Introducing ShieldID
  • 18 Apr 2023
  • 5 Minutes to read
  • Dark
    Light

Introducing ShieldID

  • Dark
    Light

Article summary

Introducing RapidIdentity ShieldID

Identity Automation is thrilled to announce our newest product offering for RapidIdentity Cloud customers, ShieldID

ShieldID is an optional, fee-based service that's available to all RapidIdentity Cloud customers to purchase and is easily configured for use by customers themselves through the RapidIdentity Portal.

To purchase ShieldID talk with your Customer Success representative or, click here to contact Identity Automation sales.

RapidIdentity ShieldID provides advanced firewall capabilities for RapidIdentity Cloud customers to monitor, filter and ultimately block malicious access attempts and brute force attacks based on a variety of conditions including geographic location.

With ShieldID, RapidIdentity customers can easily:

  • Control Where Users can Login from
  • Visualize Abnormal Network Traffic
  • Rate Limit Traffic from Different Locations
  • Block Anonymous Traffic
  • Block Traffic from Low Reputation Internet Providers

Accessing ShieldID in RapidIdentity

When purchased, ShieldID is accessible for Tenant Administrators by navigating to Configuration > Security > ShieldID.

ShieldID Overview Display

The Overview display in ShieldID shows counts for all inbound HTTP requests into RapidIdentity that were inspected during a selected period of time along with their disposition such as Blocked, Allowed or Rate Limited.

Use the time selector at the top of the chart to select the desired time period to display. Select the ⟳ refresh character and the associated refresh time to have ShieldID automatically update the graph.

ShieldID Overview Screen

Hover over any data point to see the statistics for that time and select one or more data points to create a filter.

ShieldID Rules Configuration

ShieldID comes with Out-of-the-Box, pre-configured rule sets and configurable policies to protect RapidIdentity users from foreign threats, anonymous traffic and malicious bots.

ShieldID Primary Configuration Screen

Tenant Administrators can configure rules by navigating to Configuration > Security > ShieldID.

Rules determine how every web request is handled when matching the criteria defined in the rule and are evaluated and acted upon in priority order.

Note:

Rules are evaluated with every web request and, once a rule is matched, no further rule evaluations are performed for that web request.

Rule Priority 0 - Allowed IP Addresses

Use this rule to explicitly allow specific IP Addresses or a Range of IP Addresses into RapidIdentity.

Click the 3 ellipses ( ⋮ ) next the rule name and select Edit to begin.

In the IP addresses text box, enter one IP address or IP address range per line, in CIDR notation and click Add.

ShieldID supports all IPv4 and IPv6 CIDR ranges except for /0

To remove an IP Address or Range from the rule click the 3 ellipses ( ⋮ ) next to the IP Address or Range and select Delete.

image.png

Click Save when done.

Rule Priority 1 - Blocked IP Addresses

Use this rule to explicitly block specific IP Addresses or Range of IP Addresses from accessing RapidIdentity.

Click the 3 ellipses ( ⋮ ) next the rule name and select Edit to begin.

In the IP addresses text box, enter one IP address or IP address range per line, in CIDR notation and click Add.

ShieldID supports all IPv4 and IPv6 CIDR ranges except for /0

To remove an IP Address or Range from the rule click the 3 ellipses ( ⋮ ) next to the IP Address or Range and select Delete.

image.png

Click Save when done.

Rule Priority 2 - Block Nonlisted Countries

Use this rule to explicitly block specific Countries from accessing RapidIdentity.

ShieldID uses the alpha-2 country codes from the International Organization for Standardization (ISO) 3166 standard. For a list of available country codes supported by ShieldID click here

Click the 3 ellipses ( ⋮ ) next the rule name and select Edit to begin.

Use the Country Code dropdown to select the country code you do NOT want to block and click Add. All other country codes will be blocked.

To remove a Country from the rule click the 3 ellipses ( ⋮ ) next to the Country Code and select Delete.

image.png

Click Save when done.

Comming Soon

This rule is being enhanced to provide even greater flexibility by allowing administrators to specify whether country codes should be included or excluded.

Rule Priority 3 - Rate Limit Login

The Rate Limit Login rule tracks the rate of Login requests for each originating IP address, and triggers the rule action on IPs with rates that go over the limit set.

This rule is used to put a temporary block on Login requests from an IP address that's sending excessive requests.

The Rate Limit Login rule is preconfigured to temporarily block Login requests from a single IP Address that exceed 100 within a 5 minute period of time.

Use the Overview display to highlight the number of Login Requests that are or have been Rate Limited.

image.png

Rule Priority 4 - Rate Limit Forgotten

The Rate Limit Forgotten rule tracks the rate of Forgotten Password requests for each originating IP address, and triggers the rule action on IPs with rates that go over the limit set.

This rule is used to put a temporary block on Forgotten Password requests from an IP address that's sending excessive requests.

The Rate Limit Forgotten rule is preconfigured to temporarily block Forgotten Password requests from a single IP Address that exceed 100 within a 5 minute period of time.

Use the Overview display to highlight the number of Forgotten Password Requests that are or have been Rate Limited.

Rule Priority 5 - Rate Limit Claims

The Rate Limit Claims rule tracks the rate of Claim Account requests for each originating IP address, and triggers the rule action on IPs with rates that go over the limit set.

This rule is used to put a temporary block on Account Claim requests from an IP address that's sending excessive requests.

The Rate Limit Claims rule is preconfigured to temporarily block Claim Account requests from a single IP Address that exceed 100 within a 5 minute period of time.

Use the Overview display to highlight the number of Forgotten Password Requests that are or have been Rate Limited.

Rule Priority 6 - Rate Limit API Session

The Rate Limit API Session rule tracks the rate of API requests for each originating IP address, and triggers the rule action on IPs with rates that go over the limit set.

This rule is used to put a temporary block on *API requests from an IP address that's sending excessive requests.

The Rate Limit API Session rule is preconfigured to temporarily block API requests from a single IP Address that exceed 100 within a 5 minute period of time.

Use the Overview display to highlight the number of API Requests that are or have been Rate Limited.

AWS Managed Rules

These rules are pre-configured for all ShieldID customers.

  • AWS-AWSManagedRulesAmazonIpReputationList

Inspects and blocks traffic from IP addresses that have been identified as bots

  • AWS-AWSManagedRulesCommonRuleSet

Inspects and blocks traffic from IP addresses based on common best practices

  • AWS-AWSManagedRulesAnonymousIpList

Inspects and blocks traffic from IP addresses of sources known to anonymize client information, like TOR nodes, temporary proxies, and other masking services


Was this article helpful?