DDoS - Distributed Denial of Service
|
|
- Anabel Crawford
- 3 years ago
- Views:
Transcription
1 September 2013 Distributed Denial of Service Attacks COMPROMISING NETWORKS AND ORGANISATIONS Executive Summary Distributed Denial of Service (DDoS) attacks are a major cause of disruption for networks and the distributed applications they host. With enhancements of routers and intermediate network devices and appliances, the level of attention given to DDoS attacks has reduced over time, as they have been viewed as less of a security issue. These traditional volumetric attacks were often mitigated upstream, however low and slow DDoS attacks are still a significant issue and bypass routers and intermediate network devices causing an application-layer attack which overloads a service or database with application calls. DDoS attacks against the application layer may be both more subtle and potentially more damaging.
2 Introduction DDoS attacks have a long history of disrupting services provided through the internet, by targeting the lower network layers. By flooding lower network layers (the seven OSI layers are explained in more detail at the end of this document) with a massive surge in traffic, intermediate network devices, such as firewalls and intrusion detection/prevention systems, and hosts at the target installation can quickly become overwhelmed and crash. This then denies service to legitimate users who wish to use applications and services at higher network and application layers. For example, an attacker might use a rented botnet to simultaneously command 50,000 hosts to ping a target with numerous HTTP GET or POST requests (which could be 2G in size each). Alternatively, a worm (such as MyDoom) could generate 64 GET requests every second from every host infected by the worm (further technical examples are given at the conclusion of this document). The possibilities for generating this type of traffic are endless, and early attempts to deal with the problem were ineffective. However, most commercial ISPs and organisations offering web applications and services now invest in perimeter defence, such as a specialised router or Intrusion Detection System (IDS), which is able to quickly detect rising and unusual levels of traffic before they can cause servers to fail. Connections which are detected as being part of a DDoS attack can be terminated downstream, or high availability and cloud services can result in legitimate requests being rerouted to other hosts while a DDoS response is implemented. Unfortunately DDoS attacks are still a significant problem for organisations of all shapes and sizes. As usual, attackers have responded to an enhanced threat response at the transport layer by devising more sophisticated attacks directed at the application layer, which have the same impact: denial of service to legitimate users. The key message in relation to these attacks is that the perimeter defence technologies that About the Centre for Internet Safety The Centre for Internet Safety at the University of Canberra was created to foster a safer, more trusted Internet by providing thought leadership and policy advice on the social, legal, political and economic impacts of cybercrime and threats to cyber security. The Centre for Internet Safety is hosted within the Faculty of Law at the University of Canberra. The University of Canberra is Australia's capital university and focuses on preparing students for a successful and rewarding career. work well in deflecting transport layer attacks fail when confronted with an application layer attack, because such attacks only become active once the apparently legitimate traffic has passed through the perimeter defence. That's not to say perimeter defence cannot play a role in defeating such attacks, but that the perimeter would need a significantly higher level of intelligence about what is happening deep within the network to implement an effective response. DDoS Report 2
3 Current Issues Recent changes in the online threat environment have brought DDoS back into focus. A key theme of many advisories and publicised attacks over the past few years has been the persistent rise of hacktivists, such as the group Anonymous. Hacktivist groups identify somewhat arbitrary targets often through a loose collective decision making process, with DDoS being the typical mode of attack. Hacktivists can also identify and attack targets with a more political dimension or focus, but the motives are not always clear, and attacks are often difficult to predict. While most democracies are based around notions of free speech and the right to legitimate protest, actions which result in damage of property (for example street protests) are generally illegal. In the internet domain, a corollary might be that citizens should be free to express their views on blogs, wikis, forums etc but not to engage in online criminal damage. Unfortunately, many hacktivist groups set out to cause as much destruction and damage as possible, incurring real costs for site and infrastructure owners, and denying often critical online services. For example, since late 2010, Anonymous has initiated a number of DDoS attacks, including: Targeted attacks against the HBGary (February 2011) - servers broken into, s pillaged and published to the world, data destroyed, and its website defaced. Operation Payback (December 2010) - revenge attacks against major credit and financial institutions in the US & Europe after they cancelled dealings with and froze donations to WikiLeaks following political pressure surrounding secret US diplomatic cable leaks. Vatican website attacks (March 2012) - Disruption of the Vatican website in protests against what was claimed to be corruption in the Catholic Church. Operation Australia (July 2012) - Anonymous defaces several Queensland Government websites and threatens to release multiple GB of user data stolen from AAPT in protest of new data retention laws being discussed in Australia. The attacks subsequently moved onto the Federal Government Departments ASIO, AFP and ASD. In each case, governments, corporations and community organisation websites have experienced significant downtime, data loss, defacement and/or serious disruption of service. These effects can t be trivialised and cost an organisation time, money and brand reputation. The integration of application layer attacks, such as SQL injection with more traditional volumetric, networkbased DDoS attacks is a worrying trend, and has significantly increased the risk of a sophisticated attack for any organisation which may find itself being disapproved of for political or social reasons. Furthermore, identifying the source of an attack and participants can be challenging due to the distributed nature of the attacks; unlike some botnet infections, where client software is installed surreptitiously on an end-user s device without their knowledge, users are actively recruited by hacktivist groups to join the cause. In practice, this means non-technical users are encouraged to download and install tools like the Low Orbit Ion Canon (LOIC) and its variants such as Mobile LOIC and Web LOIC. Distribution of such tools and their widespread use (often by minors) can make prevention and prosecution of offenders very difficult, especially given geographic and jurisdictional issues. A hacktivist campaign could last for several days which is likely to be severe for most organisations, especially when the media may be recruited to provide favourable coverage to the attackers. 3 DDoS Report
4 Remedies What is the best approach to solving application layer attacks? While the attacks are likely to slow down servers behind the firewall, and well within the trusted core of servers, an enhanced security strategy would typically dictate pushing out defensive barriers towards the perimeter, where hardware-based blocking of connections from malicious hosts can be most effectively achieved. Yet, such perimeter defences will need some knowledge of the business rules which govern acceptable program behaviour for databases and application servers, and be able to identify true positive attacks from false positive blocking, which may further exacerbate an attack by blocking legitimate users. One technique would involve identifying strings which are likely to be flagged as risky or not appropriate for hosted applications. Using behavioral and signature based technologies organisations may defend against both network and application-level attacks. Identifying attacks and modifying protection rules can guard against future attack attempts. Furthermore, Network Behavioural Analysis (NBA) of network and application access patterns combined with pattern recognition and data mining technology could be used to recognise those patterns which are likely to lead to application layer attacks. This might include attempts to scan for known vulnerabilities or common attack patterns, such as SQL injection. NBA technologies must be adaptive, able to learn from past errors and incorporate feedback mechanisms. Devices using an NBA approach must be able to defend against both volume attacks as well as low rate attacks, since the high volume, SYN flooding approach may simply be a smokescreen for the actual attack payload, intended to penetrate deep inside corporate networks and systems. This implies that standard, lower layer firewalls are not sufficient to protect against attacks which are low rate and target the application layer; software is needed that can analyse, interpret and predict the end-result of changing patterns of HTTP requests based on their content. Coordination and detection of attacks at different network layers could be used to detect significant penetrations more effectively. Advanced Action Escalation Technology Another technique to defeat modern threats is to use a mechanism whereby new connections are challenged prior to establishing a session with the server. This Advanced Action Escalation Technology is often associated with and deployed as part of Anti-DoS and NBA protection components. The process works in conjunction with real-time signature and closed feedback modules with the aim of the escalation approach being to first detect suspicious users (through the real-time signature generation module) and second, to start and activate a set of actions beginning with the most gentle one that will have negligible, if any, impact on legitimate users. Based on a closed feedback loop, the system will decide if escalating to a more aggressive action is required. Actions include: SYN cookies TCP-Reset & Safe-Reset challenges 302 & JavaScript challenges (for HTTP/S traffic) The approach aims to minimise the impact on the human user experience while presenting a more accurate and adaptive response to the artificial users (for example, a bot). Ideally, network security devices need to be able to share information and parameters between the different layers of network and application cyber protection. For example, having cloud-based protection being able to leverage more detailed network and attack characteristics obtained by Common Platform Enumeration (CPE)-based protection, as well as targeted layer 7 protection web application firewall being able to inform CPE and cloud-based protection of DDoS Report 4
5 malicious hosts and sources in order to block at lower levels of the application or network. In effect this provides a unified and synchronised IT security model that extends from cloud scrubbing services, to customer-based perimeter network protection to targeted application and web protection and back. A CPE-based perimeter protection device, with information relating to specific application and layer 7 malicious hosts and sources may mitigate this issue. The correlation of this information with other network level intelligence will assist in offloading and mitigating applicationbased attacks at the perimeter. The ability to send specific information relating to the customer s network environment to cloud scrubbing services will provide more effective and immediate protection against volumetric network-based attacks upstream. Summary By combining a multi-layered approach, organisations can build on the success of defending against simple, transport layer DDoS attacks by considering how best to achieve operational assurance against application layer DDoS attacks. By securing the network from the perimeter inwards, and by implementing solutions which can detect attacks at different layers, real and pressing threats to network and system integrity can be mitigated. The OSI Model The Open Systems Interconnection (OSI) model was developed as a computer communications architecture and a framework for developing protocol standards. The upper layers of the OSI model represent software that implements network services like connection management. The lower layers of the OSI model implement hardwareoriented functions like routing and addressing. It consists of the following seven layers: Segments Packets Frames Bits DDoS Examples Layer Application Presentation Session Transport Network Link Physical A simple scenario may use HTTP POST, which has been flagged by the Open Source Web Application Security Project (OWASP) as a simple yet effective attack against the application layer. In the scenario involving malformed SYN requests, the perimeter defence can identify these readily as being improper and block them. But what about a spike in the size and quantity of image uploads? A naive perimeter defence would have no basis for blocking legitimate-appearing requests which were "legal" HTTP requests. Still, a clever perimeter defence might deprioritise such traffic, at the expense of denying access to legitimate clients during periods of high volume. A more sophisticated attack (such as DDoS over the Secure Sockets Layer, or SSL; see below) would provide no alerts at all at the perimeter because only a small amount of traffic would be involved; yet the impact on hosts actually providing a web service or application could be enormous, and potentially very difficult to diagnose and remedy. What is the link between DDoS and SQL injection? Rather than using SQL injection to drop a table of users, or damage data, it could be used to issue commands to the database which would considerably slow down response times to application requests. For example, a web application providing a view onto a Microsoft SQL Server database could be used to force an index rebuild on all tables, which may result in locking of database resources making them unavailable to legitimate users. 5 DDoS Report
6 Such an attack is not specific to SQL Servers; all databases and application servers have functions which can be exploited and misused in this way. Most importantly, the slow rate and volume of SQL injection attacks (or other application layer exploits) means that traditional security devices may fail to recognise and defend against them. Indeed, the focus on high volume dumb attacks means that other more sophisticated attacks can be undertaken while devices are paying attention to the most obvious but least worrying tactics. In this sense, a SYN flood may attract the attention of a CERT team, acting as a smokescreen or battering ram, while more sophisticated, low-volume attacks may fail to be detected and succeed often over a long period of time. This technique became clearly evident in the Sony PlayStation Network data breach of In a letter to US Congress, Sony chairman Kazuo Hirai wrote, Security teams were working very hard to defend against denial of service attacks, and that may have made it more difficult to detect this intrusion quickly. Other attacks may have volume characteristics, but still attack the application layer. For example, the RUDY (R U Dead Yet) tool attempts to exploit connection limits on webserver connections, by creating other legitimate connections that are not disconnected, thereby denying service in a manner akin to a traditional DDoS. Yet most devices would not be able to detect this type of maliciousness. As mentioned above, a more sophisticated and recent attack trend involves using SSL to attack the application layer. How does this work? Surely, SSL provides application layer security? SSL certainly provides end-toend confidentiality, but that confidentiality also reduces the effectiveness of perimeter defences, since the encrypted packets cannot be inspected to examine their contents and determine if they are malicious. Once malicious packets have passed through the firewall, there are a number of attack vectors which are possible. For example, the computational costs of decrypting large numbers of packets are likely to be very high compared to vanilla HTTP. The THC-SSL- DOS attack estimates a 15x overhead in using SSL versus HTTP for application layer DDoS1. It is well-known that even small reductions in response latency can have a highly non-linear effect on consumer behavior: Amazon, for example, found that every 100ms of latency would result in a 1% fall in sales, while every half second of lag for Google in presenting search results would reduce traffic by 20% ms-of-latency-cost-them-1-in-sales/ DDoS Report 6
Web Application Defence. Architecture Paper
Web Application Defence Architecture Paper June 2014 Glossary BGP Botnet DDoS DMZ DoS HTTP HTTPS IDS IP IPS LOIC NFV NGFW SDN SQL SSL TCP TLS UTM WAF XSS Border Gateway Protocol A group of compromised
More informationSHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper
SHARE THIS WHITEPAPER On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper Table of Contents Overview... 3 Current Attacks Landscape: DDoS is Becoming Mainstream... 3 Attackers Launch
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationLoad Balancing Security Gateways WHITE PAPER
Load Balancing Security Gateways WHITE PAPER Table of Contents Acceleration and Optimization... 4 High Performance DDoS Protection... 4 Web Application Firewall... 5 DNS Application Firewall... 5 SSL Insight...
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationTLP WHITE. Denial of service attacks: what you need to know
Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...
More informationDenial of Service Attacks, What They are and How to Combat Them
Denial of Service Attacks, What They are and How to Combat Them John P. Pironti, CISSP Genuity, Inc. Principal Enterprise Solutions Architect Principal Security Consultant Version 1.0 November 12, 2001
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationSecurity. 26 November 2012 Vol.18 No11
Security 26 November 2012 Vol.18 No11 DDoS attacks: The impact DDoS experts explain how to try to prevent DDoS attacks and what the impact is of an attack on an enterprise The cost of a Distributed Denial
More informationWhite Paper A10 Thunder and AX Series Load Balancing Security Gateways
White Paper A10 Thunder and AX Series Load Balancing Security Gateways June 2013 WP_LB FW 062013 Disclaimer This document does not create any express or implied warranty about A10 Networks or about its
More informationSecuring data centres: How we are positioned as your ISP provider to prevent online attacks.
Securing data centres: How we are positioned as your ISP provider to prevent online attacks. Executive Summary In today s technologically-demanding world, an organisation that experiences any internet
More informationFour Steps to Defeat a DDoS Attack
hite Paper Four Steps to Defeat a DDoS Attack Millions of computers around the world are controlled by cybercriminals. These computers, infected with bot malware, automatically connect to command and control
More informationSecurityDAM On-demand, Cloud-based DDoS Mitigation
SecurityDAM On-demand, Cloud-based DDoS Mitigation Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS
More informationFour Steps to Defeat a DDoS Attack
WHITE PAPER Four Steps to Defeat a DDoS Attack Millions of computers around the world are controlled by cybercriminals. These computers, infected with bot malware, automatically connect to command and
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationDebunking Myths About DDoS Attacks: Radware 2011 Global Security Report.
Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report. Mick Stephens, General Manager - Australia & New Zealand, Radware Ltd. March 2012 AGENDA About 2011 Global Security Report Key Findings:
More informationWAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales
WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More informationData Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.
Data Centers Protection from DoS attacks. Trends and solutions Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.2010 Cybercrime Trends Page 2 Types of DoS attacks and classical
More informationHow To Block A Ddos Attack On A Network With A Firewall
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
More informationCustomer Cases. Andreas Nordenadler, Sales Manager
Customer Cases Andreas Nordenadler, Sales Manager CERT-XX Attacks May 19 th and onward AGENDA Motivation Attack Campaign Timeline Attack Vectors Summary Motivation Operation OpXX May 3 rd 2012 - Department
More information[Restricted] ONLY for designated groups and individuals. 2014 Check Point Software Technologies Ltd.
[Restricted] ONLY for designated groups and individuals Contents 1 2 3 4 Industry Trends DDoS Attack Types Solutions to DDoS Attacks Summary 2 Cybercrime Landscape DNS Hijacking Malware 3% 3% Targeted
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationDISTRIBUTED DENIAL OF SERVICE OBSERVATIONS
: DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s
More informationRadware s Attack Mitigation Solution On-line Business Protection
Radware s Attack Mitigation Solution On-line Business Protection Table of Contents Attack Mitigation Layers of Defense... 3 Network-Based DDoS Protections... 3 Application Based DoS/DDoS Protection...
More informationWhy a Network-based Security Solution is Better than Using Point Solutions Architectures
Why a Network-based Security Solution is Better than Using Point Solutions Architectures In This Paper Many threats today rely on newly discovered vulnerabilities or exploits CPE-based solutions alone
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationFour Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers
Four Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers Whitepaper SHARE THIS WHITEPAPER Table of Contents The Rising Threat of Cyber-Attack Downtime...3 Four Key Considerations
More informationDistributed Denial of Service (DDoS) attacks. Imminent danger for financial systems. Tata Communications Arbor Networks.
Distributed Denial of Service (DDoS) attacks Imminent danger for financial systems Presented by Tata Communications Arbor Networks 1 Agenda Importance of DDoS for BFSI DDoS Industry Trends DDoS Technology
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More informationService Description DDoS Mitigation Service
Service Description DDoS Mitigation Service Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: info@interoute.com Contents Contents 1 Introduction...3 2 An Overview...3
More informationDDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION
DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION Stephen Gates Chief Security Evangelist Corero Network Security Session ID: SEC-W04 Session Classification: Intermediate Recent Headlines Are Denial of
More informationAdvantages of Managed Security Services
Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network
More informationBusiness Case for a DDoS Consolidated Solution
Business Case for a DDoS Consolidated Solution Executive Summary Distributed denial-of-service (DDoS) attacks are becoming more serious and sophisticated. Attack motivations are increasingly financial
More informationProtection against DDoS and WEB attacks. Michael Soukonnik Radware Ltd michaels@radware.com
Protection against DDoS and WEB attacks Michael Soukonnik Radware Ltd michaels@radware.com Landscape Ponemon Research 2012: Cyber security threats Cyber security threats according to risk mitigation priority
More informationApplication Security Backgrounder
Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
More informationAvailability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013
the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationThe Critical Importance of Three Dimensional Protection (3DP) in an Intrusion Prevention System
The Critical Importance of Three Dimensional Protection (3DP) in an Intrusion Prevention System Top Layer Networks, Inc. Enterprises without a sound intrusion prevention strategy across the three threat
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationThe Barracuda Web Application Firewall: Best Practices for Planning and Defending Against Attacks by Anonymous
The Barracuda Web Application Firewall: Best Practices for Planning and Defending Against Attacks by Anonymous The security analysts at Barracuda Central have been continuously monitoring the recent spate
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationWeb Security. Discovering, Analyzing and Mitigating Web Security Threats
Web Security Discovering, Analyzing and Mitigating Web Security Threats Expectations and Outcomes Mitigation strategies from an infrastructure, architecture, and coding perspective Real-world implementations
More informationDDoS Overview and Incident Response Guide. July 2014
DDoS Overview and Incident Response Guide July 2014 Contents 1. Target Audience... 2 2. Introduction... 2 3. The Growing DDoS Problem... 2 4. DDoS Attack Categories... 4 5. DDoS Mitigation... 5 1 1. Target
More informationFortiDDos Size isn t everything
FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationMan, Machine and DDoS Mitigation
Man, Machine and DDoS Mitigation The case for human cyber security expertise Automated DDoS mitigation poses risks Distributed denial of service (DDoS) attacks can overwhelm DDoS appliances Today s DDoS
More informationTDC s perspective on DDoS threats
TDC s perspective on DDoS threats DDoS Dagen Stockholm March 2013 Lars Højberg, Technical Security Manager, TDC TDC in Sweden TDC in the Nordics 9 300 employees (2012) Turnover: 26,1 billion DKK (2012)
More informationDefense In Depth To Fight Against The Most Persistent DDoS
Defense In Depth To Fight Against The Most Persistent DDoS All enterprises with an Internet presence should worry about Distributed Denial-of-Service (DDoS) - some more than others. It is a fact of life
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationProtect your network: planning for (DDoS), Distributed Denial of Service attacks
Protect your network: planning for (DDoS), Distributed Denial of Service attacks Nov 19, 2015 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product
More informationINSIDE. Securing Network-Attached Storage Protecting NAS from viruses, intrusions, and blended threats
Symantec Enterprise Security WHITE PAPER Securing Network-Attached Storage Protecting NAS from viruses, intrusions, and blended threats INSIDE Executive Summary Challenges to securing NAS An effective
More informationVERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK
HANDBOOK VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK CONSIDERATIONS FOR SERVICE ADOPTION Version 1.0 July 2014 VerisignInc.com CONTENTS 1. WHAT IS A DDOS PROTECTION SERVICE? 3 2. HOW CAN VERISIGN
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationWhitePaper. Mitigation and Detection with FortiDDoS Fortinet. Introduction
WhitePaper DDoS Attack Mitigation Technologies Demystified The evolution of protections: From inclusion on border devices to dedicated hardware+behavior-based detection. Introduction Distributed Denial
More informationStop DDoS Attacks in Minutes
PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)
More informationManage the unexpected
Manage the unexpected Navigate risks and thrive Today s business world is threatened by a multitude of online security risks. But many organizations simply do not have the resources or expertise to combat
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationwww.prolexic.com Stop DDoS Attacks in Minutes
www.prolexic.com Stop DDoS Attacks in Minutes Prolexic gives us the strong insurance policy against DDoS attacks that we were looking for. Mark Johnson, Chief Financial Officer, RealVision You ve seen
More informationERT Attack Report. Attacks on Large US Bank During Operation Ababil. March 2013
Attacks on Large US Bank During Operation Ababil March 2013 Table of Contents Executive Summary... 3 Background: Operation Ababil... 3 Servers Enlisted to Launch the Attack... 3 Attack Vectors... 4 Variations
More informationNSFOCUS Web Application Firewall
NSFOCUS Web Application Firewall 1 / 9 Overview Customer Benefits Mitigate Data Leakage Risk Ensure Availability and QoS of Websites Close the Gap for PCI DSS Compliance Collaborative Security The NSFOCUS
More informationArrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015
Arrow ECS University 2015 Radware Hybrid Cloud WAF Service 9 Ottobre 2015 Get to Know Radware 2 Our Track Record Company Growth Over 10,000 Customers USD Millions 200.00 150.00 32% 144.1 16% 167.0 15%
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationComplete Protection against Evolving DDoS Threats
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
More informationHow To Mitigate A Ddos Attack
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 3 3RD QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS 4 Mitigations by Attack Size 4 Mitigations by Industry 5
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationFour Steps to Defeat a DDoS Attack
hite Paper Four Steps to Defeat a DDoS Attack Millions of computers around the world are controlled by cybercriminals. These computers have been infected with software robots, or bots, that automatically
More informationNSFOCUS Web Application Firewall White Paper
White Paper NSFOCUS Web Application Firewall White Paper By NSFOCUS White Paper - 2014 NSFOCUS NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect
More informationVALIDATING DDoS THREAT PROTECTION
VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to
More informationSpecific recommendations
Background OpenSSL is an open source project which provides a Secure Socket Layer (SSL) V2/V3 and Transport Layer Security (TLS) V1 implementation along with a general purpose cryptographic library. It
More informationCheck Point DDoS Protector
Check Point DDoS Protector June 2012 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. Cybercrime
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationSHARE THIS WHITEPAPER
Denial-of-Service (DoS) Secured Virtual Tenant Networks (VTN) Value-added DoS protection as a service for Software Defined Network (SDN) a solution paper by Radware & NEC Corporation of America Whitepaper
More informationTable of Contents. Page 2/13
Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities
More informationWEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES
WEB PROTECTION Features SECURITY OF INFORMATION TECHNOLOGIES The web today has become an indispensable tool for running a business, and is as such a favorite attack vector for hackers. Injecting malicious
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationVirus Protection Across The Enterprise
White Paper Virus Protection Across The Enterprise How Firewall, VPN and /Content Security Work Together Juan Pablo Pereira Sr. Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda Avenue
More informationVoice Over IP (VoIP) Denial of Service (DoS)
Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based
More informationProtecting Against Application DDoS Attacks with BIG-IP ASM: A Three-Step Solution
Protecting Against Application DDoS Attacks with BIG-IP ASM: A Three-Step Solution Today s security threats increasingly involve application-layer DDoS attacks mounted by organized groups of attackers
More informationB database Security - A Case Study
WHITE PAPER: ENTERPRISE SECURITY Strengthening Database Security White Paper: Enterprise Security Strengthening Database Security Contents Introduction........................................................................4
More informationPerspectives on Cybersecurity in Healthcare June 2015
SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright
More informationHow To Protect Yourself From A Dos/Ddos Attack
RELEVANT. INTELLIGENT. SECURITY White Paper In Denial?...Follow Seven Steps for Better DoS and DDoS Protection www.solutionary.com (866) 333-2133 In Denial?...Follow Seven Steps for Better DoS and DDoS
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationWhite paper. Web Application Security: The Overlooked Vulnerabilities
White paper Web Application Security: The Overlooked Vulnerabilities Abstract Are you adequately protecting the web applications that your business depends on? Software flaws are rapidly becoming the vulnerabilities
More information2010 White Paper Series. Layer 7 Application Firewalls
2010 White Paper Series Layer 7 Application Firewalls Introduction The firewall, the first line of defense in many network security plans, has existed for decades. The purpose of the firewall is straightforward;
More informationTechnology Blueprint. Defend Against Denial of Service Attacks. Protect each IT service layer against exploitation and abuse
Technology Blueprint Defend Against Denial of Service (DOS and DDOS) Attacks Protect each IT service layer against exploitation and abuse LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL
More informationFortiWeb for ISP. Web Application Firewall. Copyright Fortinet Inc. All rights reserved.
FortiWeb for ISP Web Application Firewall Copyright Fortinet Inc. All rights reserved. Agenda Introduction to FortiWeb Highlights Main Features Additional FortiWEB Services for the ISP FortiWeb Family
More informationMitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy
Mitigating Denial of Service Attacks Why Crossing Fingers is Not a Strategy Introduction Mark Baldwin - Owner of Tectonic Security MSSP and Security Consulting Primarily Work With SMBs DDoS Mitigation
More information