Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks

ryū is the last line of defense against DoS attacks. There are several classes of Denial of Service attacks and ryū provides several defense mechanisms against each class and type.

From providing deeper session coordination to perimeter defense systems – Firewalls, Network Devices, IPS systems – to minimizing effects of fork bombs and zombie thread attacks on the host systems ryū protects against all eight classes of external and internal attacks.

SQL Injection attacks

SQL injection and blind SQL injection vulnerabilities are by far the most exploited in WebApp Server attacks.

ryū provides several ways to detect and remove injected SQL content even before it hits the back-end SQL database.

ryū protects against SQL injections through several methods. Each method provides an increased level of protection. ryū can provide this protection on both the HEADER and the CONTENT components of the HTTP requests and responses. ryū supports all transport protocol and recognizes multipart submissions.

Code Injection attacks

ryū CIP™ add-on module protects the WebApp server stack from Code Injection. Secure your most sophisticated WebApps from hackers that exploit unknown vulnerabilities to subvert your WebApps.

ryū CIP™ add-on module is a core component of your Zero-Day Protection solution. It will protect your WebApp server, your WebApp back-end databases and your WebApp operating environment from malicious attacks.

See Also

Buffer-overflow attacks

ryū by Trustifier protects against Buffer-overflow attacks at the operating system's kernel. Which means that it provides strong protection against all layers of vulnerabilities in the WebApp stack on the server side. Whether it is a bug in the web server software, any add-on modules, the operating system tools and libraries, or insecure code in within your WebApp, ryū will protect against it.

Learn More

Remote file inclusion attacks

Remote File Inclusion attacks typically occur through scripting languages such as PHP or Ruby where the programmer performs an "includes" operation on unchecked variables. ryū can limit or eliminate remote file inclusion attacks by isolating the rest of the system from an established session. Once a session is established ryū drops the reading privileges outside the webapplications minimal scope, making RFI vulnerabilities benign.

Brute Force attacks

Brute Force attacks are any type of attacks that attempt to overwhelm the victim by the sheer number of attacks.

ryū brute-force sinks, deflects brute force attacks.

For example, during a brute force new-session attack, the WebApp session requests to connection, sinks for further analysis and retaliation.

While real session requests are authenticated for connection via Blue-Pill™ out-of-band, your clients continue to enjoy the service despite the brute force attack.

See Also

• Denial of Service
• Distributed Denial of Service

Insufficient Authentication attacks

ryū enforces Trustifier's least privilege access to the system. Any requests to modify any local files, with some exceptions such as temporary files, are rejected by ryū irrespective of the local file permissions.

If you have insufficient authentication leaks, ryū will attempt to ensure that anything which looks like private privilege key data does not pass through the web server.

You can configure ryū to mark sensitive files and data explicitly. That data will never be allowed to leak irrespective of privilege of the session

Credential / Session Hijacking attacks

ryū employs several methods such as session seeding to coordinate safety against session hijacking.

ryū can be configured to provide a very strict mode of operations for SSL sessions that can, with appropriate user-side plug-in do out-of-band authentication.

Content Spoofing attacks

Content spoofing attacks can occur at either the client side or the server side.

ryū protects against both by providing dynamic digital signatures of the content being shared. The content is verified by the target before execution.

ryū provides free plug-ins for Microsoft Internet Explorer, Mozilla Firefox, Opera and Safari to provide client-side content-spoofing protection.

ryū verification keys can be installed in TXT fields of DNS servers for your domains, within the server itself, or manually given to clients to be locally installed

Cross-site Scripting attacks

Cross-site scripting attacks are a variant of code injection attack. By using strong protection of the content and local digital signatures to verify the scripts sent out ryū removes XSS attacks emanating from your WebApp server.

Format String attacks

Format string vulnerabilities can exist anywhere within the WebApp stack. ryū employs the power of Trustifier kernel protection technology that eliminates the ability to exploit these vulnerabilities.

LDAP Injection attacks

ryū implements a drop-in positive validation schemes for OpenLDAP servers. The plugin verifies the LDAP requests from WebApps for poisoned strings. In addition, ryū can be configured to disallow any LDAP updates originating from the WebApp processes.

OS commanding attacks

ryū fully compartmentalizes strings passed to the system(3) or exec(2) calls. Any alteration of the strings forces ryū to block the exec(2) system calls.

ryū is especially clever about strings constructed to build shell scripts that will be executed as part of the Application

SSI injection attacks

XMLTAG recognizes SSI tags and stops them from executing in non-safe contexts. XMLTAG does not allow system files to be included or executed. You have to configure to allow SSI through identified pages and identified tags.

Path traversal attacks

ryū stops path traversal attacks by limiting the opendir(2) call to identified strings. ryū specifically stops any strings containing ../ as part of the path beyond the WebApp directory.

Cookie stealing attacks

ryū Baker™ add-on module safeguards your WebApps from a "Cookie stealing attack". By creating signatures on cookies and IP addresses ryū can ensure integrity of the cookies. Optionally, ryū Baker™ can perform transparent cookie encryption to hide the Cookie's purpose from attackers

Http Response Splitting attacks

ryū removes any CR/LF injections in HTTP responses to make sure that poisoned HTTP headers do not cause your caching, proxy or host servers to reveal information that can be used to mount further attacks

Mail command injection attacks

Mail command injection is outside the scope of ryū. We will announce a solution for mail command injection attacks launched against SMTP, IMAP and POP3 servers in the first quarter of 2010. However, if you have an urgent, special or emergency need, please talk to us and we will do what we can to help you solve your problems.

Null byte injection attacks

ryū stops null byte injections in GET and PUT requests from remote clients. You can tell RYUBYTE to truncate, remove, or concatinate strings containing NULL byte attack patterns and either allow or deny processing. Default is to deny processing, and close the connection.

Predictable resource location attacks

ryū can limit blind searches of common file paths, and you can add your own paths to the configuration. ryū will pass this on to the Web Server as well as prevent access to these files using internal logic.

Routing Detour and Addressing attacks

Routing Detours are used to attack SOAP messages that have Routing extensions to run through complex networks in order to direct data processing to various SOAP servers.

The standard is in flux, however ryū can provide an interim solution to limit SOAP messages to identified servers within a Routing Detour request header, thus avoiding Routing Detour attacks. In this case ryū would have to be installed on every SOAP server within the Routing path.

SOAP array abuse attacks

SOAP array abuses are a DoS attack on the memory of the system. ryū can enforce hard limits on allocation of resources for each thread eliminating this attack.

XML external entities attacks

ryū can suppress out any external entities, and also stop access to unexpected files if the process is linked to an XML parser

XML attribute blowup attacks

ryū can explicitly remove external XML attributes to eliminate the DoS attack through attribute blowups

XML entity expansion attacks

ryū puts hard limits on memory and CPU usage for each process, and can kill any threads that attempt to launch memory based DoS attacks such as an XML entity expansion attack.

XML injection attacks

ryū can sanitize dangerous characters from GET and POST requests to eliminate XML injection attacks.

Zero-day attacks

ryū is based on a paradigm shift in implementing security

Its underlying technology: Trustifier provides deep process level security to avoid exploitation of undiscovered vulnerabilities in the entire WebApp stack. Trustifier security engine is specially resilient against OS level attacks. It can isolate and safeguard WebApps, WebApp servers and underlying services to deliver maximum protection of the entire environment.