On Thu, May 9, 2019 at 2:39 PM Sanjeewa Malalgoda <sanje...@wso2.com> wrote:
> Tracing and logging problematic API calls definitely add value to product. > This is kind of alerting mechanism. But we should not stop from there. We > can go one step ahead and block calls with similar attributes. We can block > API calls temporary based on the API context, application id, user and IP > address. Then users who accessed honeypot APIs will not be able to use > other APIs. > > Blocking condition related updates we can put into topic from traffic > manager. So we can use same mechanism here as well. > > Thanks, > sanjeewa. > > On Thu, May 9, 2019 at 12:18 PM Nadee Poornima <nad...@wso2.com> wrote: > >> Hi All, >> >> If published APIs in the store, they could invoke by the Hackers by >> scanning the open ports of a system. Therefore in order to prevent such >> attacks, the user needs to use different tools or mechanism. The >> Honeypots[1] is such a system, user can use in their environment to detect >> such anonymous attacks. >> >> Instead of using such out of box tools or mechanism, we are trying to >> implement a mechanism to detect such anonymous invocation of APIs within >> the APIM product. >> >> *The suggested Approach:* >> There is a deployed API in the gateway(not showing the API in publisher >> or store), once invoked that API by an anonymous user, it will identify it >> as anonymous invocation and trigger an Alert (send an email) to admin user >> of the system. Request Data will publish to the Trafic Manager and they >> will persist to DB as well. >> > Any reason to use TM instead if an analytics node? ATM, TM(siddhi) not communicate with DB and may be we need to incude other extensions. Also, it can reduce TM performance and affect throttle decisions. > Those invocations will appear as a list in the Admin portal and admin user >> could remove or persist them through the UI after reviewing them. Further, >> we will implement an Admin UI part to configure that Alert(like configuring >> email). >> >> [image: HoneyPotAPIAlertApproach.png] >> >> [1]. https://blog.rapid7.com/2016/12/06/introduction-to-honeypots/ >> >> Thank you and regards, >> *Nadee Poornima* >> Software Engineer - Support Team | WSO2 >> >> Email : nad...@wso2.com >> Mobile : +94713441341 >> MyBlog: https://medium.com/nadees-tech-stories >> >> <https://wso2.com/signature> >> > > > -- > *Sanjeewa Malalgoda* > Software Architect | Associate Director, Engineering - WSO2 Inc. > (m) +94 712933253 | (e) sanje...@wso2.com | (b) Blogger > <http://sanjeewamalalgoda.blogspot.com>, Medium > <https://medium.com/@sanjeewa190> > > GET INTEGRATION AGILE <https://wso2.com/signature> > Integration Agility for Digitally Driven Business > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- Rukshan Chathuranga. WSO2, Inc. +94711822074
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
