Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Tomcat Web Service Deny of service

Posted on 2011-09-12
4
Medium Priority
?
333 Views
Last Modified: 2012-05-12
Hello everyone,

I developed a web service in Java (jaxws) under tomcat 6.

I want to protect from Denial of service, what is the best solution?

thx,
Ron.
0
Comment
Question by:ron44470
3 Comments
 
LVL 27

Assisted Solution

by:mrcoffee365
mrcoffee365 earned 1000 total points
ID: 36527379
DOS is a network attack.  It's not usual to try to prevent DOS with a servlet engine's configuration.  You prevent DOS by monitoring unusual activity and responding -- usually by throttling access for a while.  Or turning the network connection off.

You should look into the definition of DOS and various network/router/switch solutions:
http://en.wikipedia.org/wiki/Denial-of-service_attack

If you want to restrict access to your site by IP address, then you can configure Tomcat to deny access except for certain IP addresses.  That doesn't prevent DOS, but it limits your exposure.  See this FAQ for info on IP address restriction:
http://wiki.apache.org/tomcat/FAQ/Security
This isn't practical for most sites because they are public, but if yours is a private webapp, then you could do it.
0
 
LVL 65

Accepted Solution

by:
btan earned 1000 total points
ID: 36527839
DOS also happened such that web server (or even web appl) cannot handle malformed packet exhausting their internal resources e.g. web appl is prevented such that a buffer cannot recycle for use and demand of resource is shoring rapidly. There is a previous mention of slowloris HTTP attack that need not necessarily go for high bandwidth @ http://ha.ckers.org/slowloris/ 

Such vulnerability are typically not easy to surface from the normal testing but need more thorough round of testing. OWASP released a testing guide and pg 281 covers denial of service testing. It gives some useful use case checks

@ https://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf

We do want to remove the low hanging fruit that easily trigger off sort of web attack but generally DoS attacks are beyond the scope of what an application developer can prevent within their own code.

There would not be 100% secure codes but minimally developer play their part to adopt secure coding and the overall architecture design adopt a security architecture principle. Check out this OWASP ref and its cheatsheets for the developer

@ https://www.owasp.org/index.php/Security_Architecture_Cheat_Sheet

There are also security tips from Apache HTTP Server configuration settings to help mitigate problems

@ http://httpd.apache.org/docs/2.3/misc/security_tips.html

Overall, I will suggest to look at web application firewall as well for layered defences

@ http://blog.cherouvim.com/simple-dos-protection-with-mod_security/ 



 
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175654
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question