Websites that can self-defend against attackers: Video

Summary:If a website falls under attack by a hacker, why shouldn't it be able to respond? Juniper Networks shows ZDNet how businesses can fight back against common website attacks and help others know what is coming.

Australian banks like the National Australia Bank have said that organisations should look at the early warning signs of an attack and take action, but no one does.

However, according to Juniper Networks' Director of product management Swastik Bihani, not only is it possible to detect and take action when an attacker targets a website, today's technology allows companies to slow their attacker down, profile them, and even share information to prevent completely separate businesses from being attacked by the same person.

In a technical demonstration session with ZDNet, Bihani shows how traditional web application firewalls fail to prevent simple but common SQL injection attacks, and how businesses can instead mislead would-be attackers in order to give up more information about themselves.

After identifying an attack, businesses now have several options to protect themselves according to the capabilities of their attacker. Bihani told ZDNet that depending on the business' risk appetite, they could scale up their response to an attacker's actions accordingly.

For example, Bihani said that a curious developer might change a few input fields or URL parameters without intending to do any damage, so a company that finds that activity acceptable may allow them continue using their site, but just monitor what they do. On the other hand, more sophisticated honeypot situations could be set up, such as fake access control lists with hashed passwords, and if an attempt was made to break them, the business would know they were under attack by someone who has malicious intent.

Topics: Security

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.