In deed: very nice idea, valuable feature! Which attributes should be used to detect an attack?
Best regards, Frank Am Do., 9. Mai 2019 um 11:09 Uhr schrieb Sanjeewa Malalgoda < sanje...@wso2.com>: > Tracing and logging problematic API calls definitely add value to product. > This is kind of alerting mechanism. But we should not stop from there. We > can go one step ahead and block calls with similar attributes. We can block > API calls temporary based on the API context, application id, user and IP > address. Then users who accessed honeypot APIs will not be able to use > other APIs. > > Blocking condition related updates we can put into topic from traffic > manager. So we can use same mechanism here as well. > > Thanks, > sanjeewa. > > On Thu, May 9, 2019 at 12:18 PM Nadee Poornima <nad...@wso2.com> wrote: > >> Hi All, >> >> If published APIs in the store, they could invoke by the Hackers by >> scanning the open ports of a system. Therefore in order to prevent such >> attacks, the user needs to use different tools or mechanism. The >> Honeypots[1] is such a system, user can use in their environment to detect >> such anonymous attacks. >> >> Instead of using such out of box tools or mechanism, we are trying to >> implement a mechanism to detect such anonymous invocation of APIs within >> the APIM product. >> >> *The suggested Approach:* >> There is a deployed API in the gateway(not showing the API in publisher >> or store), once invoked that API by an anonymous user, it will identify it >> as anonymous invocation and trigger an Alert (send an email) to admin user >> of the system. Request Data will publish to the Trafic Manager and they >> will persist to DB as well. >> Those invocations will appear as a list in the Admin portal and admin >> user could remove or persist them through the UI after reviewing them. >> Further, we will implement an Admin UI part to configure that Alert(like >> configuring email). >> >> [image: HoneyPotAPIAlertApproach.png] >> >> [1]. https://blog.rapid7.com/2016/12/06/introduction-to-honeypots/ >> >> Thank you and regards, >> *Nadee Poornima* >> Software Engineer - Support Team | WSO2 >> >> Email : nad...@wso2.com >> Mobile : +94713441341 >> MyBlog: https://medium.com/nadees-tech-stories >> >> <https://wso2.com/signature> >> > > > -- > *Sanjeewa Malalgoda* > Software Architect | Associate Director, Engineering - WSO2 Inc. > (m) +94 712933253 | (e) sanje...@wso2.com | (b) Blogger > <http://sanjeewamalalgoda.blogspot.com>, Medium > <https://medium.com/@sanjeewa190> > > GET INTEGRATION AGILE <https://wso2.com/signature> > Integration Agility for Digitally Driven Business > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
