Cyber Warfare: Identifying Attackers Hiding Amongst the Flock
|
|
- Justina Hoover
- 7 years ago
- Views:
Transcription
1 Cyber Warfare: Identifying Attackers Hiding Amongst the Flock Anthony Lauro Sr. Enterprise Security Architect Akamai Technologies, Inc October 3 rd, 2015
2 Who am I? (unphilosophically speaking) About me: Anthony Lauro CISSP, GWAPT Sr. Enterprise Security Architect Akamai Technologies, Inc 16 years Information Security Experience Advise Akamai clients on Cybersecurity Resilience Lead Application Security training for Enterprise Security Architecture Attended CCCC a long, long time ago
3 There are no rules of architecture for castles in the clouds. -Gilbert K. Chesterton
4 There are no rules of architecture for castles in the clouds. -Gilbert K. Chesterton
5 THREAT LANDSCAPE
6 Q1 13 Q2 13 Evolving Attack Campaigns Q3 13 Q4 13 Q 190 Gbps attack against US financial institution Account Checker (ecommerce) (Financial Services) Operation Ababil 17 D (R Largest DNS reflection attack, 167 Gbps Record number of DDoS attacks in Q EME
7 Top 10 Target Countries for Web Application Attacks Q1 2015
8 Top 10 Source Countries for Web Application Attacks Q1 2015
9 Attacks Grow Because Methods Improve Traditional DDoS attacks used compromised home computers Cloud based DDoS attacks harness the scale of global botnets Amplification attacks target protocol vulns to amplify size SNMP (6.3x) DNS (28x-54x) CharGEN (358.8x) NTP (556.9x) e Gbps Mpps
10 You Don t Have to Be Elite Anymore: You can do it, we can help!
11 Infrastructure Attacks: Smoke Screen? 27% 24% 30% 8% 4% 5%
12 WHAT MOTIVATES THE THREAT ACTOR? Hacked Web Server
13 Are You Prepared?
14 There Are No Immunities Between Verticals Source:
15 2014 Attack Trends Top three attack vectors are application layer attacks Defacement leads as the top attack, followed by SQLi and Account Hijacking as the most prevalent attacks seen in 2014 Source: Stateoftheinternet.com
16 Login Abuse: Account Checker Attacks The fuel for any account checker is a list of credentials. Fortunately for attackers, there are a huge number of credentials that are public. 38,000,000 Adobe accounts 318,000 Facebook accounts 70,000 Google accounts 60,000 Yahoo accounts 22,000 Twitter accounts 8,000 ADP accounts 8,000 LinkedIn accounts
17 DEFENSEIVE Techniques
18 A Castle Built in 1385 Defense against French: 100yr War
19 Acts as a gateway Defensive resources become limited Entry and Exits cannot coexist
20 WEB SECURITY Common Approaches
21 Common Approaches to Web Security Deny the problem Build It Buy Boxes
22 DO NOTHING
23 Approaches for Web Security On-Premise Hardware Internet Service Providers Application Protection Cloud Service Bandwidth Router Firewall ISPs Cloud Platform Load balancer
24 On-Premise Hardware On-Premises Web Security Approach Bandwidth Router Firewall Load balancer Bandwidth Constraint Connection & Processing Limitations Application Vulnerability Exploitation Have to ingest ALL traffic before a Yes/No decision can be made Performance Degradation Throughput of devices cannot meet volume / requests per second of good and bad traffic spikes. Reliability WAF configurations are complex often not tuned properly or not in blocking mode. Accuracy
25 How did this breach occur, we have a WAF!! I put the WAF on a SPAN port. I was afraid of blocking legitimate traffic!
26 Internet Service Provider Approach Internet Service Providers DDoS Only Protection ISPs False Positives/ Upstream Blacklisting Single-Homed Protection Carrier Dependent Architecture Capacity Issues At Scale
27 Those are birds Right? I forgot my shield!
28 Application Protection Cloud Service Approach Application Protection Cloud Service Not Always Enterprise Class Protection Direct-to-Origin DDoS Protection Gap Shared Infrastructure (Capacity Constraints) Acceptable Use Monitoring Challenge Cloud Platform Retaining Real-time Visibility
29 In other words, careful where you aim that gun, #OpISIS, because it might point back at you as well. -Mike Masnick TechDirt
30 MULTI PERIMETER DEFENSE
31 MULTI PERIMETER DEFENSE
32 MULTI PERIMETER DEFENSE
33 For Internet-facing Applications Web Retrieval and integrity of content and data Datacenter Origin Supporting infrastructure and other applications Internet DNS Finding the application User
34 Volumetric Protection Massive resiliency Thousands of points of presence Distributed geographically Rate controls for noisy requestors Multiple Perimeters For Internet-facing Applications Attacks Against CNAMEs Network and application layer filtering capable Protocol validation/filtering SSL decrypt re-encrypt Geo Sensing and Filtering Capable Capacity: Throughput & P/ps Attacks Against Datacenter IP s Direct to origin protection using BGP redirection Multiple globally distributed scrubbing centers Attack capacity to withstand multiple attacks at once Good traffic bypass as not to degrade performance
35 Multiple Perimeters For Internet-facing Applications Application Layer Attacks SSL decryption at scale Risk scoring rule sets Tune accuracy over time Attacks Against DNS Event Visibility Rate Controls - Connection Throttling White Listing Application Inspection DNSSEC Client/Server Locks Anycast Responses Threat intel gathered and validated against global dataset Real-Time event correlation between security policies Ability to identify hosts based on previous malicious behavior Import log feed from cloud into internal SIEM for correlation
36 HOW TO YOU IDENTIFY & CLASSIFY
37 THERE S A DIFFERENCE BETWEEN VISIBILITY & INSIGHT
38 CLIENT REPUTATION SCORING Use behavioral data to protect your castle Collect and correlate attack traffic into a large dataset from across the web Identify bad clients based on past behavior Define a risk score for malicious clients Filter malicious client based on risk score
39 InfoSec teams are swimming in data More raw information is not the solution Information Raw, unfiltered feed Aggregated from virtually every source May be true, false, misleading, incomplete, relevant or irrelevant Not actionable Intelligence Processes, sorted information Aggregated from reliable sources and cross correlated for accuracy Accurate, timely, complete, assessed for relevancy Actionable
40 Threats Change/Advance Over Time 124,625 Shellshock disclosed 69, ,008 16,135 21,359 15,071 30,427 9/24 9/25 9/26 9/27 9/28 9/29 9/30 10/1 Unique Shellshock payloads
41 CASE STUDIES APPLICATION / DDoS ATTACKS
42 Case Study: 320 Gbps DDoS Attack: Gaming Vertical, APAC Region Largest attack ever mitigated by Akamai against single customer Targeted primary website, supporting network infrastructure, and DNS Multiple attack vectors: SYN/UDP floods - entire subnet Volumetric attack against DNS Attack characteristics: 320 Gbps and 71.5 Mpps peak traffic 2.1 million requests/s against DNS
43 One Attack in a Broader DDoS Attack Campaign Day campaign against single customer 39 distinct attacks targeting applications and DNS infrastructure Eight attacks >100 Gbps including record 320 Gbps attack Start Infrastructure (Gbps) Web (Gbps) authdns (Mpps) DNS Reflection (Mpps) End
44 Opening Ceremony Grow revenue opportunities with fast, personalized Olympics web experiences and manage complexity from peak demand, mobile devices and data collection. 1 st day of sports 132 BILLION requests processed by our WAFs 10x more than 2010 Winter WAF rules triggered 127x more than 2010 Winter Olympics Custom Rules Triggered: 166,000,000 Rate Controls (Adaptive Rules) Triggered: 5,600,000 Requests Denied: 182,200,000
45 Opening ceremony Attack traffic Spain to Netherlands 4500 Chile to 3500 Australia Grow -500revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection Ivory Coast to Japan
46 Web Application Attacks by Industry Q Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.
47 The Attack du jour? Reflection attack Mostly SNMP v2c devices (~3+ years old) with default public community string Routers, printers, cable modems, NAS New tool automates sending getbulkrequest to open SNMP servers. Flood of SNMP GetResponse data sent from reflectors to victim on port 80 SNMP query begins at highest (OID) tree level to obtain largest possible response
48
49 Case Study: NTP Attacks on Origin Attack Vector Request with spoofed source IP of target server sent to a vulnerable NTP server that allows the monlist function. NTP server replies back to the target IP, direct to origin, at massive scale. Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. 500X RETURN RATE IN TRAFFIC >100GBPS ATTACK TRAFFIC AGAINST ORIGIN 1,000+ INCREASE IN HITS PER SECOND AGAINST ORIGIN
50 Use nmap NSE Script: identify vulnerable hosts Example: nmap -su -pu:123 -Pn -n --script=ntp-monlist <target> The monitor list in response to the monlist command is limited to 600 associations. The monitor capability may not be enabled on the target in which case you may receive an error number 4 (No Data Available). There may be a restriction on who can perform Mode 7 commands (e.g. "restrict noquery" in ntp.conf) in which case you may not receive a reply. This script does not handle authenticating and targets expecting auth info may respond with error number 3 (Format Error).
51 SSDP aka upnp (Universal Plug and Pray) SSDP 200-OK Response
52 DNS Attack Targeting Akamai Customer DNS requests peaked at 168k per second. 19B hits in 5 days. Normally serve ~30M hits per week.
53 DNS Hijacks Attacks: Common Tactic for Middle Eastern Attackers Best Practice DNS Locks Client DNS Locks clientupdateprohibited clienttransferprohibited clientdeleteprohibited US DoD s DNS Hijacked Registrar locks serverupdateprohibited servertransferprohibited serverdeleteprohibited
54 Remote File Inclusion RFI Attempt to pull click.php file from remote location Using RFI vuln in TimThumb Plugin
55 Here s what click.php is really about! HTTP(s) Redirections can fluctuate between different pay4click companies and advertiser s and that means precious bitcoin revenue for the attacker and his friends.
56 When good things go bad: Rogue Reseller to Competitor At first they were just scraping our site and we saw it to be mutually beneficial After years of this relationship we recently found that they now have a copycat site and are selling our products that they are now manufacturing on their own. Enterprise Manufacturing Customer
57 Blind SQL Injection: Time Based Attack Client Request This type of blind SQL injection relies on the database pausing for a specified amount of time and examining the results. Using this method, an attacker enumerates each letter of the desired piece of data.
58 SQL Injection Analysis 2000 customers over one week Protocol Breakdown SQL Injection Attacks % HTTP 8,137, HTTPS 287, Total 8,425, Breakdown by Intent Source: Akamai CSI
59 CMD INJECTION
60 Remote File Inclusion Attack Request Client Info
61 Credentials Cookie Value Exposure
62 ACCOUNT CHECKERS: CARDERS Several techniques are used to avoid detection and mitigation, including: Randomization of UserAgent header Targeting of alternative (mobile/api/legacy) login pages, which may have weaker mitigation controls and are often overlooked by the customer. Attacks originate from highly distributed set of IP addresses, with different source countries. Use of low request rates to evade rate controls. Change in order of headers. Changes in tactics when 403 responses are received.
63 Fraud Vietnamese Carders Carder TTP Build Tools Server Cultivate List of Open Proxies Acquire Compromised Logins Check/Alter Compromised Accounts Make Fraudulent Purchases Cash out/resell gift cards
64 Login Abuse: THE STRUGGLE IS REAL You know who you are!
65 Login Abuses: TTPs and Defenses Rate controls to block fast moving scripts Attack relies on being able to check thousands of accounts quickly Blocking aggressive scripts prevents login exploitation Internal monitoring for changes to customer accounts address Shipping address Same on multiple accounts Geo blocklists for areas where there is no business Cuts down on the places attackers can launch from Do cloud server providers need to access your webpage? Custom rules to block User-Agent strings (or lack thereof) Attack scripts are often simple and will contain only curl or wget Sometimes none at all
66
67
68 Industries affected Payment Processing Banking & Credit Unions Gambling Oil & Gas E-Commerce High Tech Consulting/Services DD4BC: (DDoS for Bitcoin) Attack Types Boot Stressor sites most likely culprit Reflection Attacks
69 Looking Forward into 2015 Industry Verticals Gaming, Fiserv, Internet & Telecom, Software & Tech, and Media verticals expected to be targeted heavily in 2015 Security vulnerabilities continue to increase due to bespoke/custom applications Good history of successful attacks DDoS Attacks Expect more mega attacks > 100Gbps Commoditization of DDOS attacks IPv6 uptake to increase DDoS vector Never pay ransoms, but do have a plan APPLICATION ATTACK TRENDS APPSEC IS FAILING NEED HELP! IF YOU DON T HAVE AN APPSEC PROGRAM START ONE! INJECTION & XSS RIDE OWASP TOP 10 SESSIONS MGMT YOURE DOING IT WRONG DEVELOPERS YOU RE BEHIND!
70 Cyber Security Requirements: 5 Points To Take Away 1. You Need Validated Data To derive intelligence on current & evolving threats. 2. Scale, Availability & Resilience To be high performing, take the punches, & stay online. 3. A Plan To understand how to respond to bad day scenarios. 4. Control & Flexibility To adapt your defenses dynamically. 5. People & Experience To execute every time you come under attack.
71 RESOURCES OWASP: OPEN WEB APPLICATION SECURITY PROJECT BSIMM5: BUILDING SECURITY IN MATURITY MODEL v5 SANS SWAT: SECURING WEB APPLICATION TECHNOLOGIES v1.1 CERT: SECURE CODING STANDARDS AKAMAI TECHNOLOGIES (HEY, WHY NOT)
72 Tony Lauro CISSP, GWAPT Senior Enterprise Security
73 The Collin College Engineering Department Collin College Student Chapter of the North Texas ISSA North Texas ISSA (Information Systems Security Association) Thank you NTX ISSA Cyber Security Conference October 2-3,
Don t get DDoSed and Confused. Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services
Don t get DDoSed and Confused Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services Agenda Intro/Data Collection DDoS Basics Trends and Statistics Adversarial Groups/Motivations Defense
More informationCloud Security In Your Contingency Plans
Cloud Security In Your Contingency Plans Jerry Lock Security Sales Lead, Greater China Contingency Plans Avoid data theft and downtime by extending the security perimeter outside the data-center and protect
More informationRise of the Machines: An Internet-Wide Analysis of Web Bots in 2014
SESSION ID: SPO2-W04 Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014 John Summers VP, Security Products Akamai #RSAC The Akamai Intelligent Platform The Platform 167,000+ Servers 2,300+
More information2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative
2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago,
More informationAKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.
CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE. Threat > The number and size of cyberattacks are increasing rapidly Website availability and rapid performance are critical factors in determining the success
More informationEnterprise-Grade Security from the Cloud
Datasheet Website Security Enterprise-Grade Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed security
More informationSSDP REFLECTION DDOS ATTACKS
TLP: AMBER GSI ID: 1079 SSDP REFLECTION DDOS ATTACKS RISK FACTOR - HIGH 1.1 OVERVIEW / PLXsert has observed the use of a new reflection and amplification distributed denial of service (DDoS) attack that
More informationNSFOCUS Web Application Firewall White Paper
White Paper NSFOCUS Web Application Firewall White Paper By NSFOCUS White Paper - 2014 NSFOCUS NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationDISTRIBUTED DENIAL OF SERVICE OBSERVATIONS
: DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationDoyourwebsitebot defensesaddressthe changingthreat landscape?
WHITEPAPER Doyourwebsitebot defensesaddressthe changingthreat landscape? Don tletbotsturnaminorincident intoamegasecuritybreach 1.866.423.0606 Executive Summary The website security threat landscape has
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationHow To Mitigate A Ddos Attack
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 3 3RD QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS 4 Mitigations by Attack Size 4 Mitigations by Industry 5
More informationCHECKLIST: ONLINE SECURITY STRATEGY KEY CONSIDERATIONS MELBOURNE IT ENTERPRISE SERVICES
ONLINE SECURITY STRATEGY KEY CONSIDERATIONS MELBOURNE IT ENTERPRISE SERVICES Cyber threats continue to rapidly evolve in frequency and sophistication, posing a constant and serious threat to business organisations
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationWebsite Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?
Datasheet: Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-ofbreed
More informationAkamai Cloud Security Solutions:
AKAMAI WHITE PAPER Akamai Cloud Security Solutions: Comparing Approaches for Web, DNS, and Infrastructure Security TABLE OF CONTENTS INTRODUCTION 1 THE CHANGING THREAT LANDSCAPE 1 Denial-of-service attacks
More informationAccount Checkers and Fraud
kamai Technologies Inc. Account Checkers and Fraud Carders in Action VERSION: 2013-0005-G Table of Contents Executive Summary... 2 Observed Behavior... 2 Attacker Tactics, Techniques and Procedures...
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationMulti-Layer Security for Multi-Layer Attacks. Preston Hogue Dir, Cloud and Security Marketing Architectures
Multi-Layer Security for Multi-Layer Attacks Preston Hogue Dir, Cloud and Security Marketing Architectures High-Performance Services Fabric Programmability Data Plane Control Plane Management Plane Virtual
More information[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks
TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)
More informationNSFOCUS Web Application Firewall
NSFOCUS Web Application Firewall 1 / 9 Overview Customer Benefits Mitigate Data Leakage Risk Ensure Availability and QoS of Websites Close the Gap for PCI DSS Compliance Collaborative Security The NSFOCUS
More information[Restricted] ONLY for designated groups and individuals. 2014 Check Point Software Technologies Ltd.
[Restricted] ONLY for designated groups and individuals Contents 1 2 3 4 Industry Trends DDoS Attack Types Solutions to DDoS Attacks Summary 2 Cybercrime Landscape DNS Hijacking Malware 3% 3% Targeted
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationArrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015
Arrow ECS University 2015 Radware Hybrid Cloud WAF Service 9 Ottobre 2015 Get to Know Radware 2 Our Track Record Company Growth Over 10,000 Customers USD Millions 200.00 150.00 32% 144.1 16% 167.0 15%
More informationBad Romance: Three Reasons Hackers <3 Your Web Apps & How to Break Them Up
Bad Romance: Three Reasons Hackers
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More informationTHE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE
THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE How application threat intelligence can make existing enterprise security infrastructures smarter THE BLIND SPOT IN THREAT INTELLIGENCE
More informationTable of Contents. Page 2/13
Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities
More informationContemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited
Contemporary Web Application Attacks Ivan Pang Senior Consultant Edvance Limited Agenda How Web Application Attack impact to your business? What are the common attacks? What is Web Application Firewall
More informationASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION
ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: Learn the various attacks like sql injections, cross site scripting, command execution
More informationWeb Security. Discovering, Analyzing and Mitigating Web Security Threats
Web Security Discovering, Analyzing and Mitigating Web Security Threats Expectations and Outcomes Mitigation strategies from an infrastructure, architecture, and coding perspective Real-world implementations
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationAcquia Cloud Edge Protect Powered by CloudFlare
Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....
More informationCloudFlare advanced DDoS protection
CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationManage the unexpected
Manage the unexpected Navigate risks and thrive Today s business world is threatened by a multitude of online security risks. But many organizations simply do not have the resources or expertise to combat
More informationDNS FLOODER V1.1. akamai s [state of the internet] / Threat Advisory
GSI ID: 1065 DNS FLOODER V1.1 RISK FACTOR - HIGH 1.1 OVERVIEW / PLXSert has observed the release and rapid deployment of a new DNS reflection toolkit for distributed denial of service (DDoS) attacks. The
More informationWeb Application Defence. Architecture Paper
Web Application Defence Architecture Paper June 2014 Glossary BGP Botnet DDoS DMZ DoS HTTP HTTPS IDS IP IPS LOIC NFV NGFW SDN SQL SSL TCP TLS UTM WAF XSS Border Gateway Protocol A group of compromised
More informationHow To Block A Ddos Attack On A Network With A Firewall
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationSHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper
SHARE THIS WHITEPAPER On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper Table of Contents Overview... 3 Current Attacks Landscape: DDoS is Becoming Mainstream... 3 Attackers Launch
More informationThe server will respond to the client with a list of instances. One such attack was analyzed by an information security researcher in January 2015.
1 TLP: GREEN 02.11.15 GSI ID: 1086 SECURITY BULLETIN: MS SQL REFLECTION DDOS RISK FACTOR - MEDIUM 1.1 / OVERVIEW / Beginning in October 2014, PLXsert observed the use of a new type of reflection-based
More informationJOOMLA REFLECTION DDOS-FOR-HIRE
1 TLP: GREEN GSI ID: 1085 JOOMLA REFLECTION DDOS-FOR-HIRE RISK FACTOR - HIGH 1.1 / OVERVIEW / Following a series of vulnerability disclosures throughout 2014, the popular content management framework Joomla
More informationDDoS Threat Report. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter
DDoS Threat Report Insights on Finding, Fighting, and Living with DDoS Attacks v1.1 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News - 2014 DDoS Trends
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationwww.obrela.com Swordfish
Swordfish Web Application Firewall Web Application Security as a Service Swordfish Web Application Security provides an innovative model to help businesses protect their brand and online information, incorporating
More informationEnd-to-End Application Security from the Cloud
Datasheet Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed
More informationFirst Line of Defense
First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Powerful web-based security analytics portal with easy-to-read security dashboards Proactive
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationA Network Administrator s Guide to Web App Security
A Network Administrator s Guide to Web App Security Speaker: Orion Cassetto, Product Marketing Manager, Incapsula Moderator: Rich Nass, OpenSystems Media Agenda Housekeeping Presentation Questions and
More informationERT Attack Report. Attacks on Large US Bank During Operation Ababil. March 2013
Attacks on Large US Bank During Operation Ababil March 2013 Table of Contents Executive Summary... 3 Background: Operation Ababil... 3 Servers Enlisted to Launch the Attack... 3 Attack Vectors... 4 Variations
More information/ Staminus Communications
/ Staminus Communications Global DDoS Mitigation and Technology Provider Whitepaper Series True Cost of DDoS Attacks for Hosting Companies The most advanced and experienced DDoS mitigation provider in
More informationFirst Line of Defense
First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Gain comprehensive visibility into DDoS attacks and cyber-threats with easily accessible
More informationMingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway
Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationNTP-AMP: AMPLIFICATION TACTICS AND ANALYSIS
GSI ID: 1070 NTP-AMP: AMPLIFICATION TACTICS AND ANALYSIS RISK FACTOR - HIGH 1.1 OVERVIEW / Amplification is not a new distributed denial of service (DDoS) attack method, nor is the misuse of the Network
More informationThis document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons
This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons Attribution-ShareAlike 4.0 International license. As a provider
More informationCYBER TRENDS & INDUSTRY PENETRATION TESTING. Technology Risk Supervision Division Monetary Authority of Singapore
CYBER TRENDS & INDUSTRY PENETRATION TESTING Technology Risk Supervision Division Monetary Authority of Singapore A NEW DAWN New Services / Mobile Application, NFC, FAST Technology / Biometrics, Big Data,
More informationHOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest
More informationakamai s [state of the internet] Q 3 2015 executive review
akamai s [state of the internet] Q 3 2015 executive review about the review / Akamai, the world s leading content delivery network (CDN) provider, uses its globally distributed Intelligent Platform TM
More informationAkamai Security Products
Akamai Security Products Key Areas of Cloud Security for Akamai Protect Web Availability Internet Infrastructure Security Remove Credit Cards Payment Tokenization Web Application Firewall Application Security
More informationThreat Intelligence UPDATE: Cymru EIS Report. www.team- cymru.com
Threat Intelligence Group UPDATE UPDATE: SOHO Pharming A Team Cymru EIS Report Powered Page by T1eam Threat Intelligence Group of 5 C ymru s This is an update on the SOHO Pharming case we published a little
More informationWEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY
WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities
More informationFirst Line of Defense to Protect Critical Infrastructure
RFI SUBMISSION First Line of Defense to Protect Critical Infrastructure Developing a Framework to Improve Critical Infrastructure Cybersecurity Response to NIST Docket # 130208119-3119-01 Document # 2013-044B
More informationService Description DDoS Mitigation Service
Service Description DDoS Mitigation Service Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: info@interoute.com Contents Contents 1 Introduction...3 2 An Overview...3
More informationNetwork Security Monitoring: Looking Beyond the Network
1 Network Security Monitoring: Looking Beyond the Network Ian R. J. Burke: GCIH, GCFA, EC/SA, CEH, LPT iburke@headwallsecurity.com iburke@middlebury.edu February 8, 2011 2 Abstract Network security monitoring
More informationWEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services
WEB SITE SECURITY Jeff Aliber Verizon Digital Media Services 1 SECURITY & THE CLOUD The Cloud (Web) o The Cloud is becoming the de-facto way for enterprises to leverage common infrastructure while innovating
More informationFortiDDos Size isn t everything
FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One
More informationRSA Web Threat Detection
RSA Web Threat Detection Online Threat Detection in Real Time Matthew Joseff, Sr. Technology Evangelist, RSA 2 RSA Web Threat Detection Online Threat Detection in Real Time Matthew Joseff, Sr. Technology
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationStop DDoS Attacks in Minutes
PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationPenta Security 3rd Generation Web Application Firewall No Signature Required. www.gasystems.com.au
Penta Security 3rd Generation Web Application Firewall No Signature Required www.gasystems.com.au 1 1 The Web Presence Demand The Web Still Grows INTERNET USERS 2006 1.2B Internet Users - 18% of 6.5B people
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationTable of Contents. Application Vulnerability Trends Report 2013. Introduction. 99% of Tested Applications Have Vulnerabilities
Application Vulnerability Trends Report : 2013 Table of Contents 3 4 5 6 7 8 8 9 10 10 Introduction 99% of Tested Applications Have Vulnerabilities Cross Site Scripting Tops a Long List of Vulnerabilities
More informationCSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks
CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic
More informationDDoS Mitigation Solutions
DDoS Mitigation Solutions The Real Cost of DDOS Attacks Hosting, including colocation at datacenters, dedicated servers, cloud hosting, shared hosting, and infrastructure as a service (IaaS) supports
More informationWeb Application Security 101
dotdefender Web Application Security Web Application Security 101 1 Web Application Security 101 As the Internet has evolved over the years, it has become an integral part of virtually every aspect in
More informationGame changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE
Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationLooking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015
WHITEPAPER Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015 Malcolm Orekoya Network & Security Specialist 30 th January 2015 Table of Contents Introduction... 2 Identity Defines
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationBusiness white paper. Missioncritical. defense. Creating a coordinated response to application security attacks
Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly
More informationWeb Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week
More informationHTTPS Inspection with Cisco CWS
White Paper HTTPS Inspection with Cisco CWS What is HTTPS? Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the Hyper Text Transfer Protocol (HTTP). It is a combination of HTTP and a
More informationDDoS Attacks in the United Kingdom
Neustar Insights DDoS Attacks in the United Kingdom 2012 Annual Trends and Impact Survey Contents Survey Findings, 2012 2011 Survey Methodology 3 Frequency of Attacks 3 Introduction In both 2011 and 2012,
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationEC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
More informationASL IT Security Advanced Web Exploitation Kung Fu V2.0
ASL IT Security Advanced Web Exploitation Kung Fu V2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: There is a lot more in modern day web exploitation than the good old alert( xss ) and union
More informationVALIDATING DDoS THREAT PROTECTION
VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to
More informationProtect your network: planning for (DDoS), Distributed Denial of Service attacks
Protect your network: planning for (DDoS), Distributed Denial of Service attacks Nov 19, 2015 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product
More informationThe Web AppSec How-to: The Defenders Toolbox
The Web AppSec How-to: The Defenders Toolbox Web application security has made headline news in the past few years. Incidents such as the targeting of specific sites as a channel to distribute malware
More informationThe Global Attacker Security Intelligence Service Explained
White Paper How Junos Spotlight Secure Works The Global Attacker Security Intelligence Service Explained Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3
More information