"The threat posed by distributed DoS [DDoS] and web application attacks continues to grow each quarter," said John Summers, vice president for Akamai's cloud security business sector. Malicious actors are continually changing the game by switching tactics, seeking out new vulnerabilities and even bringing back old techniques that were considered outdated.
The traffic on the Internet increased during the 2014 holiday season, so did the number of all types of attack traffic (including application-layer attacks and volumetric, distributed denial of service (DDoS) attacks) reported the Akamai's Threat Advisory. Many attackers mask themselves in a sea of "good" online traffic by using proxy addresses that enable them to browse the web anonymously and without geographic origin. Most of these volumetric attacks originate from Bots, software applications that run automated tasks over the Internet.
Total denied WAF traffic 2014 Online Retailers (Akamai Security Alert 2014)
So how do you protect your eCommerce site from being hacked and sensitive customer data from being stolen?
Akamai can help you safeguard your websites and other Internet-facing applications from the risks of downtime and data theft. Our solutions provide the scale to stop the largest DDoS and web application attacks, as well as intelligence into the latest threats to help shifting tactics and attack vectors.
Kona Site Defender combines automated DDoS mitigation with a Web Application Firewall (WAF) help protect websites from a wide range of online threats, including network and application-layer attacks.
By customizing WAF rules to your application, many attacks can be identified and blocked. Please follow the steps below to ensure your WAF complies with the latest security best practices:
Step 1: Upgrade your WAF to run the latest Akamai rule set. Updating website rules is the first line of defense. Threats are constantly evolving - it is critical that the rule set is reviewed and updated on a regular basis. Go to the Luna Control Center Configure > Security > Security Configuration > Tuning Status to see the latest rule set used by your configuration and whether it needs to be updated. Akamai's Security Research team is constantly monitoring effectiveness of the rules and updating the signatures. Review your configuration status every month to keep the rule-sets up to date in line with these developments.
Step 2: Carefully select the rules most relevant to your website. Review the WAF considerations below. By doing this, you can ensure to defend against malicious attacks without rejecting legitimate traffic from consumers.
Deny traffic originating from non-commerce countries: Organizations should consider leveraging their WAF to denying traffic from countries/regions that they do not operate and have no expectation that traffic will originate from those locations.
Configure firewall alerts/notifications: An organization's WAF notifications should be properly configured to ensure that appropriate alerts are delivered when anomalies are detected. Ensure the right people in your organization are receiving these alerts and can react as soon as the anomaly is detected.
Ensure that your Web Application Firewall is tuned properly: Attackers with data theft motives tend to operate heavily over the holidays. This is indicated by an increase in application-layer attacks such as SQL injection and cross-site scripting, we can ultimately lead to stolen credit card information and other personal consumer details. Akamai's Web Application Firewall application-layer rules should be set to deny mode, and thresholds properly tuned.
Tune Firewall for Anonymous Proxy Traffic: Many attackers mask themselves in a sea of "good" online traffic by using proxy addresses that enable them to browse the web anonymously and without geographic origin.
Step 3: Release the rule set to production in Alert mode and monitors the traffic in the Luna Control Center Security Monitor (Monitor > Security > Security Monitor) prior to placing the rules in Deny. Engage your professional services team to review the two to three weeks of data and help in activating rules in Deny mode. It is important that no legitimate traffic is denied.
Once the WAF configuration is tuned, it is important to consider the following Akamai products below:
- Set up your network lists to block any bad actors by utilizing a Network list API or the LUNA control Center interface under Configure > Network List Management
- Enable Client Reputation Intelligence: Akamai offers a client reputation module to protect customers against known bad IP addresses. Known malicious IPs, including those that are increasingly observed over the holiday season, can be blocked before they target an organization, by being pre-emptively flagged. More information on Client Reputation can be found here.
- Set up Rate Controls - Rate Controls monitor and control the rate of requests against the Edge servers and your origin to provide dynamic protection against application layer attacks. Once the IP qualifies on any rate control according to the definition match, any activity that will follow from that IP in next 10 minutes will be denied, even if those URLs are not the part of the rate control definition.
Once you have completed the WAF tuning, setting up rate controls, network lists and blocking attackers based on client reputation intelligence you have made a great start! Yet, your security efforts shouldn't stop there, it is also important to consider the topics below:
DNS Reliability: Fast DNS is designed to integrate easily with your existing DNS infrastructure. Using IP Anycast technology it provides great reliability and performance for name resolution. The solution also utilizes DNS Security Extensions (DNSSEC) to prevent DNS cache poisoning and DNS hijacking. The "Sign and Serve" DNSSEC enhancement provides you the ability to offload the support of DNSSEC entirely to Akamai.
Plan for failure: Whether it's a performance issue or an attack, failure happens. Even if you think you have tackled all potential vulnerabilities, acknowledge what could possibly go wrong and determine what steps will be taken to recover the site. Simulate for failures of parts of infrastructure to see how the rest of the system handles it. By doing this, you can take comfort in knowing that even if the worst does happen, you are as prepared as possible to rectify the problem and get back to normalcy.
Scan your site: Check your websites regularly (including a test of all links) to ensure identity thieves and hackers have not introduced malware into advertisements, graphics, or other content provided by third parties. Ensure you follow the steps described here for any scanning and penetration testing.
Penetration testing: Consider hiring cyber security consultants or ethical hackers to identify vulnerabilities in the code.
Security Monitoring: Regularly review the Security monitor under Monitor Security Security Monitor in the Luna Control Center for current attack information regarding your site.
Not all websites can develop an internal cyber intelligence capability. Akamai can help to quickly identify and understand the various security incidents and their implications, determine effective mitigation and remediation tactics, and develop a clear plan to enhance security through our Managed Kona service offering. Contact Akamai Professional Services if you have any questions regarding the latest security developments or specific configuration tuning. Delivered via the cloud, our services combine fully reliable DNS resolution and DDoS attack protection to support critical Web-based systems and reduce the risk of downtime.