Web Application Firewall (WAF) - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Web Application Firewall (WAF)

Description:

You can click on the black bars and adjust the length to fit your text. If your main title goes beyond one line, please remember to move the subtitle bar down a bit ... – PowerPoint PPT presentation

Number of Views:3601
Avg rating:3.0/5.0
Slides: 17
Provided by: akamaiCom
Category:

less

Transcript and Presenter's Notes

Title: Web Application Firewall (WAF)


1
Web Application Firewall (WAF)
  • RSA Conference 2013

2
The Cybercrime Landscape in 2013
Source hackmageddon.com/
3
Moving From Network to Application Layer
Target of Traditional DDoS Attacks
Network Layer (Layers 3/4)
4
Web Application Firewall Highlights
  • Operates at the network edge over 100,000
    servers
  • Inspects requests and responses for malicious
    content and info leakage
  • Inspects packets to protect against attacks such
    as SQL Injections Cross-Site Scripts 
  • Configurable to log or block activities against
    policy
  • Protects organizations against application layer
    attacks propagated via HTTP and HTTPS
  • Enables compliance with PCI DSS 1.2 section 6.6
  • Provides advanced rate controls (behavioral based
    protections)
  • Propagates quickly (30 minutes)
  • Configured via portal

5
Kona Security Solutions 2.0
  • ModSecurity Rule Update
  • Core Rule Set 2.2.6
  • Legacy CRS support
  • Akamai Common Rules
  • Based on Akamais unique view
  • 20 25 of internet traffic
  • Advanced Rate Controls
  • Session-ID Client-IPUser-Agent
  • Rule Upgrade Wizard

6
(No Transcript)
7
  • Appendix Details

8
Akamai Intelligent PlatformDeflecting Network
Layer Attacks at the Edge
  • Network Layer attack mitigation
  • Built-in protection is always on
  • Only Port 80 (HTTP) or Port 443 (HTTPS) traffic
    allowed on Platform
  • All other traffic dropped at the Akamai Edge
  • Attack traffic never makes it onto Platform
  • Customer not charged for traffic dropped at Edge
  • Absorbs attack requests without requiring
    identification
  • Requires CNAME onto Akamai Intelligent Platform
  • Absorbs attacks through massive scale
  • 5.5 Tbps average throughput up to 8Tbps
  • Distribution of HTTP request traffic across
    100,000 servers 1,100 networks
  • No re-routing, added latency, or point of failure
  • Examples of attacks types dropped at Akamai Edge
  • UDP Fragments
  • ICMP Floods
  • SYN Floods
  • ACK Floods
  • RESET Floods
  • UDP Floods

9
Custom RulesWeb Application Firewall
  • Description
  • WAF Custom Rules implemented in Akamai metadata
    written by Akamai Professional Services
  • Rules are created and managed incustomer portal
  • Rules are then associated with firewall
    policies and deployed with WAF in 45 minutes
  • The Result
  • New rule logic can be built to handle specific
    use cases for the customer
  • Rules can be built that execute whenone or more
    baseline rules or rate control rules match
  • Output of application vulnerability products
    can be implemented as virtual patches
  • Advanced piping to user validation actions can
    be achieved (prioritization)

10
Custom RulesWeb Application Firewall
  • Description
  • WAF Custom Rules implemented in Akamai metadata
    written by Akamai Professional Services
  • Rules are created and managed incustomer portal
  • Rules are then associated with firewall
    policies and deployed with WAF in 45 minutes
  • The Result
  • New rule logic can be built to handle specific
    use cases for the customer
  • Rules can be built that execute whenone or more
    baseline rules or rate control rules match
  • Output of application vulnerability products
    can be implemented as virtual patches
  • Advanced piping to user validation actions can
    be achieved (prioritization)

11
Adaptive Rate ControlsMalicious Behavior
Detection
  • Specify number of requests per second against a
    given URL
  • Controls requests based on behavior pattern not
    request structure
  • Use client IP address, session ID, cookies, etc.
  • Configure rate categories to control request
    rates against digital properties
  • Mitigate rate-based DDoS attacks
  • Statistics collected for 3 request phases
  • Client Request Client to Akamai Server
  • Forward Request Akamai Server to Origin
  • Forward Response Origin to Akamai Server
  • Statistics collected allow us to ignore large
    proxies and pick out a malicious user hiding
    behind a proxy
  • Statistics collected allow for detection of
    pathological behavior by a client
  • Request rate is excessive for any stage
  • Requests causing too many Origin errors

12
Adaptive Rate ControlsMalicious Behavior
Detection
  • Specify number of requests per second against a
    given URL
  • Controls requests based on behavior pattern not
    request structure
  • Use client IP address, session ID, cookies, etc.
  • Configure rate categories to control request
    rates against digital properties
  • Mitigate rate-based DDoS attacks
  • Statistics collected for 3 request phases
  • Client Request Client to Akamai Server
  • Forward Request Akamai Server to Origin
  • Forward Response Origin to Akamai Server
  • Statistics collected allow us to ignore large
    proxies and pick out a malicious user hiding
    behind a proxy
  • Statistics collected allow for detection of
    pathological behavior by a client
  • Request rate is excessive for any stage
  • Requests causing too many Origin errors

13
Security Monitor (1 of 3)
Timeline of Requests by Hour
Visual Display of Requests by Geography
Requests by WAF Rule ID
Requests by WAF Message
Requests by WAF Tag
14
Security Monitor (2 of 3)
Multiple ways to display request statistics
15
Security Monitor (3 of 3)
Requests by City
Requests by Client IP address
ARLs being attacked
16
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com