Uma Arquitetura de Firewall derivada do OWASP ModSecurity Core Rule Set baseada em ganchos de APIs I/O
Resumo
A utilização de firewalls baseados em nuvem como o CloudFlare demonstrou ser eficaz na contenção de ataques no protocolo HTTP direcionados ao domínio DNS. Contudo, ainda assim é possível obter o endereço real do servidor protegido e atacá-lo diretamente consultando de forma automatizada registros e históricos DNS. Diante essa lacuna, este artigo apresenta uma arquitetura de firewall derivado do OWASP ModSecurity Core Rule Set baseada em ganchos das funções de I/O no socket TCP que permitem a escrita de regras de entrada e saída capazes de conter ataques direcionados ao protocolo HTTP no endereço do servidor real. Resultados obtidos no ambiente de testes controlado e no ambiente real mostraram que a arquitetura aplicada foi eficaz na contenção de tentativas de injeções remotas de código, injeções de SQL, força bruta e até ataques DoS de botnets russas e chinesas. Esses resultados foram obtidos através do uso de regras para vetores de ataques comuns extraídas do Core Rule Set (CRS) aliado ao uso de desvios nas chamadas padrões das funções do framework Express para o qual o firewall é direcionado a ser utilizado.
Referências
ARNFELD, Tom. (2017) “How we made our DNS stack 3x faster”, The CloudFlare Blog, July, available at: https://blog.cloudflare.com/how-we-made-our-dns-stack-3x-faster/.
Clincy, V., & Shahriar, H. (2018). “Web Application Firewall: Network Security Models and Configuration”. July.
CloudFlare. (2020) “Argo Tunnel”, July, available at: https://www.cloudflare.com/pt-br/products/argo-tunnel/.
DICKEY, Jeff. (2013) “Instant CloudFlare Starter”, 1st Edition, June.
FIELDING, R. et al. (2020) “Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content”, RFC 7231 – Internet Engineering Task Force (IETF), July.
HAHN, Evan. (2016) “Express in Action: Writing, building, and testing Node.js applications”, 1st Edition, July.
KAUSHIK, Mehul. (2017) “Cloudflare Web Application Firewall Review”, CualHost, July, available at: https://www.cualhost.com/cloudflare-web-application-firewall-review/.
KLANDER, Lars. (1997) “Hacker Proof: The Ultimate Guide to Network Security”, July.
KORET, Joxean & BACHAALANY, Elias. (2015) “The Antivirus Hacker’s Handbook”, June, p. 174.
Microsoft. (2019) “Windows Filtering Platform Callout Drivers”, Microsoft Developer Network, July.
MORGAN, Steve. (2019) “2019 Official Annual Cybercrime Report”, Herjavec Group, June.
MORENO, Daniel. (2017) “Pentest em Aplicações Web”, 1th edition, June.
NIXON, Allison & CAMEJO, Christopher. (2013) “DDoS Protection Bypass Techniques”, Integrallis Inc, June.
Oracle. (2019) “5 Reasons Why You Need a Cloud-based Web Application Firewall”, July, p. 2 – 3.
Pramod, N. et al (2013) “Limitations and Challenges in Cloud-Based Applications Development”, July.
Peterson, L. L. & Davie, B. S. (2013) “Redes de Computadores – Uma abordagem de sistemas”, Elsevier, 5th Edition, July.
ROBB, Drew. (2018) “Top 10 Distributed Denial of Service (DDoS) Protection at: Planet, eSecurity July, available Vendors”, https://www.esecurityplanet.com/products/top-ddos-vendors.html.
ROMANOFSKI, Ernest. (2002) “A Comparison of Packet Filtering vs Application Level Firewall Technology”, SANS Institute, June, p. 1-6.
RUSSINOVICH, Mark et al. (2011) “Windows Sysinternals Administrator's Reference”, 1st Edition, July.
SPEED, Tim. (2003) “Internet Security”, Elsevier, 1st Edition, July.
STAUFFACHER, John. (2017) “Web Application Firewalls: A Practical Approach”, 1st Edition, June.
WhiteHat Security. (2019) “Application Security Statistics Report”, vol. 14, June, p. 2.
W3Techs. (2020) “Usage statistics of reverse proxy services for websites”, W3Techs at: Technology Surveys, July, available Web https://w3techs.com/technologies/overview/proxy.
YARI, Imrana A. et al. (2019) “Towards a Framework of Configuring and Evaluating ModSecurity WAF on Tomcat and Apache Web Servers”, ICECCO, July.