 |
REST API
5.0.0
REST API for SafeNet Network HSMs
|
|
REST API
5.0.0
REST API for SafeNet Network HSMs
|
The webserver includes a black list which is a system that will stop malicious users from making requests to the REST API. The system analyses a users request and detects malicious patterns. Once black listed a users IP will be blocked at the TCP socket level and will not be allowed a connection. All black list activity is logged in the lunalogs log file.
The black list can be configured in two ways, by using a severity percentage, or by modifying the attributes directly.
Severity is the simplest way to configure the black list, it describes how severe the black list is in percentage. Severity can be set to any value between 0 and 100. Setting the severity to 0 turns the black list off and 100 is the most severe. It is recommended to use 50% as it is the most lenient while still being effective at stopping malicious users, note that this is the default value.
The black list is controlled by three attributes; "maxInfractionCount", "timeoutStart" and "timeoutMultiplier".
The maximum infraction count is the number of infractions that must be committed before a user is blacklisted. This is represented as an internal counter per user, when an infraction is committed the counter is incremented by the number of infractions committed. When the maximum number is reached the user is effectively blacklisted.
The timeout start is the amount of seconds before the infraction count is updated. Each user contains an update timer, the timer starts at this value but increments with each infraction (see timeout multiplier). When the timer is up the infraction counter for the current user is decreased, when it returns to zero the timer is reset to this value.
The timeout multiplier is the amount the timer increases with each infraction.
Lets consider the following case, the web server's black list is configured with the following:
Now say a user attempts to login but the credentials were incorrect. Login with bad credentials counts as 2 infractions therefore the infraction count is reduced by that amount bringing it down to 3 from 5. Additionally the timeout is incremented by the multiplier, this makes the timeout now 4 (timeout x multiplier ^ infractions). The user now needs to wait 4 seconds for its infraction count to increase to 4 from 3, however the timeout remains at 4 seconds until the next infraction is commited. If the user waits an additional 4 seconds the infraction count will be back to its default which causes the timeout to be reset to its "timeoutStart" value.
If we consider the case where a user might be more malicious where the amount of requests coming in will be much more aggressive. The user attempts to make 10 bad requests, 5 of those requests come through however the user is immediatly black listed. The timeout is now set to 32 seconds. The user waits 32 second and the infraction count is set to 1, the user then performs another bad request and is now black listed for 64 seconds.
