Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Application Firewall (WAF) RSA ® Conference 2013.

Published byChad Jesse Berry Modified over 8 years ago

Similar presentations

Presentation on theme: "Web Application Firewall (WAF) RSA ® Conference 2013."— Presentation transcript:

1 Web Application Firewall (WAF) RSA ® Conference 2013

2 ©2013 AKAMAI | FASTER FORWARD TM The Cybercrime Landscape in 2013 Attacks have become more sophisticated... …and easier to carry out Source: hackmageddon.com/ …industry agnostic...

3 ©2013 AKAMAI | FASTER FORWARD TM Moving From Network to Application Layer Target of Traditional DDoS Attacks Network Layer (Layers 3/4) Application Layer (Layer 7) Where increasing number of attacks are focused

4 ©2013 AKAMAI | FASTER FORWARD TM Web Application Firewall Highlights Operates at the network edge – over 100,000 servers Inspects requests and responses for malicious content and info leakage Inspects packets to protect against attacks such as SQL Injections & Cross-Site Scripts Configurable to log or block activities against policy Protects organizations against application layer attacks propagated via HTTP and HTTPS Enables compliance with PCI DSS 1.2 section 6.6 Provides advanced rate controls (behavioral based protections) Propagates quickly (~30 minutes) Configured via portal

5 ©2013 AKAMAI | FASTER FORWARD TM Kona Security Solutions 2.0 ModSecurity Rule Update Core Rule Set 2.2.6 Legacy CRS support Akamai Common Rules Based on Akamai’s unique view 20 – 25% of internet traffic Advanced Rate Controls Session-ID; Client-IP+User-Agent Rule Upgrade Wizard

6 ©2013 AKAMAI | FASTER FORWARD TM

7 Appendix & Details

8 ©2013 AKAMAI | FASTER FORWARD TM Akamai Intelligent Platform™ Deflecting Network Layer Attacks at the Edge Network Layer attack mitigation  Built-in protection is “always on”  Only Port 80 (HTTP) or Port 443 (HTTPS) traffic allowed on Platform o All other traffic dropped at the Akamai Edge Attack traffic never makes it onto Platform Customer not charged for traffic dropped at Edge o Absorbs attack requests without requiring identification o Requires CNAME onto Akamai Intelligent Platform Absorbs attacks through massive scale  ~5.5 Tbps average throughput; up to 8Tbps  Distribution of HTTP request traffic across 100,000+ servers; 1,100+ networks  No re-routing, added latency, or point of failure Examples of attacks types dropped at Akamai Edge  UDP Fragments  ICMP Floods  SYN Floods  ACK Floods  RESET Floods  UDP Floods

9 ©2013 AKAMAI | FASTER FORWARD TM Custom Rules Web Application Firewall Description  WAF Custom Rules implemented in Akamai metadata written by Akamai Professional Services  Rules are created and managed in customer portal  Rules are then associated with firewall policies and deployed with WAF in 45 minutes The Result  New rule logic can be built to handle specific use cases for the customer  Rules can be built that execute when one or more baseline rules or rate control rules match  Output of application vulnerability products can be implemented as “virtual patches”  Advanced piping to user validation actions can be achieved (prioritization)

10 ©2013 AKAMAI | FASTER FORWARD TM Custom Rules Web Application Firewall Description  WAF Custom Rules implemented in Akamai metadata written by Akamai Professional Services  Rules are created and managed in customer portal  Rules are then associated with firewall policies and deployed with WAF in 45 minutes The Result  New rule logic can be built to handle specific use cases for the customer  Rules can be built that execute when one or more baseline rules or rate control rules match  Output of application vulnerability products can be implemented as “virtual patches”  Advanced piping to user validation actions can be achieved (prioritization)

11 ©2013 AKAMAI | FASTER FORWARD TM Adaptive Rate Controls Malicious Behavior Detection  Specify number of requests per second against a given URL o Controls requests based on behavior pattern – not request structure Use client IP address, session ID, cookies, etc.  Configure rate categories to control request rates against digital properties Mitigate rate-based DDoS attacks  Statistics collected for 3 request phases o Client Request – Client to Akamai Server o Forward Request – Akamai Server to Origin o Forward Response – Origin to Akamai Server  Statistics collected allow us to ignore large proxies and pick out a malicious user hiding behind a proxy  Statistics collected allow for detection of pathological behavior by a client o Request rate is excessive for any stage o Requests causing too many Origin errors

12 ©2013 AKAMAI | FASTER FORWARD TM Adaptive Rate Controls Malicious Behavior Detection  Specify number of requests per second against a given URL o Controls requests based on behavior pattern – not request structure Use client IP address, session ID, cookies, etc.  Configure rate categories to control request rates against digital properties Mitigate rate-based DDoS attacks  Statistics collected for 3 request phases o Client Request – Client to Akamai Server o Forward Request – Akamai Server to Origin o Forward Response – Origin to Akamai Server  Statistics collected allow us to ignore large proxies and pick out a malicious user hiding behind a proxy  Statistics collected allow for detection of pathological behavior by a client o Request rate is excessive for any stage o Requests causing too many Origin errors

13 ©2013 AKAMAI | FASTER FORWARD TM Security Monitor (1 of 3) Timeline of Requests by Hour Visual Display of Requests by Geography Requests by WAF Message Requests by WAF Tag Requests by WAF Rule ID

14 ©2013 AKAMAI | FASTER FORWARD TM Security Monitor (2 of 3) Multiple ways to display request statistics

15 ©2013 AKAMAI | FASTER FORWARD TM Security Monitor (3 of 3) Requests by Client IP address Requests by City ARLs being attacked

16 ©2013 AKAMAI | FASTER FORWARD TM

Download ppt "Web Application Firewall (WAF) RSA ® Conference 2013."

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview

Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Akamai DNS Offerings RSA © Conference 2013. ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.

Akamai DNS Offerings RSA © Conference ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.
Protecting Commercial and Government Web Sites: The Role of Content Delivery Networks Bruce Maggs VP for Research, Akamai Technologies.

Protecting Commercial and Government Web Sites: The Role of Content Delivery Networks Bruce Maggs VP for Research, Akamai Technologies.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator.

CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Beyond DDoS: Case Studies on Attack Mitigation for Financial Services Mike Kun and Patrick Laverty, Akamai CSIRT.

Beyond DDoS: Case Studies on Attack Mitigation for Financial Services Mike Kun and Patrick Laverty, Akamai CSIRT.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Similar presentations

Ads by Google