The traditional way that IT security defense is deployed is as a protective measure that simply prevents an attacker from doing something they shouldn’t be allowed to do. The approach taken by Juniper Networks’ Mykonos software is somewhat different. Instead of simply preventing attackers from getting what they what, Mykonos aims to trap attacks in feedback loops that go nowhere.
In a new release of Mykonos, the software is now going a step further, with a series of new protections that make it even more difficult and time consuming for attacker going after two common attack vectors, directory traversal and brute-force authentication. The new release is the first since Mykonos was acquired by Juniper in February for $80 million in cash.
In a directory traversal attack, hackers are running tools against a site trying to spider it and get a map of all the hidden files and directories that are present. The risk is that files that are normally not exposed can be discovered and that could represent an unintended information disclosure risk. Kyle Adams, Chief Architect of Mykonos told eSecurityPlanet that the risk of directory traversal is not something that a Google search would typically expose.
Adams explained that in a directory traversal attack, attackers have a list of common files names that are searched for with a custom tool. These are files that are not linked anywhere else is a site and could include items that are not intended for public disclosure.
“What we’re doing is identifying people that are probing for random files that don’t exist,” Adams said. “Once we identify the attacker, then the Mykonos system responds back that the files do exist.”
Since the tool is recursive, it would send the attacker on a feedback loop that could last forever. So if the attacker is looking for an admin file they will find a bogus file created by Mykonos that goes nowhere.
“Google will only spider resources that are referenced from the site,” Adams said. “Google will not say there is a readme file if it’s not reference anywhere, whereas that hacker tool will pick that file up.”
Legitimate searchers are not likely to be requesting a large number of files that don’t exist, which limits the risk of blocking real users. The Mykonos system identifies the malicious directory traversal attempt based on the number of attempts.