Uma Arquitetura de Firewall derivada do OWASP ModSecurity Core Rule Set baseada em ganchos de APIs I/O
Abstract
The use of cloud-based firewalls such as CloudFlare has proven to be effective in containing HTTP protocol attacks targeted at the DNS domain, although it is still possible to obtain the actual address of the protected server and attack it directly by automatically querying DNS records and histories. This article introduces a firewall architecture derived from the OWASP ModSecurity Core Rule Set based on hooks of the I/O functions in the TCP socket that allow the writing of input and output rules capable of containing attacks directed to the HTTP protocol at the actual server address. Results obtained in the controlled testing environment and in the real environment showed that the applied architecture was effective in containing attempts at remote code injections, SQL injections, brute-forces, and even DoS attacks from Russian and Chinese botnets. These results were obtained through the use of rules for vectors of common attacks extracted from the Core Rule Set (CRS) combined with the use of deviations in the so-called patterns of the Express framework functions to which the firewall is directed to be used.
References
ARNFELD, Tom. (2017) “How we made our DNS stack 3x faster”, The CloudFlare Blog, July, available at: https://blog.cloudflare.com/how-we-made-our-dns-stack-3x-faster/.
Clincy, V., & Shahriar, H. (2018). “Web Application Firewall: Network Security Models and Configuration”. July.
CloudFlare. (2020) “Argo Tunnel”, July, available at: https://www.cloudflare.com/pt-br/products/argo-tunnel/.
DICKEY, Jeff. (2013) “Instant CloudFlare Starter”, 1st Edition, June.
FIELDING, R. et al. (2020) “Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content”, RFC 7231 – Internet Engineering Task Force (IETF), July.
HAHN, Evan. (2016) “Express in Action: Writing, building, and testing Node.js applications”, 1st Edition, July.
KAUSHIK, Mehul. (2017) “Cloudflare Web Application Firewall Review”, CualHost, July, available at: https://www.cualhost.com/cloudflare-web-application-firewall-review/.
KLANDER, Lars. (1997) “Hacker Proof: The Ultimate Guide to Network Security”, July.
KORET, Joxean & BACHAALANY, Elias. (2015) “The Antivirus Hacker’s Handbook”, June, p. 174.
Microsoft. (2019) “Windows Filtering Platform Callout Drivers”, Microsoft Developer Network, July.
MORGAN, Steve. (2019) “2019 Official Annual Cybercrime Report”, Herjavec Group, June.
MORENO, Daniel. (2017) “Pentest em Aplicações Web”, 1th edition, June.
NIXON, Allison & CAMEJO, Christopher. (2013) “DDoS Protection Bypass Techniques”, Integrallis Inc, June.
Oracle. (2019) “5 Reasons Why You Need a Cloud-based Web Application Firewall”, July, p. 2 – 3.
Pramod, N. et al (2013) “Limitations and Challenges in Cloud-Based Applications Development”, July.
Peterson, L. L. & Davie, B. S. (2013) “Redes de Computadores – Uma abordagem de sistemas”, Elsevier, 5th Edition, July.
ROBB, Drew. (2018) “Top 10 Distributed Denial of Service (DDoS) Protection at: Planet, eSecurity July, available Vendors”, https://www.esecurityplanet.com/products/top-ddos-vendors.html.
ROMANOFSKI, Ernest. (2002) “A Comparison of Packet Filtering vs Application Level Firewall Technology”, SANS Institute, June, p. 1-6.
RUSSINOVICH, Mark et al. (2011) “Windows Sysinternals Administrator's Reference”, 1st Edition, July.
SPEED, Tim. (2003) “Internet Security”, Elsevier, 1st Edition, July.
STAUFFACHER, John. (2017) “Web Application Firewalls: A Practical Approach”, 1st Edition, June.
WhiteHat Security. (2019) “Application Security Statistics Report”, vol. 14, June, p. 2.
W3Techs. (2020) “Usage statistics of reverse proxy services for websites”, W3Techs at: Technology Surveys, July, available Web https://w3techs.com/technologies/overview/proxy.
YARI, Imrana A. et al. (2019) “Towards a Framework of Configuring and Evaluating ModSecurity WAF on Tomcat and Apache Web Servers”, ICECCO, July.
