AppSuite:OX Abuse Shield

From Open-Xchange
Revision as of 07:10, 16 June 2016 by Khgras (talk | contribs)

API status: In Development

Dovecot Anti Abuse Shield (soon to be released)

Dovecot Anti-Abuse Shield is included along with Dovecot Pro and OX App Suite as a component to protect against login/authentication abuse.

Anti-Abuse Shield runs on a cluster of servers, and integrates with both OX App Suite and Dovecot to detect abuse, brute force attacks and also to enforce common authentication/authorization policies across the platform.

Key Features

Features of Dovecot Anti-Abuse Shield include:

  • Replicated/clustered architecture – Login reports are shared between all the servers in a cluster so there is a single view of abuse
  • Scriptable Policy Language – Using the Lua language, the functionality of the daemon can be extended to record and protect against a large variety of abusive behavior, as well as implement specific customer policies.
  • DNS Lookup Feature – For looking up IPs or domains in blacklists
  • GepIP Lookup Feature – GeoIP lookups can be made, and incorporated into policy decisions.
  • Ratelimiting and Tarpitting – Extremely flexible, these can be enabled and enforced based on IP address, login name, geoip location, time windows, etc.
  • Flexible In-Memory Statistics Database – A versatile and extensible in-memory database is used to store statistics information about abuse over time periods from a few minutes to many hours.
  • Integration with Customer Authentication/Authorization Systems – Customers can use the open HTTP REST API to benefit from the protection of the anti-abuse daemon in their own authentication/authorization systems.
  • Admin Console – To retrieve statistics and query server state

Pricing and availability

Please contact Open-Xchange Sales for further information and pricing details.

In General

The goal of Dovecot Anti-Abuse Shield is to detect brute forcing of passwords across many servers, services and instances, as well as enforce policy for authentication and authorization. In order to support the real world, brute force detection policy can be tailored to deal with "bulk, but legitimate" users of your service, as well as botnet-wide slowscans of passwords.

Here is how it works:

  • Report successful logins via JSON http-api
  • Report unsuccessful logins via JSON http-api
  • Query if a login should be allowed to proceed, should be delayed, or ignored via JSON http-api

Various other API functions are available, please see https://documentation.open-xchange.com/7.8.2/middleware/components/weakforced.html for full API documentation.

OX App Suite and Dovecot's POP/IMAP server are pre-integrated with Dovecot Anti-Abuse Shield. For more information on how to configure them to work with Anti-Abuse Shield, see \<ref for AppSuite doc\> and http://wiki2.dovecot.org/Authentication/Policy.