TEC Workbook - IBM

More documents

Recommendations

Info

<strong>IBM</strong> Software ● MegaTags – Otherwise valid XML messages containing excessively long element names, or an excessive number of tags. This attack may also lead to buffer overruns. ● Coercive parsing – XML messages specially constructed to be difficult to parse, resulting in excessive resource consumption in the target machine. ● Public key DoS – Utilizing the asymmetric nature of public key operations to force resource exhaustion on the recipient by transmitting a message with a large number of long-key-length, computationally expensive digital signatures. Multiple message XDoS (MMXDoS) attacks may have the following characteristics: ● XML flood – sending thousands of otherwise benign messages per second to tie up a Web service. This attack can be combined with Replay attack to bypass authentication, and with Single message XDoS to increase its impact. ● Resource hijack – sending messages that lock or reserve resources on the target server as part of a never-completed transaction. __1. At the top of the Multi-Protocol Gateway configuration form is a set of tabs. At the right and left side of the tabs are arrow images. Moving the cursor over the arrow (without clicking) will cause the tabs to shift left or right. Move the mouse over the right arrow until the XML Threat Protection tab is visible. __2. Click on the XML Threat Protection tab. __3. In the Single Message XML Denial of Service section, click the on radio button for Gateway parser limits. Notice that the XDoS protection is highly customizable. __4. Click the off button for Gateway parser limits. __5. In the Multiple Message XML Denial of Service section, click the on radio button for Enable MMXDoS Protection. __6. Click the off button for Enable MMXDos Protection. Page 50 WebSphere Lab Jam
2.8.3 Virus Scanning <strong>IBM</strong> Software Viruses are typically contained in message attachments. XML Virus Protection sets parameters that handle the following types of attacks in attachments: ● XML virus attacks ● XML encapsulation attacks ● Payload hijack attacks ● Binary injection attacks There are two levels of protection against virus threats. ● The first level is to determine whether or not to allow attachments. This is accomplished on the XML Threat Protection tab that is currently displayed in your browser in the XML Virus (X-Virus) Protection section. ● If attachments are allowed, the second level of protection occurs in the processing rule. A special “Virus Scan” action will extract the attachment from the message and send it to an Internet Content Adaption Protocol (ICAP) compatible virus scanner. If the scanner responds that a virus exists in the attachment, the virus scanning action will either strip the attachment or reject the message (based on configuration settings). Lab 2 - Working with XML Page 51
Page 1 and 2: WebSphere Lab Jam Connectivity WebS
Page 3 and 4: Contents IBM Software CONNECTION PA
Page 5 and 6: Connection Parameters Spreadsheet I
Page 7 and 8: 1.4 Introduction to WebSphere DataP
Page 9 and 10: IBM Software You’re now ready to
Page 11 and 12: There are several areas in the WebG
Page 13 and 14: 1.10 WebSphere DataPower Services I
Page 15 and 16: IBM Software Gateway supports WebSp
Page 17 and 18: cert: Directory Usage IBM Software
Page 19 and 20: __7. Click on the small plus sign t
Page 21 and 22: 1.13 Logging IBM Software WebSphere
Page 23 and 24: ● Trigger a set of actions to occ
Page 25 and 26: 1.13.4 Appliance management IBM Sof
Page 27 and 28: 1.13.8 Configuration Comparison, Ch
Page 29 and 30: Lab 2 Working with XML Prerequisite
Page 31 and 32: 2.1.5 WebSphere DataPower Configura
Page 33 and 34: IBM Software It’s also possible t
Page 35 and 36: Match Rule - evaluate statements us
Page 37 and 38: IBM Software __18. In the Configure
Page 39 and 40: IBM Software __2. Expand the policy
Page 41 and 42: IBM Software __12. In soapUI, click
Page 43 and 44: IBM Software __3. Click the green s
Page 45 and 46: The SQL statement would become: SEL
Page 47 and 48: __2. Click and drag a transform act
Page 49: 2.7 Stylesheet Caching IBM Software
Page 53 and 54: Lab 3 Securing XML Message Content
Page 55 and 56: 3.2.2 Create the Crypto Key and Cer
Page 57 and 58: 3.2.7 Verifying the request signatu
Page 59 and 60: __8. Click the Close Window link to
Page 61 and 62: __12. Click on the small [+] to sho
Page 63 and 64: IBM Software __3. Click on the last
Page 65 and 66: IBM Software __6. In the list of co
Page 67 and 68: __11. Click the Done button in the
Page 69 and 70: Lab 4 Access Control Framework Prer
Page 71 and 72: __3. Double click the yellow outlin
Page 73 and 74: Appendix A. Notices This informatio
Page 75 and 76: Appendix B. Trademarks and copyrigh
Page 77 and 78: NOTES

TEC Workbook - IBM

Create successful ePaper yourself

Delete template?

Save as template?