excessive for any stage
    o Requests causing too many Origin errors

    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Adaptive Rate Controls
    Malicious Behavior Detection
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Adaptive Rate Controls
    Malicious Behavior Detection
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Rate Controls Use Case: Blocking IPs Causing Origin Errors
    1. Count the number of Forward Responses that return a 404 error code
    2. Block any IP address that exceeds 5 errors per second
    Client
    Request
    Forward
    Request
    Response
    code 404
    Customer
    Origin
    Akamai
    Edge Server
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Rate Controls Use Case: Blocking IPs Causing Origin Errors
    1. Count the number of Forward Responses that return a 404 error code
    2. Block any IP address that exceeds 5 errors per second
    Client
    Request
    Forward
    Request
    Response
    code 404
    Customer
    Origin
    Akamai
    Edge Server
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Rate Controls Use Case: Blocking IPs Causing Origin Errors
    1. Count the number of Forward Responses that return a 404 error code
    2. Block any IP address that exceeds 5 errors per second
    Client
    Request
    Forward
    Request
    Response
    code 404
    Customer
    Origin
    Akamai
    Edge Server
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Rate Controls Use Case: Blocking IPs Causing Origin Errors
    1. Count the number of Forward Responses that return a 404 error code
    2. Block any IP address that exceeds 5 errors per second
    Client
    Request
    Forward
    Request
    Response
    code 404
    Customer
    Origin
    Akamai
    Edge Server
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Rate Controls Use Case: Blocking IPs Causing Origin Errors
    1. Count the number of Forward Responses that return a 404 error code
    2. Block any IP address that exceeds 5 errors per second
    Client
    Request
    Forward
    Request
    Response
    code 404
    Customer
    Origin
    Akamai
    Edge Server
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Rate Controls Use Case: Blocking IPs Causing Origin Errors
    1. Count the number of Forward Responses that return a 404 error code
    2. Block any IP address that exceeds 5 errors per second
    Client
    Request
    Forward
    Request
    Response
    code 404
    Customer
    Origin
    Akamai
    Edge Server
    X
    Custom
    Error page
    Automatic Origin Abuse Mitigation!
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Use Case 2: Validate IPs Causing High Origin Load
    1. Count the number of Forward Requests
    2. Validate any IP address that exceeds 20 Forward Requests per second
    Forward
    Request
    Forward
    Response
    Customer
    Origin
    Akamai
    Edge Server Client
    Request
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Use Case 2: Validate IPs Causing High Origin Load
    1. Count the number of Forward Requests
    2. Validate any IP address that exceeds 20 Forward Requests per second
    Forward
    Request
    Customer
    Origin
    Akamai
    Edge Server Client
    Request
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Use Case 2: Validate IPs Causing High Origin Load
    1. Count the number of Forward Requests
    2. Validate any IP address that exceeds 20 Forward Requests per second
    Forward
    Request
    Customer
    Origin
    Akamai
    Edge Server Client
    Request
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Use Case 2: Validate IPs Causing High Origin Load
    1. Count the number of Forward Requests
    2. Validate any IP address that exceeds 20 Forward Requests per second
    Forward
    Request
    Customer
    Origin
    Akamai
    Edge Server Client
    Request
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Use Case 2: Validate IPs Causing High Origin Load
    1. Count the number of Forward Requests
    2. Validate any IP address that exceeds 20 Forward Requests per second
    Customer
    Origin
    X
    Custom
    Error page
    Automatic Origin Overload Prevention!
    Akamai
    Edge Server Client
    Request
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Security Monitor (1 of 3)
    Timeline of Requests
    by Hour
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Security Monitor (1 of 3)
    Visual Display of
    Requests by
    Geography
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Security Monitor (1 of 3)
    Requests by
    WAF Rule ID
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Security Monitor (1 of 3)
    Requests
    by WAF Message
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Security Monitor (1 of 3)
    Requests
    by WAF Tag
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Security Monitor (2 of 3)
    Multiple ways
    to display
    request statistics
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Security Monitor (3 of 3)
    Requests by
    City
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Security Monitor (3 of 3)
    Requests by
    Client IP address
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Security Monitor (3 of 3)
    ARLs being
    attacked
    2012 Akamai FASTER FORWARD
    TM
    Web Application
    Firewall
    Compliance
    Payment
    Tokenization
    Web Application
    Firewall
    Website
    Defense
    Any experience. Any device. Anywhere.

    You might also like