Analyst & Research Reports

O'Reilly Modern Defense in Depth

Issue link:

Contents of this Issue


Page 30 of 53

Because most bots do not use the same browsers that human-run computers do when visiting websites and applications, this is a great way to distinguish bots from humans. Having a line of defense that can issue various bot challenges to detect and defeat bots is critical to lessening the damages that they can cause. As a matter of fact, most bots use what are known as "headless browsers" running from command-line interfaces. In most cases, today's bots are not run‐ ning JavaScript within these browsers in the same fashion as human visitors would—and this is the key to distinguishing malicious bots from human visitors. By having technology that forces all visitors to take a "test" (com‐ monly called a challenge) in the form of JavaScript challenges, human interaction challenges, device fingerprint challenges, and even CAPTCHA challenges, organizations can decrease the amount of bot-induced traffic reaching their sites and applications. Most of these challenges (except CAPTCHA) are completely hidden to the human visitor, and they can eliminate the probing, prodding, and scanning that bots perform for attack reconnaissance purposes or for other fraudulent activities. Devices that pass the challenges are allowed entry to the lower lines of defense, whereas bots that fail these challenges are blocked from any interaction with downstream websites and applications. How‐ ever, all visitors are continuously monitored for changes in their overall behavior, and when they deviate from what is considered the norm, additional challenges can be invoked by a concept called edge scripting. This concept is used to execute additional challenges that devices will need to successfully engage before their traffic is passed downstream. In addition, if the same sources of bot-induced traffic begin to increase the frequency of attempts to gain entry, blacklists of unwan‐ ted IP addresses can be generated, and these lists can be imple‐ mented by one, if not all the upstream lines of defense. Integrating the intelligence gained at this line of defense with all previous lines of defense makes the most sense. Defensive Line 6: Web Application Firewalls None of the other previous lines of defense have the ability to dis‐ cern a legitimate web request from a malicious one, because the dif‐ ference between the two is extremely small. Web Application Defensive Line 6: Web Application Firewalls | 21

Articles in this issue

view archives of Analyst & Research Reports - O'Reilly Modern Defense in Depth