akamai kona WAF Help Manual

Web Application Firewall

Tokenization Web Application

Firewall Website Defense

What We’re Seeing Attacks Are Happening On Multiple Levels

Target of Traditional DDoS Attacks

Network Layer

(Layers 3/4)

Network Layer

(Layers 3/4)

Network Layer

(Layers 3/4)

Application Layer

(Layer 7)

Where increasing number of attacks are focused

Web Attacks Are Getting More Sophisticated (e.g. multi-vector) Layers 3&4, Layer 7, DNS, Direct-to-Origin, Large, Small & Stealthy

Unreported 37%

SQL Injection (SQLi) 27%

Denial of Service 23%

Banking Trojan, 3%

Brute Force, 3%

Cross-Site Request Forgery, 2%

Predictable Resource

Location, 2% Stolen Credentials, 2% Clickjacking, 1%

What Attack Methods do Hackers Use?

Source: TrustWave Spider Labs - 2011 - Web Hacking Incident Database

Web Applications (Layer 7) Are Increasingly Targeted ~10,000,000 More Attacks in 1H2011 over 1H2010 (~45% increase)

5,000,000

10,000,000

15,000,000

20,000,000

25,000,000

30,000,000

35,000,000

2009 2010 1H2011

Total # Web Application Attacks at Mid-Year 2009–2011

Source: HP CyberSecurity Risks Report 1H2011

Web Applications (Layer 7) Are Increasingly Targeted ~10,000,000 More Attacks in 1H2011 over 1H2010 (~45% increase)

Layer 3/4 Attacks versus non-Web Layer 7 Attacks 1H2011

Layer 3/4 Attacks

Layer 7 Attacks

5,000,000

10,000,000

15,000,000

20,000,000

25,000,000

30,000,000

35,000,000

2009 2010 1H2011

Total # Web Application Attacks at Mid-Year 2009–2011

Source: HP CyberSecurity Risks Report 1H2011

On the Web, the Application is the Perimeter

Firewall

Hardware WAF

App server DB Web server

Traditional Data Center Security

In-The-Cloud Security

Firewall

Hardware WAF

In-The-Cloud Security

The threats are distributed, your response needs to be distributed!

Firewall

Hardware WAF

Akamai Intelligent Platform™ Deflecting Network Layer Attacks at the Edge

Network Layer attack mitigation §  Built-in protection is “always on” §  Only Port 80 (HTTP) or Port 443 (HTTPS) traffic

allowed on Platform o  All other traffic dropped at the Akamai Edge

•  Attack traffic never makes it onto Platform •  Customer not charged for traffic dropped at Edge

o  Absorbs attack requests without requiring identification o  Requires CNAME onto Akamai Intelligent Platform

Absorbs attacks through massive scale §  ~5.5 Tbps average throughput; up to 8Tbps §  Distribution of HTTP request traffic across 100,000+

servers; 1,100+ networks §  No re-routing, added latency, or point of failure

Examples of attacks types dropped at Akamai Edge §  UDP Fragments §  ICMP Floods §  SYN Floods §  ACK Floods §  RESET Floods §  UDP Floods

Web Application Protection Web Application Firewall

Application-layer controls §  Does deep packet inspection to protect

against attacks such as SQL Injections & Cross-Site Scripts

Custom Rules §  Create policy-based rules that are

enforced before or after execution of the application layer controls

§  Serve as “Virtual Patches” for new website vulnerabilities

Network Layer Controls §  Allow or restrict requests from

specific IP addresses •  Protect customer Origin from

application layer attacks

§  Implements IP Blacklists & Whitelist

§  Geo blocking

§  10,000 CIDR entries supported •  Named lists — e.g., Tor exit nodes •  30 — 45 minute deployment

Custom Rules Web Application Firewall

Description § WAF Custom Rules implemented

in Akamai metadata written by Akamai Professional Services

§ Rules are created and managed in customer portal

§ Rules are then associated with firewall policies and deployed with WAF in 45 minutes

Description § WAF Custom Rules implemented

in Akamai metadata written by Akamai Professional Services

§ Rules are created and managed in customer portal

§ Rules are then associated with firewall policies and deployed with WAF in 45 minutes

The Result § New rule logic can be built to handle

specific use cases for the customer § Rules can be built that execute when

one or more baseline rules or rate control rules match

§ Output of application vulnerability products can be implemented as “virtual patches”

§  Advanced piping to user validation actions can be achieved (prioritization)

Adaptive Rate Controls Malicious Behavior Detection

§  Specify number of requests per second against a given URL o Controls requests based on behavior

pattern — not request structure •  Use client IP address, session ID, cookies, etc.

§ Configure rate categories to control request rates against digital properties • Mitigate rate-based DDoS attacks

§  Statistics collected for 3 request phases o Client Request — Client to Akamai Server o  Forward Request — Akamai Server to Origin o  Forward Response — Origin to Akamai Server

§  Statistics collected allow us to ignore large proxies and pick out a malicious user hiding behind a proxy

§  Statistics collected allow for detection of pathological behavior by a client o Request rate is excessive for any stage o Requests causing too many Origin errors

Rate Controls Use Case: Blocking IPs Causing Origin Errors

1.  Count the number of Forward Responses that return a 404 error code 2.  Block any IP address that exceeds 5 errors per second

Client Request

Forward Request

Response code 404

Customer Origin

Akamai Edge Server

Client Request

Forward Request

Response code 404

Customer Origin

Akamai Edge Server

Client Request

Forward Request

Response code 404

Customer Origin

Akamai Edge Server

Client Request

Forward Request

Response code 404

Customer Origin

Akamai Edge Server

Client Request

Forward Request

Response code 404

Customer Origin

Akamai Edge Server

Client Request

Forward Request

Response code 404

Customer Origin

Akamai Edge Server

X Custom Error page

Automatic Origin Abuse Mitigation!

Use Case 2: Validate IPs Causing High Origin Load

1.  Count the number of Forward Requests 2.  Validate any IP address that exceeds 20 Forward Requests per second

Forward Request

Forward Response

Customer Origin

Akamai Edge Server Client

Request

Forward Request

Customer Origin

Request

Forward Request

Customer Origin

Request

Forward Request

Customer Origin

Request

Customer Origin X

Custom Error page

Automatic Origin Overload Prevention!

Request

Security Monitor (1 of 3)

Timeline of Requests by Hour

Visual Display of Requests by Geography

Requests by WAF Rule ID

Requests by WAF Message

Requests by WAF Tag

Multiple ways to display

request statistics

Requests by City

Requests by Client IP address

ARLs being attacked

Any experience. Any device. Anywhere.

akamai kona WAF Help Manual

Documents

Transcript of akamai kona WAF Help Manual

Bypassing Waf

Integrate Akamai Web Application Firewall - EventTracker · 1 Integrate Akamai Web Application Firewall Abstract This guide helps you in configuring Akamai WAF and EventTracker to

20150318 AkamaiSecurity LDP - Active ICT Japanactiveictjapan.com/pdf/20150318/jimin_it-toku_document_20150318.pdf · ©2014 AKAMAI | FASTER FORWARDTM ... WAF S \ ^¥" D ` JøÏ f

Intelligent Security Starts at the Edge - Akamai€¦ · The need for this protection is driving an ever-greater demand for WAF products as security leaders look to reduce the threat

CONDOS - Kona Coast · royal kona resort kona reef wyndam/ worldmark resort konatiki the sea village kona shores alii villas kona makai/royal seacliff casa de emdeko kona isle kona

Commerce Architecting for Omni-Channel Retailing Akamai ...€¦ · Akamai . Akamai 2012 CUSTOMER CONFERENCE Akamai FASTER FORWARD . EData uckup Akamai euge Akamai . Akamai Akamai

Big Data Intelligence Harnessing Petabytes of WAF statistics to Analyze & Improve Web Protection in the Cloud Ory Segal, Tsvika Klein Akamai Technologies.

A Response to - DMS€¦ · WEB SITE & APPLICATION SECURITY- KONA Akamai’s Kona security services provide cloud based Web site and ... and inspects inbound traffic using Akamai

AJA and Adobe ApplicationsAJA and Adobe Applications Quick Start Guide v14.2 6 Table 2. AJA Hardware Feature Summary, PCIe Devices KONA 4 KONA IP KONA 1 KONA 3G KONA HDMI KONA LHi

Work Boats 250 -1,200kW WAF/LAF 164-572ozmarmarine.com/upl/WAF_LAF_164-572.pdf · Work Boats WAF/LAF EngineRatingupto3,650kW Work Boats WAF/LAF ... Gearbox Main dimensions (mm) WAF

Don’t get DDoSed and Confused - pspinfo.us · Don’t get DDoSed and Confused Patrick Sullivan ... WAF Edge servers Akamai has unique insight into Web/DDoS ... • Banking site

W.#Taube)Petrignani# Curriculum Vitae 2015 … · Curriculum Vitae 2015 Werner Taube-Petrignani ... the so-called Akamai Kona suite. ... I am currently supporting WAF and

擋不住？要付贖嗎 ？怎麼辦？ - CLOUDSEC · A Kona customer reported an unknown attack and asked Akamai to investigate ... 2009 │ 韓國 DDoS WAF 攻擊 1998 │ Akamai

SPO2-W04 Rise of the Machines: An Internet-Wide Analysis ... · Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014 SPO2-W04 . ... Kona WAF Triggers . Akamai Logs

©2012 Akamai FASTER FORWARD TM Akamai Technologies Akamai IO Stephen Ludin Chief Architect – Akamai Technologies.

Akamai Cloud Security Solutions Brochure - 1105 Mediadownload.1105media.com/Custom/Face-to-Face/033016/Akamai-Cloud... · Akamai Cloud Security Solutions help you avoid ... The Kona

Improving Web Application Security - Systems Integration · Akamai White Paper – The Akamai Approach to WAF 3 Introduction Many security professionals consider the web application

INTERNET PLUS PROTECT - t-systems.com€¦ · Kona Site Defender (KSD) ... Application Firewall (WAF) ... Akamai verpuffen, weil bei Megaangriff nur 0,3 TB gegen 25 TB stehen 2

Maryland Health Benefit Exchange Invitation for Bids ...€¦ · Akamai Kona Site Defender Acquisition IFB ... Maryland Health Benefit Exchange . Invitation for ... Kona WAF is designed

Protecting your APIs - Akamai...Protecting your APIs With API Gateway and Kona Site Defender. Kirsten Hunter API Evangelist 5 years at Akamai. 10 years working with APIs. ... Swagger/RAML

擋不住？要付贖嗎？怎麼辦？ - CLOUDSEC · A Kona customer reported an unknown attack and asked Akamai to investigate ... 2009 │ 韓國 DDoS WAF 攻擊 1998 │ Akamai