V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks
|
|
- Rolf Nichols
- 8 years ago
- Views:
Transcription
1 Enabling Precise Defense against New DDoS Attacks
2 1 Key Points: DDoS attacks are more prone to targeting the application layer. Traditional attack detection and defensive measures fail to defend against these types of DDoS attacks. Executive Summary: The fast growing prosperity of cloud computing is accompanied by a surge in the provision of Internet as well as DDoS attacks and their variants. DDoS attacks are more prone to targeting the application layer especially WEB and DNS services, launched mainly out of malicious competition. Profitable online services are allegedly undergoing more and longer attacks, according to Huawei Cloud Security Center. Currently, various functional evasion techniques are used on botnets to keep them alive longer. Typical techniques used are the domain generation algorithm (DGA) and Fast-flux techniques, which quickly replace C&C server IP address. The common defensive measure of shutting down the C&C server (source of attacks) does not work effectively when dealing with DDoS attacks launched using botnets. Since traditional attack detection and defensive measures fail to defend against new types of DDoS attacks, there is rapidly growing demand for new defensive measures which provide accurate detection and correct identification of attacks.
3 Trend of DDoS Attacks 1. Application services are suffering more DDoS attacks with light traffic and low speed. Carrier networks and their basic architecture and infrastructure have historically been the target of DDoS attacks. In more recent times, internet applications and services, such as enterprise website, online shopping, streaming services, online gaming, DNS, and have increasingly become prime targets of DDoS attacks. Web-targeted DDoS attacks have accounted for over 87.11% DDoS attacks, according to the latest security report released by Huawei. Hackers have been seen to prefer more elusive attacks requiring lower bandwidth and lighter traffic because they can achieve their attack goals while maintaining low costs. By exploiting vulnerabilities of commonly-used flow detection techniques, applicationtargeted attacks that have light traffic and low bandwidth are prevailing. Packets have to be verified one by one to detect DDoS attacks at the application layer. 2. DDoS attacks are becoming increasingly complex. More simulated Http attacks: Before launching attacks, hackers usually select WEB servers and perform tests to discover their vulnerabilities. They proceed to exploit these vulnerabilities by repurposing ghost servers and resources to exhaust the system's computing resources. In the meantime of achieving attack effects, they hide the attack sources by instructing botnet computers to send normal-like requests to the WEB servers over proxy servers. Such attacks have a relatively low access rate but a sufficiently large volume of access requests will exhaust the server s computing resources, and consequently result in a denial of service. 2 Trends: 1) Application services are suffering more DDoS attacks with light traffic and low speed. 2) DoS attacks are becoming increasingly complex. Traditional defenses technologies such as source detection and proxies cannot effectively counter such attacks while a source reputation assessment system does, which is capable of handling such attacks with high efficiency and precision. Minnow-for-whale DNS Cache Miss attack: Second to WEB-targeted DDoS attacks in terms of popularity, DNS-targeted DDoS attacks are launched by sending a large volume of non-existing domain names to be queried to the DNS server aimed at increasing its workload. This prevents legitimate queries to the DNS Server from querying the cache preventing them from resolving domain names. DNS-targeted attacks are intended to hit authoritative DNS servers that are used by online services. Such attacks lead to online service failures and also bring down other Internet services that depend on domain name resolution. This form of attack encompasses the largest scope of impact, severely affecting services and infrastructure down to the most basic architecture of Internet. The Kmplayer event in 2009 is an example of typical of a DNS Cache Miss attack. To effectively defend against DNS-targeted attacks, both proactive and responsive countermeasures shall be taken such as attack detection and analysis based on source reputation, session reputation, and behavior analysis.
4 3 Insufficiency of traditional defenses technical: 1) Maintaining a good user experience while eliminating terminal misjudgment makes defense against Http attacks extremely difficult. 2) Identification of spoofing sources is hard for DNS Cache Miss attack defense. 2) Insufficient session techniques hardly detect light-traffic attacks. Insufficiency of traditional defenses against new DDoS attacks 1. Maintaining a good user experience while eliminating terminal misjudgment makes defense against Http attacks extremely difficult. Defending against Http attacks aimed at e-commerce websites must avoid terminal misjudgment while eliminating all impacts on user experience. Presently, techniques such as URL redirection and code verification are commonly used to defend against Http attacks. However, the web page displayed during verification cannot carry any information, which impacts user experience. Most importantly, many users access e-commerce systems using their smartphones as a result of their high mobility and availability. Smartphones, however, do not completely implement the HTTP application protocol stack and in most cases do not support redirection. This means that such a common defensive measure may interrupt or completely prevent the access of mobile terminal users. Being aware of such a prominent vulnerability, hackers may launch attacks by disguising themselves as mobile smart terminals with full knowledge that it would be harder to defend the DDoS attacks that target mobile web applications. To accurately identify Http attacks while maintaining a good user experience, other countermeasures like smart terminal identification, application-layer IP reputation, and session analysis must be implemented. 2. Identification of spoofing sources is hard for DNS Cache Miss attack defense. DNS querying is based on UDP protocol which is connectionless, thus presents a challenge in defending against DNS Cache Miss attacks. A common countermeasure taken to prevent DNS Cache Miss Attacks is to change UDP requests into TCP requests to verify the sources. However, as seen on live networks, most DNS clients do not support TCP, preventing this countermeasure from being physically applicable. If a hacker launches a Cache Miss attack at the DNS authorization server by simulating or using a
5 real DNS buffer server, defending against such an attack will be extremely difficult. An effective source reputation mechanism is required such that source reputation is analyzed for an ongoing session to distinguish between unauthorized and authorized accesses. 3. Insufficient session techniques hardly detect light-traffic attacks. Among botnet based DDoS attacks, light-traffic attacks are the hardest to defend against. They usually carry genuine IP addresses and exploit application access vulnerabilities (after three handshakes with the application server). Such attacks can only be detected through ongoing session monitoring and user behavior analysis. Detecting and eliminating such attacks requires more precise defenses and better performance on security devices than common attacks. At this moment, no vendor provides sufficient session monitoring techniques capable of detecting and defending against light-traffic attacks. Huawei V-ISA Reputation Mechanism, a Powerful Technique to Defend Against New DDoS Attacks 4 Based on professional software and hardware platforms with traditional competitive edges, Huawei anti-ddos solution introduces the first V-ISA reputation security system in the industry and unique anti-ddos product featuring advanced detection mechanisms all while delivering over 100 Gbit/s of performance on a single device. This solution provides a powerful tool for carriers, enterprises, and data centers to accurately defend against new DDoS attacks. 1. Working mechanism of the V-ISA In most cases, the system learns the characteristics of Layer-3, Layer-4, and Layer-7 traffic and sets up service access models of the protected IP addresses, including service access models of sources. Then the system compares traffic statistics with the service models to detect anomalies. To prevent any impact on customer experiences, the system gives top N traffic with good reputations bonus points during traffic model learning. When a security event occurs, the solution ensures that access from users with a good reputation is permitted and reputation authentication, behavior analysis, and session reputation are implemented to identify suspicious sources that exceed the source access baseline. Identifiable attacks include the botnet attacks with forged or real sources and the lowrate attacks simulating access from legitimate users. With the V-ISA reputation security mechanism, no legitimate access is blocked and no attacks are permitted. Huawei V-ISA Reputation Mechanism: 1) Multi-tenant-based anti-ddos and operation. 2) IP reputation-based defense against DDoS launched by botnets. 3) Defense against Session reputation-based low-rate attacks. 4) Defense against Behavior reputationbased application attacks.
6 2. Components of the V-ISA reputation security system In Huawei V-ISA reputation detection system V, short for Virtual, indicates that Huawei anti- DDoS system can implement security protection and operation in cloud computing multi-tenant scenario; I, short for IP, indicates that the system provides IP reputationbased botnet defense; S, short for Session, indicates that the system provides session reputation-based low-rate attack defense; A, short for Application, indicates that the system provides behavior reputation-based application attack defense. Multi-tenant-based anti-ddos and operation: The Zone concept of Huawei anti- DDoS system echoes with the tenant concept of cloud computing. The system provides customized defense policies, defense thresholds, and reports, supports the regular sending of customized reports, and provides a report self-service portal. IP reputation-based defense against DDoS launched by botnets: Based on botnet detecting technologies and anti-ddos blacklists, the system generates a "zombie" IP address database. From the active time of IP addresses, the system can tell zombie activation time. Then the system adds the active IP addresses to the address list to filter malicious traffic. This technology filters out malicious traffic without source authentication to prevent authentication impacts on legitimate services. In addition, the direct filtering technology provides a vantage point from which it is possible to defend against mobile botnets since the traditional authentication scheme is in adequate. To prevent detrimental impacts on customer experience, Huawei anti- DDoS system employs a customer reputation mechanism. Before attacks are launched, the system adds the IP addresses of customers with large volumes of traffic and legitimate behaviors to an IP reputation list to ensure that traffic generated by these customers is rapidly forwarded. If used for mobile application and e-commerce website protection in case of mobile terminal access, this technology not only improves the defense efficiency but also lowers the number of false positives to the lowest extent possible today. Defense against Session reputation-based low-rate attacks: Low-rate attacks target at TCP applications. This type of attacks are launched by a massive number of zombies, each equipped with small volume of traffic, resulting in low traffic rates which are uneasy to detected. Typical representatives include SSL-DoS/DDoS, HTTP slow headers/post attack, HTTP retransmission, and Sockstress attacks. Huawei anti-ddos system sets up a session table for all suspicious sources that pass source authentication and are excluded from forged sources, records session indicators for these sources, analyzes abnormal behavior statistics, and proceeds to block packets from these sources if their anomaly counts exceed the predefined limit. This anti-ddos system features accurate differentiation between infected traffic and legitimate traffic without returning any false positives or false negatives, unlikely to be detected by competing vendors. Huawei is one of the few vendors that provide a complete session defense mechanism capable of detecting can detect anomalies in ongoing sessions. Defense against Behavior reputation-based application attacks: This behavior-based defense technology works by analyzing and comparing patterns generated by user and zombie behaviors. The resources accessed by legitimate users have no specific order and the access frequency is random. However, zombie behaviors are designed, ordered and have specific targets. Therefore, the accessed resources and access frequency are fixed. Although the rate of a single source may be low, the QPS is high. Whitelist & blacklist First packet drop Source authentication Portion statistics Session reputation Whitelist Blacklist No match Operation by list Client AntiDDoS Client AntiDDoS 1 st SYN SYN SYN ACK 2 nd SYN wrong SEQ RST No reply Client AntiDDoS SYN/ACK/RST N link Data transfer N link Normal = N data Over high N data Client AntiDDoS TCP handshake Data transfer Session record List out of session reputation and source authentication results Drops the first SYN packet and records simple info Cookie bounce, verifying the source Statistics on the portion of packets for session to packets data trams mission Whitelist generated for Top N sessions Off previously identified attack packets Off 80% fake source attack packets Off 10% repeated fake source attack packets Off 10% true source attack packets Session credits generated High performance Avoiding full traffic bounce authentication, saving bandwidth Behavior analysis + session reputation, complete and effective
7 As long as the model is correct, the behavior analysis technology does not have any adverse impact user experience. In most cases, behavior analysis is used with session reputation and source authentication to enhance defense accuracy. For example, behavior analysis can detect attack sources that pass the transport-layer source authentication but have abnormal TCP packet rates. To protect the HTTP server on a fixed network, source behavior analysis can be configured to redirect the packets that exceed the source access baseline. Similarly, in the DNS defense scenario, behavior analysis can be configured to detect DNS servers under attack and function with source authentication on the suspicious sources to minimize impact on legitimate user accesses. In conclusion, a complete behavior analysis involves multi-dimensional analysis and usually needs to function with source authentication. Consequently, this has high requirements on device performance. Due to high costs of development and limited security capabilities, most security vendors are unable to produce anti-ddos products capable of conducting fine-tuned behavior analysis, preventing them from conducting a world class defense against attacks. Huawei anti-ddos devices, employs the industry-leading distributed multi-core architecture, integrate four high-performance CPUs on each SPU to deliver 10 Gbit/s application-layer behavior analysis capabilities, which set it in a class of its own, delivering a world class, complete anti-ddos defense suite. Conclusion Empowered by the V-ISA reputation detection system, Huawei anti-ddos solution provides powerful and intelligent defense mechanisms with seven protection layers specific to each of the seven OSI layers for a complete anti-ddos defense: deformed packet filtering, by-feature packet filtering, application-layer source authentication, source authentication, session analysis, behavior analysis, and smart rate limiting. Deformed packet filtering: filters non-standard packets. By-feature packet filtering: identifies attack traffic (by analyzing for its unique fingerprint using Huawei-proprietary fingerprint learning and comparing algorithm), and filters packets by customized attributes such as IP addresses and ports. Application-layer source authentication and source authentication: verify the source IP address and the intention of access. Session analysis and behavior analysis: check for features of DDoS attacks targeting TCP connections and applications. DDoS attacks usually have a light traffic, constant access frequency, and same destination resource. The analysis techniques effectively defend against botnet DDoS attacks that are usually undercovered by means of evasion. Smart rate limiting: limits and controls access to heavy traffic to ensure availability of servers. 5 In all, Huawei anti-ddos solution provides complete DDoS defense by cleansing traffic layer by layer while maintaining consistent quality of user access. References: 2013 Botnets and DDoS Attacks Report.pdf Huawei AntiDDoS Solution
8 Copyright Huawei Technologies Co., Ltd All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademark Notice, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd. Other trademarks, product, service and company names mentioned are the property of their respective owners. General Disclaimer The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. HUAWEI TECHNOLOGIES CO., LTD. Huawei Industrial Base Bantian Longgang Shenzhen , P.R. China Tel: Version No.: M C-1.0
AntiDDoS1000 DDoS Protection Systems
AntiDDoS1000 DDoS Protection Systems Background and Challenges With the IT and network evolution, the Distributed Denial of Service (DDoS) attack has already broken away from original hacker behaviors.
More informationEudemon8000E Anti-DDoS SPU
Today's network attack varieties and intensities grow exponentially. Distributed Denial of Service (DDoS) attacks in 2010 swallowed 100G bandwidths, experiencing a 1000% increase over 2005. The diversified
More informationDDoS Protection Technology White Paper
DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of
More informationHuawei Traffic Cleaning Solution
Huawei Traffic Cleaning Solution Copyright Huawei Technologies Co., Ltd. 2011. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written
More informationHUAWEI OceanStor 9000. Load Balancing Technical White Paper. Issue 01. Date 2014-06-20 HUAWEI TECHNOLOGIES CO., LTD.
HUAWEI OceanStor 9000 Load Balancing Technical Issue 01 Date 2014-06-20 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2014. All rights reserved. No part of this document may be
More informationAcquia Cloud Edge Protect Powered by CloudFlare
Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....
More informationCloudFlare advanced DDoS protection
CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationAntiDDoS8000 DDoS Protection Systems
AntiDDoS8000 DDoS Protection Systems Background and Challenges With the IT and network evolution, the Distributed Denial of Service (DDoS) attack has already broken away from original hacker behaviors.
More informationBig Data for Big Security
Big Data for Big Security HUAWEI NEXT GENERATION ANTI-DDOS SOLUTION Index DDOS ATTACK AND DEFENSE INFOGRAPHIC HUAWEI 2013 SECURITY RESEARCH REPORT DDOS PREVENTION BASED ON BIG DATA HUAWEI NEXT GENERATION
More informationVALIDATING DDoS THREAT PROTECTION
VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationHow To Protect A Dns Authority Server From A Flood Attack
the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point
More informationDenial of Service Attacks
2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationComplete Protection against Evolving DDoS Threats
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
More informationCS 356 Lecture 16 Denial of Service. Spring 2013
CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationEudemon1000E Series Firewall HUAWEI TECHNOLOGIES CO., LTD.
HUAWEI TECHNOLOGIES CO., LTD. Product Overview The Eudemon1000E series product (hereinafter referred to as the Eudemon1000E) is a new generation of multi-function security gateway designed by Huawei to
More informationJUST FOR THOSE WHO CAN T TOLERATE DOWNTIME WE ARE NOT FOR EVERYONE
WE ARE NOT FOR EVERYONE JUST FOR THOSE WHO CAN T TOLERATE DOWNTIME Don t let a DDoS attack bring your online business to a halt we can protect any server in any location DON T GET STUCK ON THE ROAD OF
More informationUnited Security Technology White Paper
United Security Technology White Paper United Security Technology White Paper 1 Challenges...6 1.1 Security Problems Caused by Mobile Communication...6 1.2 Security Fragmentation Problems...8 2 United
More informationHUAWEI TECHNOLOGIES CO., LTD. Anti-DDoS Solution
HUAWEI TECHNOLOGIES CO., LTD. Anti-DDoS Solution 1 Anti-DDoS Solution Dear Huawei Employees, Heartiest Congratulations to the Huawei team for the successful vision and ingenuity demonstrated in attaining
More informationEudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD.
Eudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD. Product Overview Faced with increasingly serious network threats and dramatically increased network traffic, carriers' backbone networks,
More informationSecurity Technology White Paper
Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without
More informationHuawei Eudemon200E-N Next-Generation Firewall
Huawei 200E-N Next-Generation Firewall With the popularity of mobile working using smartphones and tablets, mobile apps, Web2.0, and social networking become integral parts of works. This change in IT
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationWhite paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.
TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...
More informationDistributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment
Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment Keyur Chauhan 1,Vivek Prasad 2 1 Student, Institute of Technology, Nirma University (India) 2 Assistant Professor,
More informationDDoS Attack and Its Defense
DDoS Attack and Its Defense 1 DDoS attacks are weapons of mass disruption. The DDoS attack has long been a big main threat to security of the Internet. It is not expensive and easy to be used for achieving
More information2013 Botnets and DDoS Attacks Report
2013 Botnets and DDoS Attacks Report 1 Report Overview Expert Perspectives In the first half of 2013, global botnets remained small, local, and specialized in comparison to the previous year. The standard
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationHow To Block A Ddos Attack On A Network With A Firewall
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
More informationNetwork Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015
Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan April 23, 2015 1 / 24 Secure networks Before the advent of modern telecommunication network,
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More informationDenial of Service attacks: analysis and countermeasures. Marek Ostaszewski
Denial of Service attacks: analysis and countermeasures Marek Ostaszewski DoS - Introduction Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended
More informationWhitePaper. Mitigation and Detection with FortiDDoS Fortinet. Introduction
WhitePaper DDoS Attack Mitigation Technologies Demystified The evolution of protections: From inclusion on border devices to dedicated hardware+behavior-based detection. Introduction Distributed Denial
More informationApplication Security Backgrounder
Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
More informationNSFOCUS Web Application Firewall White Paper
White Paper NSFOCUS Web Application Firewall White Paper By NSFOCUS White Paper - 2014 NSFOCUS NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect
More informationProtecting Against Application DDoS Attacks with BIG-IP ASM: A Three-Step Solution
Protecting Against Application DDoS Attacks with BIG-IP ASM: A Three-Step Solution Today s security threats increasingly involve application-layer DDoS attacks mounted by organized groups of attackers
More informationDoS: Attack and Defense
DoS: Attack and Defense Vincent Tai Sayantan Sengupta COEN 233 Term Project Prof. M. Wang 1 Table of Contents 1. Introduction 4 1.1. Objective 1.2. Problem 1.3. Relation to the class 1.4. Other approaches
More informationFirewall Testing Methodology W H I T E P A P E R
Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness
More informationHow To Stop A Ddos Attack On A Website From Being Successful
White paper Combating DoS/DDoS Attacks Using Cyberoam Eliminating the DDoS Threat by Discouraging the Spread of Botnets www.cyberoam.com Introduction Denial of Service (DoS) and Distributed Denial of Service
More informationSHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper
SHARE THIS WHITEPAPER On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper Table of Contents Overview... 3 Current Attacks Landscape: DDoS is Becoming Mainstream... 3 Attackers Launch
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationFirewall Firewall August, 2003
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
More informationSession Hijacking Exploiting TCP, UDP and HTTP Sessions
Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being
More informationProduct Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity
NIP IDS Product Overview The Network Intelligent Police (NIP) Intrusion Detection System (IDS) is a new generation of session-based intelligent network IDS developed by Huaweisymantec. Deployed in key
More informationQuality Certificate for Kaspersky DDoS Prevention Software
Quality Certificate for Kaspersky DDoS Prevention Software Quality Certificate for Kaspersky DDoS Prevention Software Table of Contents Definitions 3 1. Conditions of software operability 4 2. General
More informationNSFOCUS Anti-DDoS System White Paper
White Paper NSFOCUS Anti-DDoS System White Paper By NSFOCUS White Paper - 2014 NSFOCUS NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect to
More informationSECURING APACHE : DOS & DDOS ATTACKS - I
SECURING APACHE : DOS & DDOS ATTACKS - I In this part of the series, we focus on DoS/DDoS attacks, which have been among the major threats to Web servers since the beginning of the Web 2.0 era. Denial
More informationRadware s Attack Mitigation Solution On-line Business Protection
Radware s Attack Mitigation Solution On-line Business Protection Table of Contents Attack Mitigation Layers of Defense... 3 Network-Based DDoS Protections... 3 Application Based DoS/DDoS Protection...
More informationFirst Line of Defense
First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Powerful web-based security analytics portal with easy-to-read security dashboards Proactive
More informationHow To Protect Yourself From A Dos/Ddos Attack
RELEVANT. INTELLIGENT. SECURITY White Paper In Denial?...Follow Seven Steps for Better DoS and DDoS Protection www.solutionary.com (866) 333-2133 In Denial?...Follow Seven Steps for Better DoS and DDoS
More informationStop DDoS Attacks in Minutes
PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)
More informationApplication DDoS Mitigation
Application DDoS Mitigation Revision A 2014, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Volumetric vs. Application Denial of Service Attacks... 3 Volumetric DoS Mitigation...
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationDDoS Protection on the Security Gateway
DDoS Protection on the Security Gateway Best Practices 24 August 2014 Protected 2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by
More informationTDC s perspective on DDoS threats
TDC s perspective on DDoS threats DDoS Dagen Stockholm March 2013 Lars Højberg, Technical Security Manager, TDC TDC in Sweden TDC in the Nordics 9 300 employees (2012) Turnover: 26,1 billion DKK (2012)
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More information1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?
Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against
More informationCSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks
CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic
More information1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
More informationArbor s Solution for ISP
Arbor s Solution for ISP Recent Attack Cases DDoS is an Exploding & Evolving Trend More Attack Motivations Geopolitical Burma taken offline by DDOS attack Protests Extortion Visa, PayPal, and MasterCard
More informationHow Cisco IT Protects Against Distributed Denial of Service Attacks
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationAnalysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks
Analysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks Sau Fan LEE (ID: 3484135) Computer Science Department, University of Auckland Email: slee283@ec.auckland.ac.nz Abstract A denial-of-service
More informationFederal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks
Threat Paper Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks Federal Computer Incident Response Center 7 th and D Streets S.W. Room 5060 Washington,
More informationProtect your network: planning for (DDoS), Distributed Denial of Service attacks
Protect your network: planning for (DDoS), Distributed Denial of Service attacks Nov 19, 2015 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationHillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis
Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,
More informationWeb Application Level Approach against the HTTP Flood Attacks IOSEC HTTP Anti Flood/DoS Security Gateway Module
Web Application Level Approach against the HTTP Flood Attacks IOSEC HTTP Anti Flood/DoS Security Gateway Module While HTTP Flood and DoS attacks are spreading nowadays, there is a new attack surface reduction
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationMONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN
MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN Kanika 1, Renuka Goyal 2, Gurmeet Kaur 3 1 M.Tech Scholar, Computer Science and Technology, Central University of Punjab, Punjab, India
More informationAttack and Defense Techniques
Network Security Attack and Defense Techniques Anna Sperotto, Ramin Sadre Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attack Taxonomy Many different kind of
More informationGuidelines for Web applications protection with dedicated Web Application Firewall
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
More informationHow valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks
How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks Stop DDoS before they stop you! James Braunegg (Micron 21) What Is Distributed Denial of Service A Denial of Service attack (DoS)
More informationA Novel Distributed Denial of Service (DDoS) Attacks Discriminating Detection in Flash Crowds
International Journal of Research Studies in Science, Engineering and Technology Volume 1, Issue 9, December 2014, PP 139-143 ISSN 2349-4751 (Print) & ISSN 2349-476X (Online) A Novel Distributed Denial
More informationNetwork Bandwidth Denial of Service (DoS)
Network Bandwidth Denial of Service (DoS) Angelos D. Keromytis Department of Computer Science Columbia University Synonyms Network flooding attack, packet flooding attack, network DoS Related Concepts
More informationDenial Of Service. Types of attacks
Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service
More informationBlocking DNS Messages is Dangerous
Blocking DNS Messages is Dangerous Florian Maury, Mathieu Feuillet October 5-6, 2013 F Maury, M Feuillet Blocking DNS Messages is Dangerous October 5-6, 2013 1/25 ANSSI Created in 2009, the ANSSI is the
More informationDoS/DDoS Attacks and Protection on VoIP/UC
DoS/DDoS Attacks and Protection on VoIP/UC Presented by: Sipera Systems Agenda What are DoS and DDoS Attacks? VoIP/UC is different Impact of DoS attacks on VoIP Protection techniques 2 UC Security Requirements
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationSecuring Your Business with DNS Servers That Protect Themselves
Product Summary: The Infoblox Secure DNS Solution mitigates attacks on DNS servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate queries.
More informationA Primer for Distributed Denial of Service (DDoS) Attacks
A Primer for Distributed Denial of Service (DDoS) Attacks Hemant Jain, VP of Engineering Sichao Wang, Director of Product Management April 2012, Fortinet, Inc A Primer for Distributed Denial of Service
More informationACHILLES CERTIFICATION. SIS Module SLS 1508
ACHILLES CERTIFICATION PUBLIC REPORT Final DeltaV Report SIS Module SLS 1508 Disclaimer Wurldtech Security Inc. retains the right to change information in this report without notice. Wurldtech Security
More informationWharf T&T Limited DDoS Mitigation Service Customer Portal User Guide
Table of Content I. Note... 1 II. Login... 1 III. Real-time, Daily and Monthly Report... 3 Part A: Real-time Report... 3 Part 1: Traffic Details... 4 Part 2: Protocol Details... 5 Part B: Daily Report...
More informationDDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT
DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad
More informationDenial of Service Attacks. Notes derived from Michael R. Grimaila s originals
Denial of Service Attacks Notes derived from Michael R. Grimaila s originals Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident
More informationDDoS DETECTING. DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. [ Executive Brief ] Your data isn t safe. And neither is your website or your business.
[ Executive Brief ] DDoS DETECTING DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. Your data isn t safe. And neither is your website or your business. Hacking has become more prevalent and more sophisticated
More informationModern Denial of Service Protection
Modern Denial of Service Protection What is a Denial of Service Attack? A Denial of Service (DoS) attack is generally defined as a network-based attack that disables one or more resources, such as a network
More informationMultimedia Communication in the Internet. SIP Security Threads. Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS 1
Multimedia Communication in the Internet SIP Security Threads Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS 1 Denial of Service Prevent service availability Software vulnerabilities
More informationSurviving DNS DDoS Attacks. Introducing self-protecting servers
Introducing self-protecting servers Background The current DNS environment is subject to a variety of distributed denial of service (DDoS) attacks, including reflected floods, amplification attacks, TCP
More informationHow To Understand A Network Attack
Network Security Attack and Defense Techniques Anna Sperotto (with material from Ramin Sadre) Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attacks! Many different
More informationSecurityDAM On-demand, Cloud-based DDoS Mitigation
SecurityDAM On-demand, Cloud-based DDoS Mitigation Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS
More informationDOMAIN NAME SECURITY EXTENSIONS
DOMAIN NAME SECURITY EXTENSIONS The aim of this paper is to provide information with regards to the current status of Domain Name System (DNS) and its evolution into Domain Name System Security Extensions
More informationLog Audit Ensuring Behavior Compliance Secoway elog System
As organizations strengthen informatization construction, their application systems (service systems, operating systems, databases, and Web servers), security devices (firewalls and the UTM, IPS, IDS,
More informationSURE 5 Zone DDoS PROTECTION SERVICE
SURE 5 Zone DDoS PROTECTION SERVICE Sure 5 Zone DDoS Protection ( the Service ) provides a solution to protect our customer s sites against Distributed Denial of Service (DDoS) attacks by analysing incoming
More informationUNMASKCONTENT: THE CASE STUDY
DIGITONTO LLC. UNMASKCONTENT: THE CASE STUDY The mystery UnmaskContent.com v1.0 Contents I. CASE 1: Malware Alert... 2 a. Scenario... 2 b. Data Collection... 2 c. Data Aggregation... 3 d. Data Enumeration...
More informationWHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems
WHITE PAPER FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems Abstract: Denial of Service (DoS) attacks have been a part of the internet landscape for
More informationSeminar Computer Security
Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More information