Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Kona Web Application Firewall Overview - Akamai at RSA Conference 2013

4.234 Aufrufe

Veröffentlicht am

Web application performance and security are critical to innovation. Akamai's Web Application Firewall (WAF) is a highly scalable edge defense service architected to detect and mitigate potential attacks, including SQL injection attacks, in HTTP and HTTPs traffic as they pass through Akamai's Intelligent Platform in their attempt to reach origin data centers.

WAF is designed to scale instantly to preserve performance and filter attack traffic close to the source, protecting your infrastructure and keeping your web applications up and running. Learn more about Kona Security Solutions: http://www.akamai.com/html/solutions/kona-solutions.html

Learn more about Akamai's presence at RSA Conference 2013: http://www.akamai.com/html/ms/rsa_conference_2013.html

Veröffentlicht in: Technologie
  • Loggen Sie sich ein, um Kommentare anzuzeigen.

Kona Web Application Firewall Overview - Akamai at RSA Conference 2013

  1. 1. Application Firewall (WAF)onference 2013
  2. 2. bercrime Landscape in 2013 …and easier t carry ou ereed...
  3. 3. From Network to Application Layer Application Layer Where  increasing   number  of  a2acks   (Layer 7) are  focused   Target  of   Network Layer Tradi,onal   (Layers 3/4) DDoS   A2acks  
  4. 4. pplication Firewall Highlightsates at the network edge – over 100,000 servers cts requests and responses for malicious content and info le cts packets to protect against attacks such as SQL Injectionss-Site Scripts gurable to log or block activities against policy cts organizations against application layer attacks propagateP and HTTPS les compliance with PCI DSS 1.2 section 6.6 des advanced rate controls (behavioral based protections)agates quickly (~30 minutes) gured via portal
  5. 5. ecurity Solutions 2.0urity Rule Updatele Set 2.2.6CRS supportCommon Rulesn Akamai’s unique view% of internet traffic d Rate Controls ID; Client-IP+User-Agentgrade Wizard
  6. 6. Appendix & Details
  7. 7. Intelligent Platform™g Network Layer Attacks at the Edgeayer attack mitigation Examples of attacks types droppedotection is “always on” at Akamai Edge80 (HTTP) or Port 443 (HTTPS) traffic §  UDP Fragmentsn Platform §  ICMP Floodsr traffic dropped at the Akamai Edge §  SYN Floodsk traffic never makes it onto Platform §  ACK Floods mer not charged for traffic dropped at Edges attack requests without requiring identification §  RESET Floods s CNAME onto Akamai Intelligent Platform §  UDP Floodsttacks through massive scales average throughput; up to 8Tbpson of HTTP request traffic across 100,000+ ,100+ networks ting, added latency, or point of failure
  8. 8. Rulesplication Firewall tion The ResultCustom Rules implemented §  New rule logic can be built tomai metadata written by specific use cases for the cus i Professional Services §  Rules can be built that execut are created and managed in one or more baseline rules ormer portal control rules match are then associated with §  Output of application vulnerab l policies and deployed with products can be implemented n 45 minutes “virtual patches” §  Advanced piping to user valid actions can be achieved (prio
  9. 9. Rulesplication Firewall tion The ResultCustom Rules implemented §  New rule logic can be built tomai metadata written by specific use cases for the cus i Professional Services §  Rules can be built that execut are created and managed in one or more baseline rules ormer portal control rules match are then associated with §  Output of application vulnerab l policies and deployed with products can be implemented n 45 minutes “virtual patches” §  Advanced piping to user valid actions can be achieved (prio
  10. 10. e Rate Controlss Behavior Detectiony number of requests per §  Statistics collected for 3 requed against a given URL o  Client Request – Client to Akamaols requests based on behavior o  Forward Request – Akamai Servn – not request structure o  Forward Response – Origin to Aclient IP address, session ID, cookies, etc. §  Statistics collected allow us toure rate categories to large proxies and pick out a m request rates against digital user hiding behind a proxytieste rate-based DDoS attacks §  Statistics collected allow for dete of pathological behavior by a clie o  Request rate is excessive for an o  Requests causing too many Orig
  11. 11. e Rate Controlss Behavior Detectiony number of requests per §  Statistics collected for 3 requed against a given URL o  Client Request – Client to Akamaols requests based on behavior o  Forward Request – Akamai Servn – not request structure o  Forward Response – Origin to Aclient IP address, session ID, cookies, etc. §  Statistics collected allow us toure rate categories to large proxies and pick out a m request rates against digital user hiding behind a proxytieste rate-based DDoS attacks §  Statistics collected allow for dete of pathological behavior by a clie o  Request rate is excessive for an o  Requests causing too many Orig
  12. 12. y Monitor (1 of 3) Timeline of Requests by Hour Visual Display of Requests by Geography Requests by WAF Rule ID Requests Requests by WAF Message by WAF Tag
  13. 13. y Monitor (2 of 3) Multiple ways to display request statistics
  14. 14. y Monitor (3 of 3) Requests by City Requests by ARLs being Client IP address attacked

×