Services/KeyExchange: Difference between revisions

Jump to navigation Jump to search

Services/KeyExchange (view source)

Revision as of 22:50, 25 October 2010

746 bytes added ,  25 October 2010
→‎Implementation (draft)
Line 347: Line 347:
== Security Considerations ==
== Security Considerations ==


Discuss potential design and implementation threats & mitigations here.
== Security Logging & Defense ==
===DOS Defense===
* Least Recently Used (LRU) approach for monitoring IP addresses issuing frequent requests
** Configurable threshold for adding IP address to Blacklist/Penalty Box
** Configurable time-out for IP addresses added to Blacklist/Penalty Box
** Concern - NAT'ed IP address used by multiple users
=== TearDown DOS Defense ===
* Tear down requires valid channel and valid x-keyexchange-id value
* Statistically unlikely. Channel is 4 characters and keyexchange-id is 255 characters
===Logging Points===
CEF logging even generated for the following:
* Bad action taken against a valid channel id
* Any action taken against an invalid channel id
* Client fallback to original sync method
* IP address sent to black list due to DOS prevention controls
 
 
===Logging Points===
 
 
== Brian's Notes ==
== Brian's Notes ==


Mcoates
Confirmed users
491

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/263123"

Navigation menu