Posts Tagged Denial of Service

Built-in Compliance Capabilities

Advanced, built-in security protection and remote auditing help your organization comply with industry security standards, including Payment Card Industry Data Security Standard (PCI DSS), HIPAA, Basel II, and SOX, in a cost-effective way—without requiring multiple appliances, application changes, or rewrites. BIG-IP ASM reports previously unknown threats, such as layer 7 denial-of-service (DoS) and SQL injection attacks, and it mitigates web application threats to shield the organization from data breaches. All reports are GUI-driven and provide drill-down options with a click.

PCI

PCI reporting

With PCI reporting, BIG-IP ASM lists security measures required by PCI DSS 1.2, determines if compliance is being met, and details steps required to become compliant if not.

Geolocation reporting

Geolocation reporting informs you of the country where threats originate in addition to attack type, violation, URL, IP address, severity, and more. You can also schedule reports to be sent to a designated email address automatically for up-to-date reporting.

geoloc

Easy-to-read format for remote auditing

BIG-IP ASM makes security compliance easier and saves valuable IT time by exporting policies in human readable format. The flat, readable XML file format enables auditors to view the policies off site. Auditors working remotely can view, select, review, and test policies without requiring time and support from the web application security administrator.

, , , , , , ,

Leave a comment

Trojan Horse Email

Trojan horse email offers the promise of something you might be interested in—an attachment containing a joke, a photograph, or a patch for a software vulnerability. When opened, however, the attachment may do any or all of the following:

  1. create a security vulnerability on your computer
  2. open a secret “backdoor” to allow an attacker future illicit access to your computer
  3. install software that logs your keystrokes and sends the logs to an attacker, allowing the attacker to ferret out your passwords and other important information
  4. install software that monitors your online transactions and activities
  5. provide an attacker access to your files
  6. turn your computer into a “bot” an attacker can use to send spam, launch denial-of-service attacks, or spread the virus to other computers

What to Look For

Trojan horse emails have come in a variety of packages over the years. One of the most notorious was the “Love Bug” virus, attached to an email with the subject line “I Love You” and which asked the recipient to view the attached “love letter.” Other Trojan horse emails have included the following:

  • email posing as virtual postcard
  • email masquerading as security bulletin from a software vendor requesting the recipient apply an attached “patch”
  • email with the subject line “funny” encouraging the recipient to view the attached “joke”
  • email claiming to be from an antivirus vendor encouraging the recipient to install the attached “virus sweeper” free of charge

, , , , , , , , , , , ,

Leave a comment

Opportunities for better Security, Privacy and Trust by using the Cloud

Besides the apparent challenges, Cloud computing can also lead to new opportunities in the fields of
security, privacy and trust for the Cloud users:

1. Re-perimeterise around the core internal and sensitive data by migrating public data and applications
to the cloud. Outsourcing all publically available systems to specialised partners removes the need for
maintaining a complex, vulnerable and expensive internal Internet Street. Instead, the renewed
perimeter around the core data creates new opportunities for implementing fine-grained access controls.

2. Transfer the risks associated with cyber terrorism, denial-of-service and internet crime to the Service
Provider. Future projections predict increasing importance of cyber terrorism and organised internet
crime. Cloud users can easily outsource the specialised defence against these threats

3. Outsource parts of the compliance efforts (e.g. PCI DSS) to the Cloud providers, and make the providers
accountable for a predefined set of compliance rules.

4. Reduce the potential of human errors and rely on the increased autonomy of cloud platforms.
Selfmonitoring and self-healing systems will reduce human interventions for regular maintenance of the IT
systems.

5. Use the disperse characteristics of the Cloud to build flexible and high performing contingency and
disaster recovery capabilities.

On the other hand, the Cloud service providers can use other Cloud services for their own benefit, which
generates the following opportunities for the Cloud service providers:

a. Focus on the business offering by transferring the risks associated with identity management and
verification to built-for-purpose Identity Providers, such as OpenID. There are currently already some
initiatives to implement such model where, for example, telecom providers offer identity verification
services to online booking agencies

, , , , , , , , , , ,

3 Comments

C14N Denial of Service

Attack surface: Canonicalization

Attack impact: Denial of service

Description: C14N can be an expensive operation, requiring complex processing (Boyer ‟01), including entity expansion and normalization of whitespace, namespace declarations, and coalescing of adjacent text and CDATA nodes. This requires building a DOM and performing memory- and processor-intensive operations.

Exploit scenario: Attacker replaces the SignedInfo or XML content identified by a Reference with a very large set of XML data containing many namespace declarations, redundant adjacent text nodes, etc., leading to a denial of service condition.

Mitigation: Limit the total size of XML submitted for canonicalization.

Applies to XML Encryption? No

, , , , , , , , , , , ,

Leave a comment

%d bloggers like this: