1 / 22

563.15.1 DoS: Application Firewalls

563.15.1 DoS: Application Firewalls. Presented by: Brian Cook High Level DoS Group: Laura Worthington & Brian Cook University of Illinois Spring 2006. Question. What is an application Denial of Service (DoS) and why do we need protection against it?. Overview. Types DoS Network DoS

urbain
Télécharger la présentation

563.15.1 DoS: Application Firewalls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 563.15.1 DoS: Application Firewalls Presented by: Brian Cook High Level DoS Group: Laura Worthington & Brian Cook University of Illinois Spring 2006

  2. Question What is an application Denial of Service (DoS) and why do we need protection against it?

  3. Overview • Types DoS • Network DoS • Application DoS • Protection • Network • Application

  4. DoS Defined An attack to disrupt or completely deny service to legitimate users, networks, systems or other resources.

  5. Network DoS • Network Connectivity • Using your own resources against you • Bandwidth Consumption

  6. Application DoS Why is there a need to be concerned?

  7. Application DoS • Advantages over traditional DoS • Typically not detectable by current security solutions • Attacks are more efficient • Harder to trace

  8. Application DoS • Attack • Classes • Resource abuse • Domain Name System DoS December 2005 • Attacks target Internet traffic cops March 2006 • Exploitation • User based • Transaction Resources • Sessions

  9. Protection • Network • Application

  10. Network Firewalls

  11. U1 P1 P2 U2 Application Firewall

  12. Application Firewall Overview • Protocols • Web sites • Encryption/encoding • Attack protection • Configuration management • Logging

  13. http tcp, udp Port 80 https tcp, udp Port 443 ftp tcp, udp Control port 21 Data Port 20 ftps tcp, udp Control port 990 Data port 989 DNS tcp, udp Port 53 Custom applications, home grown Protocols

  14. Web Sites • Reverse proxy • Web address translation • Cloak banners • Normalize error codes • Compression • Caching • Web crawlers • Load balancing • Small severs running one site • TCP connection pooling • Persistent connection(s) from application firewall to web server(s)

  15. Encrypted/Encoded Traffic • Encryption, Secure Socket Layer (SSL) • Encrypt • Decrypt • Off-loading • Encoded • URL • Unicode • Hexadecimal

  16. Attack Protection • Client validation • User agreements • Client puzzles • Not solved or solved incorrectly, request dropped • Probability of solving is 2 ** (-k) of success • Traffic • Anti-evasion • Content filtering • Cross-site scripting • Field cloaking • Credit Cards • Social Security Numbers

  17. Attack Protection • Rate control • Application state • Cookie tampering • Session hijacking • Form field tampering • Parameter

  18. Operating systems Unpatched security flaws Server software flaws Improper permissions on files and directories Unnecessarry services Web Servers Default certificate Misconfigured SSL certificate Misconfigured encryption settings Overly informative errors Unnecessary files including scripts, applications, configuration files, and web pages Configuration Management

  19. Logging • Security Logs • Web Logs • System Logs

  20. OWASP Provides minimum standard for web application security

  21. OWASP • List of Top 10 Web Application Vulnerabilities • Unvalidated Input • Broken Access Control • Broken Authentication and Session Management • Cross Site Scripting Flaws • Buffer Overflows • Injection Flaws • Improper Error Handling • Insecure Storage • Denial of Service • Insecure Configuration Management

  22. References • Sotiris Ioannidis, Angelos D. Keromytis, Steven M. Bellovin, and Jonathan M. Smith, "Implementing a Distributed Firewall", ACM Conference on Computer and Communications Security, Athens, Greece, November 2000. • Marcus J. Ranum, and Frederick M Avolio, “A Toolkit and Methods for Internet Firewalls", Trusted Information Systems, Inc. • ThinkingStone, “ModSecurity for Apache User Guide", http://www.modsecurity.org/, January 2006. • Stephen de Vries, “Application Level DoS Attacks", April 2004. • CERT Coordination Center, “Denial of Service Attacks", http://www.cert.org/tech_tips/denial_of_service.html, June 2001. • Open Web Application Security Project, www.owasp.org • Web Application Consortium, www.webappsec.org

More Related