Denial of Service Attacks and Resilient Overlay Networks
|
|
- Edwina Hardy
- 8 years ago
- Views:
Transcription
1 Denial of Service Attacks and Resilient Overlay Networks Angelos D. Keromytis Network Security Lab Computer Science Department, Columbia University
2 Motivation: Network Service Availability
3 Motivation: Network Service Availability
4 Why Does It Matter? We are increasingly relying on Internet Services Financial services, Voice over IP (VoIP), e- Government, news, Cloud Computing,... But Internet Services are not dependable... Denial of Service attacks can disrupt online service DDoS attack on Estonia (2007) 2 Weeks, 1M computers, 5,000 clicks per second DDoS attacks against Georgia (2008) Storm Worm: 1.7M infected machines used for DDoS (typically extortion) Ease of assembling and controlling botnets means the problem will persist
5 Defenses End-users/sites: Bandwidth over-provisioning Multi-hosting/multi-homing Use of Content Delivery Networks ISPs: Blackhole routing Anomaly detection & blocking Centralized vs. distributed
6 Research Activity IP traceback (attribution) IP Pushback (reactive blocking) Collaborative filtering (reactive blocking) Router/receiver capabilities (proactive blocking) Improve host-based protection
7 Impediments to deployment Few economic incentives for deployment Most schemes require global adoption & deployment End-users lack the means to react DDoS is mostly an externality for ISPs no market opportunity for router manufacturers Cross-ISP collaboration not always feasible Competition concerns
8 Overlay Networks A different term of distributed system Collection of systems Connected over a wide-area network, such as the Internet Route traffic amongst them without considering physical topology Addressing, neighborhood, other properties may differ from those of the actual network fabric Good way of introducing new functionality into the network without changing routers/protocols (and, sometimes, end-hosts)
9 Using Overlay Networks Distribute logical function of a firewall across the Internet Allow users to contact any overlay node Any overlay node can validate a legitimate user Once admitted into overlay, user s traffic is treated preferentially Allowed to reach attacked site All other traffic dropped/rate-limited
10 Advantages of Overlay Networks Difficult to attack with a DDoS due to distributed nature Assumes large enough overlay Does not rely on ISP co-operation or goodwill Can take advantage of such, where it exists A single overlay can provide protection service to different users Commercialization model similar to CDN A large enough distributed organization can create its own overlay
11 Issues with Overlay Networks How do users discover (accessible) overlay nodes? Largely static content, users (software) can access any node Overlay network becomes obvious target of attack Dedicated nodes, easier to harden Performance issues Higher latency, lower throughput due to non-direct routing How can we tell who is a legitimate user, vs. a bot? How do we effectively discriminate overlay vs. non-overlay traffic?
12 WebSOS: Protection for Web Services
13 WebSOS: Protection for Web Services
14 WebSOS: Protection for Web Services
15 WebSOS: Protection for Web Services
16 WebSOS: Protection for Web Services Can we remove Packet Filtering?
17 Move: An End-to-End Solution for DDoS
18 Move: An End-to-End Solution for DDoS Attack
19 Move: An End-to-End Solution for DDoS
20 Move: An End-to-End Solution for DDoS
21 Prototype in Planet-Lab
22 Migration Performance Round Trip time
23 Limitations of WebSOS & MOVE Time (in seconds) Latency Overhead for various SSL Services Direct Original Request Cached Requests 1 0 Yahoo! Verisign Columbia Columbia (2nd) Latency increase by a factor of 2 when using indirection
24 Limitations of WebSOS & MOVE Time (in seconds) Latency Overhead for various SSL Services Direct Original Request Cached Requests 1 0 Yahoo! Verisign Columbia Columbia (2nd) Latency increase by a factor of 2 when using indirection Also vulnerable to some more intelligent attacks...
25 New Attack: Sweeping Attack
26 New Attack: Sweeping Attack
27 New Attack: Sweeping Attack
28 New Attack: Stalker Attack
29 New Attack: Stalker Attack
30 New Attack: Stalker Attack
31 New Attack: Stalker Attack
32 EXAMPLE: TCP assumes low-latency, stable, fixed capacity, high-quality link Resilience Results: Throughput Throughput vs Degradation Error Rate of in SACK regular with TCP PER 10 9 C7,06;6/8*+-*?-%&"'-B8/9-5!!-I6+;-#F5K RTT: 6ms RTT: 24ms RTT: 104ms Goodput (Mbps) Performance region of wired networks Performance region of MANETs!"#$%&"'( )*+,-.*+/0*1-1**234-56/7-.*+/0*1-83-/97-* 6;62/6/8*+- < < Packet Error Rate(%) %*=0.7(-5*>=3/-!"#-?*0-)60,7@A6+;B8;/9-C716:D-#6.E7/-F063=07-6+;-G=1/8@#6/9-F+H80*+<7+/34 %98HE=<60 '61:6+606<6+ I5#JKD-'4'4-56<6E I&!L!-)6> K
33 Fix attempt: use many entry points But this solution increases the state stored!!!
34 Ticket-based mechanism to the rescue Move state to the ticket Ticket is issued by the Overlay using a shared key Ticket becomes a contract between the user and the overlay Use of a shared key guarantees honor of the agreement
35 Key & Ticket Establishment protocol
36 Ticket Design Random spreading sequence protects against stalker attacks Packet sequence range guarantees traffic control Ticket design and issue protocol prevent replay, spoofing and computational attacks
37 Client Connection Initiation
38 Spread Spectrum Architecture - Replication Multi-Path + Spreading + Ticket allows Packet Replication
39 A2M: Access Assured Mobile Desktop Computing
40 Performance Results: Latency End-to-End Latency with Client Packet Replication nodes 16 nodes 32 nodes 76 nodes Overlay / Direct No Repl. 1.5x 2x 3x Client Packet Replication
41 Resilience Results: Throughput Throughput vs Node Failure 600 Direct No Repl. 1.5x 2x 3x KB/Sec % 3% 4% 9% 17% 21% 27% 35% 43% 46% 55% % Node Failure
42 Resilience Results: Latency (Web) End-to-End Latency vs Node Failure (Web) No Repl. 1.5x 2x 3x
43 Performance Results: Latency (Web) Web Latency vs Packet Replication Video Quality vs Packet Replication hosts 8 hosts 100% Size: 352 x hosts 8 hosts % Latency (s) Video Quality 60% 40% % 0.00 Direct 0% 50% Replication 100% 200% 0% Direct 0% 50% Replication 100% 200%
44 Ticket Generation Benchmark
45 Resilience Results: Video Streaming 100% Video Quality vs Node Failure Video Quality 80% 60% 40% 20% 0% 0% 50% 100% 200% % Node Failures
46 Resilience Results: Video Streaming Video Quality vs Node Failure for Wireless 100% 80% Video Quality 60% 40% 20% 0% 0% 50% 100% 200% % Node Failures
47 Resilience Results: Video Streaming Video Quality vs Node Failure 100% 80% Video Quality 60% 40% 20% 0% 5 clients - 0% 5 clients - 50% 5 clients - 100% 5 clients - 200% 8 clients - 0% 8 clients - 50% 8 clients - 100% 8 clients - 200% % Node Failures
48 TCP Friendliness of Approach Initial implementation non-tcp friendly provided the worst case scenario (use of non-responsive channels) Current implementation encodes path in the TCP options field for acknowledgments generating a different TCP-window for each path Works for regular TCP, UDP, and UDP-encapsulated TCP Existence of multiple paths makes attacks against TCP more difficult
49 Conclusion Recent events have demonstrated the continued and real threat of DDoS as an effectve instrument of both cyber-warfare and cyber-crime Overlay-based mechanisms can mitigate the impact of large DDoS attacks Topology- and provider-independent deployment at relatively low cost Performance impact low (< 10%), only incurred during attack periods A pan-european DDoS Protection Network? Leverage PlanetLab/GRID sites as seeds
50 What is the underlying problem? How clients connect to the overlay: Connection to a single indirection node (entry point) Client s state is stored to this entry point End-to-End connection depends on a small but static set of overlay nodes
51 What is the underlying problem (II)? How the overlay sees the client: User can establish multiple connections to an overlay node An authenticated client can inject any amount of traffic to the overlay network Even if there is access control in the entry point the user can reset that by attacking the entry point
Network Bandwidth Denial of Service (DoS)
Network Bandwidth Denial of Service (DoS) Angelos D. Keromytis Department of Computer Science Columbia University Synonyms Network flooding attack, packet flooding attack, network DoS Related Concepts
More informationThe Evolution of Computer Security Attacks and Defenses. Angelos D. Keromytis Columbia University angelos@cs.columbia.edu
The Evolution of Computer Security Attacks and Defenses Angelos D. Keromytis Columbia University angelos@cs.columbia.edu This talk A look at the evolution of: nature of attackers and their goals cyber
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationThe Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet
The Coremelt Attack Ahren Studer and Adrian Perrig 1 We ve Come to Rely on the Internet Critical for businesses Up to date market information for trading Access to online stores One minute down time =
More informationHow To Block A Ddos Attack On A Network With A Firewall
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
More informationData Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.
Data Centers Protection from DoS attacks. Trends and solutions Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.2010 Cybercrime Trends Page 2 Types of DoS attacks and classical
More informationAdaptive Distributed Traffic Control Service for DDoS Attack Mitigation
Adaptive Distributed Traffic Control Service for DDoS Attack Mitigation Bernhard Plattner, ETH ZürichZ Joint work with Matthias Bossardt and Thomas Dübendorfer TIK ETH Zürich UK ProgNet Workshop, 1st December
More informationNetwork Performance Monitoring at Minimal Capex
Network Performance Monitoring at Minimal Capex Some Cisco IOS technologies you can use to create a high performance network Don Thomas Jacob Technical Marketing Engineer About ManageEngine Network Servers
More informationThe Requirement for a New Type of Cloud Based CDN
The Requirement for a New Type of Cloud Based CDN Executive Summary The growing use of SaaS-based applications has highlighted some of the fundamental weaknesses of the Internet that significantly impact
More informationDistributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 23. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2015 November 17, 2015 2014-2015 Paul Krzyzanowski 1 Motivation Serving web content from one location presents
More informationDDoS Basics. internet: unique numbers that identify areas and unique machines on the network.
DDoS Basics Introduction Distributed Denial of Service (DDoS) attacks are designed to prevent or degrade services provided by a computer at a given Internet Protocol 1 (IP) address. This paper will explain,
More informationArbor s Solution for ISP
Arbor s Solution for ISP Recent Attack Cases DDoS is an Exploding & Evolving Trend More Attack Motivations Geopolitical Burma taken offline by DDOS attack Protests Extortion Visa, PayPal, and MasterCard
More informationLIST OF FIGURES. Figure No. Caption Page No.
LIST OF FIGURES Figure No. Caption Page No. Figure 1.1 A Cellular Network.. 2 Figure 1.2 A Mobile Ad hoc Network... 2 Figure 1.3 Classifications of Threats. 10 Figure 1.4 Classification of Different QoS
More informationPrevention, Detection, Mitigation
Thesis for the Degree of DOCTOR OF PHILOSOPHY Multifaceted Defense Against Distributed Denial of Service Attacks: Prevention, Detection, Mitigation Zhang Fu Division of Networks and Systems Department
More informationpacket retransmitting based on dynamic route table technology, as shown in fig. 2 and 3.
Implementation of an Emulation Environment for Large Scale Network Security Experiments Cui Yimin, Liu Li, Jin Qi, Kuang Xiaohui National Key Laboratory of Science and Technology on Information System
More informationCHAPTER 6. VOICE COMMUNICATION OVER HYBRID MANETs
CHAPTER 6 VOICE COMMUNICATION OVER HYBRID MANETs Multimedia real-time session services such as voice and videoconferencing with Quality of Service support is challenging task on Mobile Ad hoc Network (MANETs).
More informationDistributed Denial of Service Attacks & Defenses
Distributed Denial of Service Attacks & Defenses Guest Lecture by: Vamsi Kambhampati Fall 2011 Distributed Denial of Service (DDoS) Exhaust resources of a target, or the resources it depends on Resources:
More informationDenial of Service Attacks
(DoS) What Can be DoSed? First Internet DoS Attack The TCP State Diagram SYN Flooding Anti-Spoofing Better Data Structures Attacking Compact Data Structures Generic Solution SYN Cookies It s Not Perfect
More informationCS 356 Lecture 16 Denial of Service. Spring 2013
CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationGame changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE
Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationTECHNICAL NOTE 01/2006 ENGRESS AND INGRESS FILTERING
TECHNICAL NOTE 01/2006 ENGRESS AND INGRESS FILTERING 20 APRIL 2006 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation to
More informationFortiDDos Size isn t everything
FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One
More informationHow To Protect A Dns Authority Server From A Flood Attack
the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point
More informationDoS: Attack and Defense
DoS: Attack and Defense Vincent Tai Sayantan Sengupta COEN 233 Term Project Prof. M. Wang 1 Table of Contents 1. Introduction 4 1.1. Objective 1.2. Problem 1.3. Relation to the class 1.4. Other approaches
More informationDISTRIBUTED DENIAL OF SERVICE OBSERVATIONS
: DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s
More informationG-Lab: A Future Generation Internet Research Platform
Institute of Computer Science Department of Distributed Systems Prof. G-Lab: A Future Generation Internet Research Platform www3.informatik.uni-wuerzburg.de Institute of Computer Science University of
More informationDEFENSE NETWORK FAQS DATA SHEET
DATA SHEET VERISIGN INTERNET DEFENSE NETWORK FAQS WHAT IS A DOS OR DDOS ATTACK? A Denial of Service attack or Distributed Denial of Service attack occurs when a single host (DoS), or multiple hosts (DDoS),
More informationProtecting Mobile Devices From TCP Flooding Attacks
Protecting Mobile Devices From TCP Flooding Attacks Yogesh Swami % and Hannes Tschofenig* % Nokia Research Center, Palo Alto, CA, USA. * Siemens Corporate Technology, Munich, DE. 1 Motivation Anatomy of
More informationColumbia - Verizon Research Securing SIP: Scalable Mechanisms For Protecting SIP-Based Systems
Columbia - Verizon Research Securing SIP: Scalable Mechanisms For Protecting SIP-Based Systems Henning Schulzrinne Eilon Yardeni Somdutt Patnaik Columbia University CS Department Gaston Ormazabal Verizon
More informationAvailability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013
the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationCyber Security Where Do I Begin?
ISPE Automation Forum Cyber Security Where Do I Begin? Don Dickinson Project Engineer Phoenix Contact ..50% more infected Web pages Click in the on one last and three you months won t of notice 2008 than
More informationCHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS
137 CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 8.1 CONCLUSION In this thesis, efficient schemes have been designed and analyzed to control congestion and distribute the load in the routing process of
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationDenial of Service. Tom Chen SMU tchen@engr.smu.edu
Denial of Service Tom Chen SMU tchen@engr.smu.edu Outline Introduction Basics of DoS Distributed DoS (DDoS) Defenses Tracing Attacks TC/BUPT/8704 SMU Engineering p. 2 Introduction What is DoS? 4 types
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationA Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
More informationDenial of Service (DoS) Technical Primer
Denial of Service (DoS) Technical Primer Chris McNab Principal Consultant, Matta Security Limited chris.mcnab@trustmatta.com Topics Covered What is Denial of Service? Categories and types of Denial of
More informationSeminar Computer Security
Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example
More informationDesign and Experiments of small DDoS Defense System using Traffic Deflecting in Autonomous System
Design and Experiments of small DDoS Defense System using Traffic Deflecting in Autonomous System Ho-Seok Kang and Sung-Ryul Kim Konkuk University Seoul, Republic of Korea hsriver@gmail.com and kimsr@konkuk.ac.kr
More informationWAN Performance Analysis A Study on the Impact of Windows 7
A Talari Networks White Paper WAN Performance Analysis A Study on the Impact of Windows 7 Test results demonstrating WAN performance changes due to upgrading to Windows 7 and the network architecture and
More informationSafeguards Against Denial of Service Attacks for IP Phones
W H I T E P A P E R Denial of Service (DoS) attacks on computers and infrastructure communications systems have been reported for a number of years, but the accelerated deployment of Voice over IP (VoIP)
More informationVirtual Privacy vs. Real Security
Virtual Privacy vs. Real Security Certes Networks at a glance Leader in Multi-Layer Encryption Offices throughout North America, Asia and Europe Growing installed based with customers in 37 countries Developing
More informationNetwork Simulation Traffic, Paths and Impairment
Network Simulation Traffic, Paths and Impairment Summary Network simulation software and hardware appliances can emulate networks and network hardware. Wide Area Network (WAN) emulation, by simulating
More informationSECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS)
SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS) Neha Maurya, ASM S IBMR ABSTRACT: Mobile Ad hoc networks (MANETs) are a new paradigm of wireless network, offering unrestricted mobility without any underlying
More informationPerformance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc
(International Journal of Computer Science & Management Studies) Vol. 17, Issue 01 Performance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc Dr. Khalid Hamid Bilal Khartoum, Sudan dr.khalidbilal@hotmail.com
More informationTDC s perspective on DDoS threats
TDC s perspective on DDoS threats DDoS Dagen Stockholm March 2013 Lars Højberg, Technical Security Manager, TDC TDC in Sweden TDC in the Nordics 9 300 employees (2012) Turnover: 26,1 billion DKK (2012)
More informationGlasnost or Tyranny? You Can Have Secure and Open Networks!
AT&T is a proud sponsor of StaySafe Online Glasnost or Tyranny? You Can Have Secure and Open Networks! Steven Hurst CISSP Director - AT&T Security Services and Technology AT&T Chief Security Office 2009
More informationPreventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System
Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System Shams Fathima M.Tech,Department of Computer Science Kakatiya Institute of Technology & Science, Warangal,India
More informationTalkShow Advanced Network Tips
TalkShow Advanced Network Tips NewTek Workflow Team TalkShow is a powerful tool to expand a live production. While connecting in a TalkShow unit is as simple as plugging in a network cord and an SDI cable,
More informationGlobal Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team
Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team The Internet is in the midst of a global network pandemic. Millions of computers
More informationRestorable Logical Topology using Cross-Layer Optimization
פרויקטים בתקשורת מחשבים - 236340 - סמסטר אביב 2016 Restorable Logical Topology using Cross-Layer Optimization Abstract: Today s communication networks consist of routers and optical switches in a logical
More informationAt dincloud, Cloud Security is Job #1
At dincloud, Cloud Security is Job #1 A set of surveys by the international IT services company, the BT Group revealed a major dilemma facing the IT community concerning cloud and cloud deployments. 79
More informationEndpoint Based Policy Management: The Road Ahead
Endpoint Based Policy Management: The Road Ahead Introduction In a rapidly growing and crowded security solutions market, organizations need to deploy the most effective technologies taking into consideration
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationIntrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
More informationPrevention, Detection and Mitigation of DDoS Attacks. Randall Lewis MS Cybersecurity
Prevention, Detection and Mitigation of DDoS Attacks Randall Lewis MS Cybersecurity DDoS or Distributed Denial-of-Service Attacks happens when an attacker sends a number of packets to a target machine.
More informationComplete Protection against Evolving DDoS Threats
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
More informationTECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS
TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS 2002 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor
More informationNetwork Virtualization
Network Virtualization Jennifer Rexford Advanced Computer Networks http://www.cs.princeton.edu/courses/archive/fall08/cos561/ Tuesdays/Thursdays 1:30pm-2:50pm Introduction Motivation for network virtualization
More informationHOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest
More informationOctoshape s Multicast Technology Suite:
: The Next-Gen CDN Alternative for Large-Scale, Cost-Optimized, Global HD Streaming HQ: +45 8833 4680 USA: +1 770 578 1686 Asia: +65 81125330 www.octoshape.com Table of Contents Core Transport...4 Making
More informationDDoS Threat Report. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter
DDoS Threat Report Insights on Finding, Fighting, and Living with DDoS Attacks v1.1 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News - 2014 DDoS Trends
More informationVoIP Over the Internet: Is Toll Quality Achievable?
VoIP Over the Internet: Is Toll Quality Achievable? Mansour Karam, Technical Lead SCV Communications Society May 12, 2004 1 Agenda Introduction VoIP versus VoIP over the Internet Challenges for VoIP over
More informationDistributed Systems. 25. Content Delivery Networks (CDN) 2014 Paul Krzyzanowski. Rutgers University. Fall 2014
Distributed Systems 25. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2014 November 16, 2014 2014 Paul Krzyzanowski 1 Motivation Serving web content from one location presents
More informationQuality Certificate for Kaspersky DDoS Prevention Software
Quality Certificate for Kaspersky DDoS Prevention Software Quality Certificate for Kaspersky DDoS Prevention Software Table of Contents Definitions 3 1. Conditions of software operability 4 2. General
More informationHuawei One Net Campus Network Solution
Huawei One Net Campus Network Solution 2 引 言 3 园 区 网 面 临 的 挑 战 4 华 为 园 区 网 解 决 方 案 介 绍 6 华 为 园 区 网 解 决 方 案 对 应 产 品 组 合 6 结 束 语 Introduction campus network is an internal network of an enterprise or organization,
More informationContent Distribution Networks (CDN)
229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the
More informationTechnology Blueprint. Defend Against Denial of Service Attacks. Protect each IT service layer against exploitation and abuse
Technology Blueprint Defend Against Denial of Service (DOS and DDOS) Attacks Protect each IT service layer against exploitation and abuse LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationMultifaceted Approach to Understanding the Botnet Phenomenon
Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic
More informationwww.prolexic.com Stop DDoS Attacks in Minutes
www.prolexic.com Stop DDoS Attacks in Minutes Prolexic gives us the strong insurance policy against DDoS attacks that we were looking for. Mark Johnson, Chief Financial Officer, RealVision You ve seen
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationHow To Protect Your Network From A Ddos Attack On A Network With Pip (Ipo) And Pipi (Ipnet) From A Network Attack On An Ip Address Or Ip Address (Ipa) On A Router Or Ipa
Defenses against Distributed Denial of Service Attacks Adrian Perrig, Dawn Song, Avi Yaar CMU Internet Threat: DDoS Attacks Denial of Service (DoS) attack: consumption (exhaustion) of resources to deny
More informationColt IP VPN Services. 2010 Colt Technology Services Group Limited. All rights reserved.
Colt IP VPN Services 2010 Colt Technology Services Group Limited. All rights reserved. Agenda An introduction to IP VPN Colt IP VPN Hybrid Networking Workforce Mobility Summary 2 Drivers behind IP VPN
More informationCisco Network Foundation Protection Overview
Cisco Network Foundation Protection Overview June 2005 1 Security is about the ability to control the risk incurred from an interconnected global network. Cisco NFP provides the tools, technologies, and
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationProtecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking
ProCurve Networking by HP Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking Introduction... 2 Today s Network Security Landscape... 2 Accessibility...
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationLARGE-SCALE INTERNET MEASUREMENTS FOR DIAGNOSTICS AND PUBLIC POLICY. Henning Schulzrinne (+ Walter Johnston & James Miller) FCC & Columbia University
1 LARGE-SCALE INTERNET MEASUREMENTS FOR DIAGNOSTICS AND PUBLIC POLICY Henning Schulzrinne (+ Walter Johnston & James Miller) FCC & Columbia University 2 Overview Quick overview What does MBA measure? Can
More informationMPLS: Key Factors to Consider When Selecting Your MPLS Provider
White paper MPLS: Key Factors to Consider When Selecting Your MPLS Provider New Edge Networks June 2008 New Edge Networks 3000 Columbia House Blvd. Vancouver, WA 98661 360-693-9009 1-866-636-EDGE www.newedgenetworks.com
More informationTamoSoft Throughput Test
TAKE CONTROL IT'S YOUR SECURITY TAMOSOFT df TamoSoft Throughput Test Help Documentation Version 1.0 Copyright 2011-2014 TamoSoft Contents Contents... 2 Introduction... 3 Overview... 3 System Requirements...
More informationCS5490/6490: Network Security- Lecture Notes - November 9 th 2015
CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter
More informationDDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest
DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service
More informationDisaster-Resilient Backbone and Access Networks
The Workshop on Establishing Resilient Life-Space in the Cyber-Physical Integrated Society, March. 17, 2015, Sendai, Japan Disaster-Resilient Backbone and Access Networks Shigeki Yamada (shigeki@nii.ac.jp)
More informationTCP over Multi-hop Wireless Networks * Overview of Transmission Control Protocol / Internet Protocol (TCP/IP) Internet Protocol (IP)
TCP over Multi-hop Wireless Networks * Overview of Transmission Control Protocol / Internet Protocol (TCP/IP) *Slides adapted from a talk given by Nitin Vaidya. Wireless Computing and Network Systems Page
More informationContent Distribution over IP: Developments and Challenges
Content Distribution over IP: Developments and Challenges Adrian Popescu, Blekinge Inst of Technology, Sweden Markus Fiedler, Blekinge Inst of Technology, Sweden Demetres D. Kouvatsos, University of Bradford,
More informationDDoS Protection Technology White Paper
DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of
More informationDDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT
DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK AN OVERVIEW OF MOBILE ADHOC NETWORK: INTRUSION DETECTION, TYPES OF ATTACKS AND
More informationInjazat s Managed Services Portfolio
Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.
More informationThe server will respond to the client with a list of instances. One such attack was analyzed by an information security researcher in January 2015.
1 TLP: GREEN 02.11.15 GSI ID: 1086 SECURITY BULLETIN: MS SQL REFLECTION DDOS RISK FACTOR - MEDIUM 1.1 / OVERVIEW / Beginning in October 2014, PLXsert observed the use of a new type of reflection-based
More informationWhite Paper. Requirements of Network Virtualization
White Paper on Requirements of Network Virtualization INDEX 1. Introduction 2. Architecture of Network Virtualization 3. Requirements for Network virtualization 3.1. Isolation 3.2. Network abstraction
More informationWireless Sensor Networks Chapter 14: Security in WSNs
Wireless Sensor Networks Chapter 14: Security in WSNs António Grilo Courtesy: see reading list Goals of this chapter To give an understanding of the security vulnerabilities of Wireless Sensor Networks
More informationAn Overlay Architecture for End-to-End Service Availability. Angelos Stavrou
An Overlay Architecture for End-to-End Service Availability Angelos Stavrou Submitted in partial fulfillment of the Requirements for the degree of Doctor of Philosophy in the Graduate School of Arts and
More informationVoIP / SIP Planning and Disclosure
VoIP / SIP Planning and Disclosure Voice over internet protocol (VoIP) and session initiation protocol (SIP) technologies are the telecommunication industry s leading commodity due to its cost savings
More information