From CA API Gateway ALG Security Technical Implementation Guide
Part of SRG-NET-000192-ALG-000121
Associated with: CCI-001094
DoS attacks can take multiple forms but have the common objective of overloading or blocking a network or host to deny or seriously degrade performance. If the network does not provide safeguards against DoS attack, network resources will be unavailable to users.
Open the CA API Gateway - Policy Manager. Check the lower-left corner of the CA API Gateway - Policy Manager to see if a Global Policy is set that includes an "Apply Rate Limit" Assertion. (Global policies are displayed with a green icon beside their name.) If the policy does not exist, this is a finding. If it does exist, verify the Rate Limits are set to meet the organization's security requirements for DoS attacks. Also check each Registered Service requiring additional safeguards such as quota limits and message size limitation to verify the "Apply Throughput Quota" and "Limit Message Size" Assertions have been added and configured to meet organizational requirements. If they have not, this is also a finding.
Open the CA API Gateway - Policy Manager. Select "Tasks" from the main menu and choose "Create Policy". Give the policy a name and select "Global Policy Fragment" from the Policy Type drop-down menu. Select "message-received" from the Policy Tag drop-down menu and click "OK". Drag the "Apply Rate Limit" Assertion into the newly created Global Policy Fragment. Set the "Maximum requests per second" and/or "Maximum concurrent requests" and/or "Limit each:" values to meet the organization's requirements to protect against DoS attacks. Click "Save and Activateā€¯. Also double-click each Registered Service requiring additional safeguards, such as quota limits message size limitations, to verify/add the "Apply Throughput Quota" and "Limit Message Size" Assertions and configure their settings in accordance with organizational requirements.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer