Your SlideShare is downloading. ×
Kona Web Application Firewall Overview - Akamai at RSA Conference 2013
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Kona Web Application Firewall Overview - Akamai at RSA Conference 2013

1,597
views

Published on

Web application performance and security are critical to innovation. Akamai's Web Application Firewall (WAF) is a highly scalable edge defense service architected to detect and mitigate potential …

Web application performance and security are critical to innovation. Akamai's Web Application Firewall (WAF) is a highly scalable edge defense service architected to detect and mitigate potential attacks, including SQL injection attacks, in HTTP and HTTPs traffic as they pass through Akamai's Intelligent Platform in their attempt to reach origin data centers.

WAF is designed to scale instantly to preserve performance and filter attack traffic close to the source, protecting your infrastructure and keeping your web applications up and running. Learn more about Kona Security Solutions: http://www.akamai.com/html/solutions/kona-solutions.html

Learn more about Akamai's presence at RSA Conference 2013: http://www.akamai.com/html/ms/rsa_conference_2013.html

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,597
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
56
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • NOTE: You can click on the black bars and adjust the length to fit your text. If your main title goes beyond one line, please remember to move the subtitle bar down a bit in order to keep some space between it and the main title bar. If you do not need a subtitle, you can delete that bar entirely.
  • Attacks are becoming more sophisticated with multi-vector attacks often hiding the real motivations of attackers. On top of this it has become even easier to carry out different attacks – a quick Google search and anyone with basic tech skills can download these tools and join the fight…
  • LOIC basically turns your computer's network connection into a firehose of garbage requests, directed towards a target web server. On its own, one computer rarely generates enough TCP, UDP, or HTTP requests at once to overwhelm a web server—garbage requests can easily ignored while legit requests for web pages are responded to as normal. But when thousands of users run LOIC at once, the wave of requests become overwhelming, often shutting a web server (or one of its connected machines, like a database server) down completely, or preventing legitimate requests from being answered. What is HOIC? - High-speed multi-threaded HTTP Flood - Simultaneously flood up to 256 websites at once - Built in scripting system to allow the deployment of 'boosters', scripts designed to thwart DDoS counter measures and increase DoS output. - Easy to use interface - Can be ported over to Linux/Mac with a few bug fixes (I do not have either systems so I do  - Ability to select the number of threads in an ongoing attack - Ability to throttle attacks individually with three settings: LOW, MEDIUM, and HIGH and its written in a language where you can do a bunch of really nifty things just read the RealBasic manual, ;] also no Dependencies (single executable)
  • Implemented in 10’000s of Akamai Edge Servers
  • We still defend against “old school” DdoS as well as we ever did….distributed networks, offload DNS, caching content. But there are new attacks that we must evolve our defenses to defend. \\These are the things you’ll be able to defend against – stealthier attacks, more advanced attacks: How do we do this, new rules: Slow post, Slow loris, LOIC are now, HOIC Replace RTR with DLR in Security Monitor (is this Channel Partner Foundations – Today there are no tools for partners to implement Kona 2.0. Partner Focused Enhancements. They made some foundational tools.. WAF ModSecurity Core Rule Set 2.2.6 Includes anomaly scoring and migration wizard Anomaly scoring – related to the HTTP request. Adding the ability to score HTTP requests, provides a means to better assess the risk. Configurable policy to deny. WAF common rules sets: we see lots of attacks, create new rules for all of them. With 2.0 (free to 1.0 customers) the rule set is available. Getting the rules probabaly requires PS engagement. Advanced Rate Controls: protect against more sophisticated attacks, helps address malicious behavior --- behavioral controls. For example: (John has details)
  • Close on the brand message – you can use the following sample text to speak to this closing brand slide. (Akamai is making your media more mobile, enabling “Any experience, any device, anywhere.” Our goal is to ultimately help you accelerate your business. [Corey]) (Today's best online experiences have been Akamaized . We’re here to help you reach mobile workforces, and 24/7 consumers with any experience on any device, anywhere. And to ultimately help you accelerate your business. [Ravi]) (Akamai’s Application & Cloud Performance Solutions enable you to control your applications, control your costs, and control your cloud, offering you the agility that you need to accelerate your business. [Willie]) (Akamai offers you solutions to revolutionize your media strategy and engage users with any experience, on any device, anywhere, to grow your audience and grow your business. [Bill]) (Mobilize, optimize, and monetize your business, providing a high performance experience to your 24/7 consumers so that you can accelerate your online retail strategies. [Pedro]) (Block threats, not performance, in this ever-evolving hyperconnected world. Securely reach your users on any device, anywhere so you can accelerate your business. [John]) (Akamai helps you connect to users on any device, anywhere, removing the complexities of privacy, security, and rights management, while also allowing businesses to spend advertising dollars more effectively. [Khan])
  • Platform provides an additional layer of defense and moves the perimeter of defense out to the Edge of the Internet and then goes into the network layer value of that architecture The Akamai platform automatically (** if you’re buying acceleration…** protects against: SYN flood and other TCP attacks UDP attacks HTTP slow client (“drip feed”) attacks HTTP Request Smuggling attacks HTTP Response Splitting attacks The platform only accepts valid HTTP requests on port 80 and 443!
  • Implemented in 10’000s of Akamai Edge Servers Requests causing too many Origin errors (404, 5XX)
  • Implemented in 10’000s of Akamai Edge Servers Requests causing too many Origin errors (404, 5XX)
  • Close on the brand message – you can use the following sample text to speak to this closing brand slide. (Akamai is making your media more mobile, enabling “Any experience, any device, anywhere.” Our goal is to ultimately help you accelerate your business. [Corey]) (Today's best online experiences have been Akamaized . We’re here to help you reach mobile workforces, and 24/7 consumers with any experience on any device, anywhere. And to ultimately help you accelerate your business. [Ravi]) (Akamai’s Application & Cloud Performance Solutions enable you to control your applications, control your costs, and control your cloud, offering you the agility that you need to accelerate your business. [Willie]) (Akamai offers you solutions to revolutionize your media strategy and engage users with any experience, on any device, anywhere, to grow your audience and grow your business. [Bill]) (Mobilize, optimize, and monetize your business, providing a high performance experience to your 24/7 consumers so that you can accelerate your online retail strategies. [Pedro]) (Block threats, not performance, in this ever-evolving hyperconnected world. Securely reach your users on any device, anywhere so you can accelerate your business. [John]) (Akamai helps you connect to users on any device, anywhere, removing the complexities of privacy, security, and rights management, while also allowing businesses to spend advertising dollars more effectively. [Khan])
  • Transcript

    • 1. Application Firewall (WAF)onference 2013
    • 2. bercrime Landscape in 2013 …and easier t carry ou ereed...
    • 3. From Network to Application Layer Application Layer Where  increasing   number  of  a2acks   (Layer 7) are  focused   Target  of   Network Layer Tradi,onal   (Layers 3/4) DDoS   A2acks  
    • 4. pplication Firewall Highlightsates at the network edge – over 100,000 servers cts requests and responses for malicious content and info le cts packets to protect against attacks such as SQL Injectionss-Site Scripts gurable to log or block activities against policy cts organizations against application layer attacks propagateP and HTTPS les compliance with PCI DSS 1.2 section 6.6 des advanced rate controls (behavioral based protections)agates quickly (~30 minutes) gured via portal
    • 5. ecurity Solutions 2.0urity Rule Updatele Set 2.2.6CRS supportCommon Rulesn Akamai’s unique view% of internet traffic d Rate Controls ID; Client-IP+User-Agentgrade Wizard
    • 6. Appendix & Details
    • 7. Intelligent Platform™g Network Layer Attacks at the Edgeayer attack mitigation Examples of attacks types droppedotection is “always on” at Akamai Edge80 (HTTP) or Port 443 (HTTPS) traffic §  UDP Fragmentsn Platform §  ICMP Floodsr traffic dropped at the Akamai Edge §  SYN Floodsk traffic never makes it onto Platform §  ACK Floods mer not charged for traffic dropped at Edges attack requests without requiring identification §  RESET Floods s CNAME onto Akamai Intelligent Platform §  UDP Floodsttacks through massive scales average throughput; up to 8Tbpson of HTTP request traffic across 100,000+ ,100+ networks ting, added latency, or point of failure
    • 8. Rulesplication Firewall tion The ResultCustom Rules implemented §  New rule logic can be built tomai metadata written by specific use cases for the cus i Professional Services §  Rules can be built that execut are created and managed in one or more baseline rules ormer portal control rules match are then associated with §  Output of application vulnerab l policies and deployed with products can be implemented n 45 minutes “virtual patches” §  Advanced piping to user valid actions can be achieved (prio
    • 9. Rulesplication Firewall tion The ResultCustom Rules implemented §  New rule logic can be built tomai metadata written by specific use cases for the cus i Professional Services §  Rules can be built that execut are created and managed in one or more baseline rules ormer portal control rules match are then associated with §  Output of application vulnerab l policies and deployed with products can be implemented n 45 minutes “virtual patches” §  Advanced piping to user valid actions can be achieved (prio
    • 10. e Rate Controlss Behavior Detectiony number of requests per §  Statistics collected for 3 requed against a given URL o  Client Request – Client to Akamaols requests based on behavior o  Forward Request – Akamai Servn – not request structure o  Forward Response – Origin to Aclient IP address, session ID, cookies, etc. §  Statistics collected allow us toure rate categories to large proxies and pick out a m request rates against digital user hiding behind a proxytieste rate-based DDoS attacks §  Statistics collected allow for dete of pathological behavior by a clie o  Request rate is excessive for an o  Requests causing too many Orig
    • 11. e Rate Controlss Behavior Detectiony number of requests per §  Statistics collected for 3 requed against a given URL o  Client Request – Client to Akamaols requests based on behavior o  Forward Request – Akamai Servn – not request structure o  Forward Response – Origin to Aclient IP address, session ID, cookies, etc. §  Statistics collected allow us toure rate categories to large proxies and pick out a m request rates against digital user hiding behind a proxytieste rate-based DDoS attacks §  Statistics collected allow for dete of pathological behavior by a clie o  Request rate is excessive for an o  Requests causing too many Orig
    • 12. y Monitor (1 of 3) Timeline of Requests by Hour Visual Display of Requests by Geography Requests by WAF Rule ID Requests Requests by WAF Message by WAF Tag
    • 13. y Monitor (2 of 3) Multiple ways to display request statistics
    • 14. y Monitor (3 of 3) Requests by City Requests by ARLs being Client IP address attacked