Client reputation

At any given moment, up to 30% of the world’s internet traffic is flowing through Akamai services. This provides Akamai with an abundance of information about user activity and a deep insight that is foundational to Akamai’s Cloud Security Intelligence. Hosted Login can leverage this intelligence to better protect your user authentication with a tool called Client Reputation.

With Client Reputation, user IP addresses have a set of risk scores associated with them based on observed behavior. There are four (4) categories of risk scores:

Category Description of risk behavior
DOSATCK A web client or botnet that uses automated tools to launch volumetric Denial of Service (DoS) attacks.
SCANTL Scanning tool that probes web apps for vulnerabilities during an attack’s reconnaissance phase.
WEBATCK Web attack that targets websites and web apps with techniques like SQL injection, remote file inclusion, or cross-site scripting.
WEBSCRP Web scraper that crawls sites and collects data like hotel rates, product prices, store locations, and more.

Each of these categories is given a score from 1 to 10. Generally speaking, this score can be interpreted as follows:

Risk Score General interpretation
1-4 Low risk of this behavior, no need to worry
5-7 Medium risk of this behavior, good to monitor
8-10 High risk of this behavior, recommended to take action

You can learn more about Client Reputation here.

With Hosted Login, you can take action against risky clients by stepping up the level of authentication required for a user based on their Client Reputation score(s).

For example:

  • User A comes to your site and logs in with a password. Hosted Login can see they have a DOSATCK score of 9, so it prompts them to complete the 2FA process.
  • User B comes to your site and logs in with a password. Because they have a DOSATCK score of 2, they’re immediately authenticated. Client Reputation scenarios | Icons by Font Awesome, see fontawesome.com/license

Configure Client Reputation

For each Client Reputation category you’d like to assess upon login, complete the following steps:

  1. Navigate to your application in the Identity Cloud Console
  2. Navigate to MANAGE PROPERTIES
  3. Click the Actions menu ( ) for your Login Client and select Edit. This will take you to the page for viewing and editing your property. View/Edit property in Console
  4. Click the EDIT SETTINGS button at the bottom of the Settings section
  5. Click the Add Setting icon (Add Setting button). This will add a new line to the bottom of the list.
  6. Type or paste in one of the following setting names, depending on which Client Reputation category you’d like to enable:
    • authentication.risk.client_reputation_threshold.DOSATCK
    • authentication.risk.client_reputation_threshold.SCANTL
    • authentication.risk.client_reputation_threshold.WEBATCK
    • authentication.risk.client_reputation_threshold.WEBSCRP
  7. Click on the Create authentication.risk.client_reputation_threshold.CATEGORY. popup Create Client Reputation setting in Console
  8. Type in the value for this setting, which is a number from 1 to 10
    • This number is the allowed threshold - the maximum score you want to allow without triggering 2FA. When user IPs with a score greater than this value attempt to authenticate, Hosted Login will prompt the user to complete 2FA.
    • In the example below, users with a score up to 8 will pass. Users with a score of 9 or 10 will trigger 2FA. Client Reputation setting value in Console
  9. Click the Save icon (Save button)

Note that you need only add the settings for the Client Reputation values you care about. For example, web scrapers can be used for benign purposes, and if your site has no history of problems with such tools, you may choose not to set a threshold for this.

Currently, when any of the configured thresholds are met, Hosted Login will prompt the user to complete the 2FA process. In the future, you will be able to configure alternative actions for Hosted Login to take. This guide will be updated as additional options become available.