#v11 Preventable attacks

v11 theme

Today’s malware and other penetration techniques are custom-made, can adapt, and can cover the tracks of those seeking the information. An assault may start at the network level with DNS, ICMP, or SYN flood attacks, then move to the application with layer 7 DoS, SQL injection, or cross-site scripts (XSS); once the system is compromised, the attacker goes after the data. Attackers also often leave “back doors” so they can easily come and go before being detected.

Many organizations do a decent job of securing their infrastructure components, but are challenged when it comes to securing their web applications, whether they are hosted in house, in a cloud environment, or both. Forrester Research reported that in 2009, 79 percent of breached records were the result of web application attacks. An application breach can cost companies significant amounts of money and seriously damage brand reputation. The 2010 annual study on data breaches by Symantec and the Ponemon Institute calculated that the average cost of a breach to a company was $214 per compromised record, and $7.2 million over the entire organization. In addition to financial losses, an organization may also have to address compliance and legal issues, public scrutiny, and loss of trust among shareholders and customers. It’s clear that protecting applications while still making them highly available to valid users is critical to the lifeblood of an organization.

If an organization discovers an application vulnerability, BIG-IP ASM can quickly be deployed in an organization’s environment, enabling IT to immediately virtually patch vulnerabilities until the development team can permanently fix the application. Additionally, organizations are often unable to fix applications developed by third parties, and this lack of control prevents many of them from considering these solutions. But with BIG-IP ASM, organizations have full control over securing their dynamic infrastructure

AJAX, which is a mix of technologies (Asynchronous JavaScript and XML), is becoming more pervasive since it allows developers to deliver content without having to load the entire HTML page in which the AJAX objects are embedded. Unfortunately, poor AJAX code can allow an attacker to modify the application and prevent a user from seeing their customized content, or even initiate an XSS attack. Additionally, some developers are also using JSON (JavaScript Object Notation) payloads, a lightweight data-interchange format that is understandable by most modern programming languages and used to exchange information between browser and server. If JSON is insecure and carrying sensitive information, there is the potential for data leakage.

The ability to parse JSON payloads and protect AJAX applications that use JSON for data transfer between the client and server has become an important area to focus defenses. It’s critical to enforce the proper security policy and potentially display an embedded blocking alert message. Very few WAF vendors are capable of enforcing JSON (other than the XML Gateways). AJAX, which is becoming more and more common even within enterprises and even if an organization isn’t currently using AJAX, it certainly will be in the near future. Infrastructure must evolve to meet emerging threats as well as existing threats that migrate across environments. JSON payloads are more and more common as the format of choice for APIs and integration across applications – both social and enterprise – making it more imperative that security-focused infrastructure be capable of identifying threats that may be buried within exchanged messages.

AJAX and JSON aren’t the only things to worry about. Threats can come from a variety of sources, including malicious hackers, unscrupulous users, and valid users. File upload forms and users uploading their own files can pose a significant risk to applications. Often, the first step in attacking a system is to insert code into the system and have it execute. File uploads can actually help an intruder accomplish this, enabling attackers to deface a website, introduce other vulnerabilities like XSS, add a phishing page to the website, or even upload a file in hopes that the IT administrator launches it. In BIG-IP v10.2, F5 introduced antivirus inspection using a remote device via the Internet Content Adaptation Protocol (ICAP). This is applied to files uploaded using HTTP multipart transactions, like when a user fills out a browser form or includes file attachments and sends the entire message to a server.

Preventing many of the most common and dangerous vulnerabilities will allow your infrastructure to scale when real demand is needed. The next generation of infrastructure must provide a more comprehensive and flexible means of addressing what are preventable attacks without compromising performance and availability.

The next generation of infrastructure must be more able….

Connect with F5:
o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1] rss[8]

Latest F5 Information