1 Solution Brief Combating Bots and Mitigating DDoS Attacks
2 Combating Bots and Mitigating DDoS Attacks Page Many of today s distributed denial of service (DDoS) 1 attacks are carried out by organized criminals targeting financial institutions, e-commerce, and gambling sites. The sites are taken down by bandwidth or server extortion caused by the traffic thrown at the target. DDoS attacks range from small and targeted attacks to large scale versions launched from thousands of bots, affecting not only the target victim, but also the infrastructure of the service provider. This in turn impacts other customers services and if the network stability is affected even voice and other public services may be impacted. As hacking has turned to a tool used by organized criminals, we witness a higher degree of sophistication and the magnitude of the attacks has also increased dramatically. Service providers have a unique role to play to combat DDoS attacks. New enhancements in routing and security technologies enable them to protect their broadband users from compromising malware that turn PCs into bots. By utilizing technologies at hand and designing the networks using best practice, the impact of an attack can be limited to the victim, and the attack can quickly be mitigated. In summary, service providers are recommended to: Take a pro-active role in combating bots from residential broadband, e.g. by using dynamic threat mitigation, a solution based on a combination of policy enforcing routing techniques, dynamic policy control and intrusion detection and prevention technologies. Offer managed Intrusion Detection and Prevention to secure customer sites Implement BGP flow filters to help mitigate DDoS attacks, distributing filter mechanisms as close as possible to the distributed sources of the attack. Design their network in a reliable fashion, limiting the likelihood of misconfigured network elements and improving availability of the network. Protect the routing control plane by implementing policy rate limiting for all traffic traversing the forwarding plane to the routing engine. Define peering agreements including security policies, e.g. how quickly identified spammers should be blocked out from the network. Utilize MD5 or encrypted IPSec for routing exchanges intra and inter AS. This paper highlights how these techniques can be implemented and what security benefits they bring to the service provider. Specific application security topics like protection of next generation voice or video services are outside the scope of this paper. Criminal organizations behind attacks Over the last two years, we have witnessed a shift in how attacks appear to be carried out on the Internet. In the early days of the Internet, most of the attackers were seen to be highly skilled techies that tampered web sites in cyberspace in a similar fashion that kids in the streets of Manhattan tagged underground stations. They were driven by the technical challenge, by fame and by the pure fun of having well respected, large corporations hurt by their technical sharpness. These types of attackers are still around, causing problems for service providers and enterprises around the globe, however they don t cause the most damage anymore. 2 Instead, attacks are carried out in a more targeted fashion, and the level of sophistication increases. Large organizations like Amazon, ebay, Yahoo and Microsoft have been affected by large DDoS attacks. Lately, we witness an increase of targets in financial institutions and other organizations that keep financial records. Auction, e-commerce and gambling sites are blackmailed before major events are due, e.g. in August 2005 the Hamburg-based gambling site jaxx.de was blackmailed to pay 40,000 euros to stop an ongoing DDoS attack. 3 The pattern is clear: organized criminals appear to be behind these attacks, and their driver is money. Botnets broadband connected PCs sold to hackers Bot is short for software robot, and is referred to as compromised PC attached to the internet and remotely controlled by a hacker. Some estimate that 25% of all broadband PCs are infected by bots, and that there are over a million bots available to participate in different types of attacks. 4 Hackers use communication systems, typically the IRC internet chat application, to control the bots. The malicious code can get onto the PC through an attachment, silver wrapped in a file which is automatically installed when visiting a web site, or in an mp3 file carried in a peer to peer application, to name a few common ways Trojans propagate. Once the malicious code executes, the bot will install itself, may patch the system, open service ports on the machine, and spread itself further on to other machines that it can reach from inside the network. The bot then sets up a connection to a Herder, the server in control of a number of bots, a botnet. It may be very difficult to detect that a PC has turned into a bot. In fact, it can even be hard to find out that it is communicating at all. This makes bot mitigation very challenging. Botnets can be huge. There are examples of botnets as big as 400,000 infected computers. 5 These armies of compromised PCs serve two main purposes to launch spam s for scam marketing, or to launch DDoS attacks. Bots are also used to send phishing s, upload adware, and as key loggers to trace credit card information, passwords, or other personal information.
3 Page Solution Brief DDoS attacks launched from tens of thousands of bots simultaneously result in gigabit of traffic being thrown at the victim. These attacks not only affect the targeted host or network. The service provider infrastructure will also be impacted by the bandwidth extortion, causing unpredictable behaviour of other applications on that network. In a security study from September 2005, a majority of the service providers reported an average of 10 or more attacks per month that significantly impact customer availability, with an average of 40 general attacks per month. 6 Botnets are set up for profit. Renting bots costs 10 to 50 cents per bot and month, depending on purpose, number of bots, and of course, the market price. Spammers market their services on the Internet using web sites with commercial look and feel. Some even do seasonal discounts! At a closer look behind the scene, it is hard to identify any corporate representative. They don t give out any address information or fixed phone number. The mobile phone is directed to an answering machine. Attack detection challenges It is quite obvious for the victim when he is under DDoS attack. There will be a flood of traffic, e.g. SYN messages for TCP session set up, SIP invites, or plain UDP traffic sent to one of the target s hosts, resulting in service degradation or even complete service blocking. Firewalls protect against these types of attacks, but if the bandwidth down to the site is extorted, the resolution can no longer be found at the customer site. Instead it has to be mitigated closer to the sources in cooperation with the service provider. Larger attacks are also identified by the service provider s NOC staff. Many service provider s have traffic anomalies detection solutions in place to check for such change in traffic patterns. The challenge for the service provider is that an increased load to a specific customer may well be valid traffic, e.g. the customer may have just released a new popular product on the network. This means that the operator needs to verify that his customer is under attack before taking actions against the attack. This is a manual process and will take around 10 minutes if there is a defined process and authorised people are reachable. But it takes much longer if the processes are unclear. Service Provider Actions Against Attacks So what can service providers do to combat botnets and mitigate DDoS attacks? First, service providers have a critical role to play in the preparation phase of an attack. By providing intrusion detection and prevention services to residential broadband users, the malicious code can be stopped before it makes its way down to the targeted PC. Most broadband users are not aware of the security risks their PCs are exposed to, and they have a careless take on security. What can ever be on my PC that anyone would like to get their hands at? This attitude may be seen as a bit naive, but in all fairness - network security is a complex topic and residential users need a solid guide and solution for how rules can be enforced to protect their systems from hackers. Second, service providers can implement traffic filtering mechanisms and utilize newly developed standards for distributing filtering information across its own facilities and announce the filter to peering routers of other service providers. Third, there are a number of best practices design rules that service providers should take advantage of in order to limit the impact of an attack. Last, but not least, service providers can report the DDoS events to legal authorities, which would increase the awareness of number of attacks and bring necessary information to legal authorities to trace and criminal activities on the Internet. Proactive Mitigation Combating Bots Broadband subscribers are today referred to PC-based anti virus for protection against malicious code. This is a good first level of protection, but hasn t been sufficient to protect against bot penetration on the Internet. We need a broader set of tools, and capabilities for the service providers to take a more active role to combat bots. Juniper Networks has developed the Dynamic Threat Mitigation Solution that allows network elements to work together to identify suspicious traffic, confirm whether or not the traffic is malicious and then take action to block that traffic from the network. Service providers now have the ability to cost effectively identify attacks on per user or per application basis and to quickly mitigate these attacks. The solution combines the power of advanced in-line detection and prevention (IDP) with dynamic service policy creation and configuration. 7 The Dynamic Threat Mitigation integrated solution provides many key benefits including: The ability to quickly identify, automatically isolate and notify infected customers by redirecting them to a captive portal, or by sending them an . Dynamically add remedied customers back to normal service with the help of a captive web portal page that includes instructions on virus remedies. Remediation is carried out by having the customer to go though an on-line virus scanning tool. On compromised PCs, the host anti-virus system can t be trusted as it may be tampered by the bot. Dynamic application of service policies to infected network areas or customers. Policies can be easily adapted to include the latest virus attributes. Improved user experience Minimal disruption to the end user environment
4 Combating Bots and Mitigating DDoS Attacks Page There are three deployment models for the Dynamic Threat Mitigation solution: Always On, Scheduled Surveillance or Volume Triggered Surveillance. Figure 1 shows the principles behind the Volume Triggered Surveillance model. In the in-line deployment, all traffic from the broadband subscribers is inspected for malicious code by the IDP, allowing the system to drop the bad traffic before it reaches the end users PC. E-series/M-series Classifiers and traffic counters Redirect and rate limit SDX-300 Policy Manager Volume Tracking Application to redirect to IDP IDP event trigger redirect to captive portal SDX-300 Rerouted, suspicious traffic inspected by IDP Signals event to SDX feature that detects a sudden increase of traffic being sent from a customer. This trigger the policy manager to update the policy of the E- or M-series router and the traffic is redirected to the IDP site, where further traffic analyses are carried out. The IDP will identify if the user is taking part of a SYN/UDP flood attack, SIP invite attack or is spreading a worm. When the user opens up a browser, the new policy in the broadband router can redirect the user to a captive portal providing tailored remediation support. It is recommended to keep broadband users that have been in control by a bot under IDP inspection over a period of time after their PCs have been remedied. This will assure that the malicious code was successfully removed by the anti virus tool, and it will protect the customer from being infected again by the use of stateful signature detection and backdoor detection techniques. M Series E Series ISG/IDP T Series Internet The Dynamic Mitigation Solution arms the service providers with a security tool that identifies risks early on. By taking proactive steps to combat bots, customer will gain a greater broadband experience, increasing customer loyalty and reducing churn. Figure 1. Dynamic Threat Mitigation Solution deployed in volume triggered surveillance mode. Complementing antivirus tools for scanning files for malicious code, the IDP utilizes 8 unique ways to identify malicious traffic. Signatures and protocol anomalies are updated every day by J-security research lab to ensure the application servers and PCs are protected from the latest vulnerabilities announced as well as yet unknown attack. Stateful signature detection searches for a unique series of byte pattern combined with information on where in the communication state this pattern should be found. This makes the identification of worms very accurate. Other intrusion detection systems on the market don t have this capability, but just scans the traffic for a given pattern. As service providers get more active in bot mitigation, it becomes increasingly important to be accurate and avoid blocking legitimate traffic. Another useful detection method for mitigating attacks before they break out is the backdoor detection method. This identifies traffic patterns by the characteristics of the communication flow, e.g. when key strokes are transmitted to a PC. For scheduled surveillance or for volume trigged attack mitigation, the IDPs are centrally deployed and the broadband traffic is rerouted for inspection and mitigation either by certain time intervals, or triggered dynamically by a change in traffic volumes from an individual subscriber. These models require less equipment and is therefore more cost efficient. The source of a suspected attack can be identified by a volume tracking BGP Traffic Flow Filter for DDoS Attack Mitigation Service providers use primarily two methods to mitigate attacks once they have been discovered by the NOC; packet filters, and black-hole routing. Packet filters, also referred to as firewall filters or access control lists, are set in the edge routers to rate limit or discard traffic being sent to or from specific IP addresses. In a distributed attack scenario, the traffic is sent from many different sources and needs to be filtered out as close to the source as possible. Up until now, there hasn t been a standard way to communicate filtering information between routers. Instead routers have exchanged topologies and routing information using IGP or BGP protocols. The idea behind black-hole routing is to drop malicious traffic by attaching a BGP community to a route and map that route to a forwarding discard function. The router will then create black holes in the routing table and the forwarding function of the router will discard the packets accordingly. There is a historic reason why this approach was taken in the first place. Legacy routers couldn t handle large amount of flow filters without severe performance degradation. As blackhole routing utilize discard functionality in the forwarding plane, it will have similar performance as any standard forwarding action of the router. Black-hole routing information is exchanged by standard routing protocols, and in the case of BGP, standard attributes like BGP communities allow service providers to share black-hole routing information with their trusted peers.
5 Page Solution Brief One limitation in black-hole routing is that it is based solely on destination or source addresses, or range thereof. In a distributed attack scenario, the sources are typically widespread across thousands of sources, thus typically the malicious traffic has to be defined by the destination address. When turned on, routers will drop any packets designated to the victim, regardless of type of traffic, good or bad. The net affect is a reliable network service for all other customers; however the DDoS attack hasn t been resolved. In fact the service provider is now doing an effective job of denying all traffic towards the victim. This is one of the major shortcomings in black-hole routing. A second limitation of blackhole routing is that it can only admit or deny traffic. There is no way to take more sophisticated actions like sampling, logging and policing. Once the attack has faded off, the service providers need to make a new update to allow traffic to the former attacked victim. As blackholes appear as any routing entry in the Internet routing tables, it can be hard to track blackholes that keep discarding traffic well after the attack has stopped. Traffic Flow Filtering - Overview Traffic Flow Filters is a new method which uses BGP to distribute filtering information dynamically across autonomous systems. Up until now, routing protocols have been used to exchange forwarding information, however there has not been any standard on how routers should exchange information about services. Traffic Flow Filters is the first initiative to address this limitation. The standard provides a common framework for distributing flow and filter information independent of the routing information. One of its first applications is DDoS attack mitigation. 8 Using BGP routing advertisements to distribute traffic filtering information has the advantage of using the existing infrastructure and inter-as communication channels. This allows service providers to automatically accept updated filter information from trusted peers, and from customers attached to their network. Filters can be applied to flows identified by a number of matching criteria: source or destination address, port number, protocol type, DSCP, TCP flags or any other information found in the IP header. The actions taken on the flow include dropping the traffic (this is a special case with the net affect similar to black hole routing), rate limiting, sampling, counting, or redirect. When using the redirect feature, the traffic is typically forwarded to a honeynet, a dedicated network managed by the service provider to analyze and manage attacks. Propagation time and execution of filter updates across the service provider own network and further propagation to peering partners depends on many factors such as network size, BGP design and the routing systems themselves. Fast convergence times have been a leading development goal for Juniper Networks and the JUNOS operating system in the M- and T-series routers have been designed from the ground up to perform quickly on these tasks. How Traffic Flow Filters works A DDoS attack is mitigated by traffic flow filters in the following way: 1) The operator identifies and validates that there is an DDoS attack on the network. 2) The operator samples the traffic to identify the attack pattern, e.g. a range of UDP ports and destination addresses. 3a) The NOC makes a filter flow update matching the attack pattern, and includes a filter actions that should be taken on this traffic, e.g. dropping the traffic and count the number of packets. 3b) Alternatively, the customer can initiate the filter flow update by configuring a flow filter on the CPE router. 4) The egress router will update its forwarding and service planes to take immediate action. 5) The traffic flow filter update will propagate across the network and the traffic flow filter information will be activated across BGP peers as defined in the routing update policy. 6) When a BGP peer receives the flow filter update, it will first make a security action, and cross check the filter update to its current unicast routing table. This ensures that the update is received from a router that is on the path to the attack victim. 7) Once the flow filters have been executed on all BGP peers, the DDoS attack will be filtered out as close to the sources as possible and the constrained resources will be released to handle good traffic. The victim will no longer be affected by the attack.
6 Combating Bots and Mitigating DDoS Attacks Page Traffic Flow Filters in Operation Victim Firewall J6300 3b a. NOC Good traffic Benefits of BGP traffic flow filtering Traffic Flow Filters allow for a more granular control of how attacks can be mitigated than offered by blackhole routing. It also provides a clean separation of filter and forwarding information, simplifying operation and limiting the risk of configuration mistakes. In addition, traffic flow filters allow a broader set of actions that can be taken on the traffic. The ability to sample traffic can provide more accurate data on attacks helping us to more quickly identify and combat future attacks. Traffic Flow Filters in Operation Victim Firewall J6300 3b a. NOC Good traffic BGP play a key role in all IP networks today. All inter AS routing information exchange between service providers is carried by BGP. MP-BGP is exclusively used to exchange VPN routing information, and many service providers use ibgp for intra AS routing updates as well. By the use of BGP for exchanging traffic flow filter information, service providers don t have to implement a new protocol for DDoS mitigation, and many of the well known AS specific community attributes can be used in combination with the traffic flow filtering to determine predefined actions. 4. Traffic Flow Filters in Operation IP/MPLS design for DDoS protection Designing networks is a profession in itself, selecting the most scalable, feature rich and cost-efficient nodes and configuring them to perform the broad set of communication services that we expect from today s IP/MPLS networks. Network nodes are designed from the ground up to be carrier class and are therefore in general less vulnerable than application servers. That said, also network nodes can witness DDoS attacks, and hackers may use vulnerabilities in network nodes to carry out attacks as well. Victim Firewall J6300 3b a. 4. NOC Good traffic Node protection Juniper Network routers are designed for high availability and predictable performance with services turned on. The design allows the service providers to protect the routers and other network elements without compromising performance. It also provides ubiquitous protection across the geographical reach. The JUNOS and JUNOSe operating systems have a modular design, allowing all protocols to run in separate protected memory modules, limiting the impact in the event of a buffer overflow or software failure. Figure 2. Traffic Flow Filters in Operation. All traffic designated to the router itself needs to traverse the hardware based forwarding engine. All security features on the interfaces can be turned on to limit the possibility of an attack. It is recommended to rate limit valid traffic to ensure the node is protected from smurf attacks using the Internet Control Message Protocol (ICMP) or SYN flood attacks on open ports that run the routing and management protocols.
7 Page Solution Brief Juniper M- and T-series routers can also be equipped with stateful firewalls running on adaptive services port interface adaptors. In addition to perform security services to end-users, these firewalls can be used to check the traffic designated to the routing engine. This allows for more granular protection against attacks. Network protection Unicast Reverse Path Forwarding (urpf) is a technique that validates the source address on all packets to make sure the source address corresponds to a network learned on the incoming interface of the router. This feature not only protect against IP address spoofing, but also the types of DDoS attacks that randomly sets the source address of the senders to different source addresses to make tracing more cumbersome. Routing integrity protection Attacks on the routing protocols are not as common as DDoS attacks, however the impact of these types of attacks can be severe. To ensure the integrity of traffic between BGP peers, it is recommended to use authentication schemes. One common authentication scheme is Message Digest 5 (MD5). To further increase the security level, the complete routing communication channel can be encrypted using IPSec. Designing a network to be attack tolerant and inherently secure is a continuous effort. Juniper Networks Professional Services can assist service providers to ensure the products are used efficiently and secure. Services include network audits and best practice configuration expertise. Conclusion New technologies like Traffic Flow Filters and the Dynamic Threat Mitigation solution allow service providers to take a more proactive role in protecting broadband subscribers and enterprises against attacks. Enterprises protect themselves by placing firewalls at the perimeter of the network, and just recently they have started to add unified access control (UAC) technologies to take control and offer remediation support for compromised PCs also from within their own network. Against DDoS attacks, however, the companies depend on service providers to take actions. The Dynamic Threat Mitigation solution arms the service provider with a tool to combat bots at the root of the problem. By helping residential customers to clean their broadband PCs from these software robots, the end user will get a greater broadband experience, and service provider will be rewarded by increase loyalty and reduced churn. Note! Juniper Networks has published this paper with a view to describe the benefits of and potential use of certain of its products. This paper should not be considered advice going to any specific security issue and readers should not rely on its content alone in considering or implementing security solutions, but should get appropriate advice in respect of their particular needs. 1 For a definition of DDoS, please visit Attack Trends: Beyond The Numbers, January-October 2005, Cruce Schneier, Counterpane Internet Secuirty, Inc Worldwide ISP Security Report, Arbor Networks, Sep For more details on the Dynamic Threat Mitigation Solution from Juniper Networks please visit solutionbriefs/ pdf 8 Traffic Flow Filters are being standardized by the IETF. The RFC document can be found here:
8 Page 8 CORPORATE HEADQUARTERS AND SALES HEADQUARTERS FOR NORTH AND SOUTH AMERICA Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA Phone: 888-JUNIPER ( ) or Fax: EAST COAST OFFICE Juniper Networks, Inc. 10 Technology Park Drive Westford, MA USA Phone: Fax: ASIA PACIFIC REGIONAL SALES HEADQUARTERS Juniper Networks (Hong Kong) Ltd. Suite , Asia Pacific Finance Tower Citibank Plaza, 3 Garden Road Central, Hong Kong Phone: Fax: EUROPE, MIDDLE EAST, AFRICA REGIONAL SALES HEADQUARTERS Juniper Networks (UK) Limited Juniper House Guildford Road Leatherhead Surrey, KT22 9JH, U. K. Phone: 44(0) Fax: 44(0) Copyright 2006, Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice Apr 2006
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
White Paper SRX Series as Gi/ Firewall for Mobile Network Infrastructure Protection Copyright 2012, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3 Overview of LTE (4G)
Application Note IGMP Proxy Model for IPTV Laboratory Testing of the IGMP Proxy Model Including Setup, Methodology, JUNOSe Commands and Test Report Excerpts Juniper Networks, Inc. 1194 North Mathilda Avenue
Traffic Diversion Techniques for DDoS Mitigation using BGP Flowspec Leonardo Serodio firstname.lastname@example.org May 2013 Distributed Denial of Service (DDoS) Attacks DDoS attack traffic consumes
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example
Application Note Identity-Based Traffic Logging and Reporting Using UAC in Conjunction with NSM and Infranet Enforcers to Give Additional, User-Identified Visibility into Network Traffic Juniper Networks,
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
Technical Specification of MFSA (Multi-Functional Security Appliance) : Item No. 1. 2. Item / Work Description with Configuration MFSA Must support the following parameters with CPU utilization < 50% No.
CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE email@example.com www.cloudflare.com
Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics
Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
Denial of Service Attacks, What They are and How to Combat Them John P. Pironti, CISSP Genuity, Inc. Principal Enterprise Solutions Architect Principal Security Consultant Version 1.0 November 12, 2001
Pioneering Technologies for a Better Internet Cs3, Inc. 5777 W. Century Blvd. Suite 1185 Los Angeles, CA 90045-5600 Phone: 310-337-3013 Fax: 310-337-3012 Email: firstname.lastname@example.org The Reverse Firewall: Defeating
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
WHITE PAPER FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems Abstract: Denial of Service (DoS) attacks have been a part of the internet landscape for
the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point
Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
White Paper Virus Protection Across The Enterprise How Firewall, VPN and /Content Security Work Together Juan Pablo Pereira Sr. Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda Avenue
Solution Brochure Juniper Networks Solution Portfolio for Public Sector Network Security Protect against Network Downtime, Control Access to Critical Resources, and Provide Information Assurance STRM NS-Security
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
PEER-TO-PEER NETWORK February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
An administrator is trying to secure a network from threats originating outside the network. Which of the following devices provides protection for the DMZ from attacks launched from the Internet? a. Antivirus
KASPERSKY DDoS PROTECTION Protecting your business against financial and reputational losses A Distributed Denial of Service (DDoS) attack is one of the most popular weapons in the cybercriminals arsenal.
Tech Brief Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Introduction In today s era of increasing mobile computing, one of the greatest challenges
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
Juniper Networks Customer Service Customer Services that assure network performance by providing optimal security, quality, and reliability for your network. Juniper Networks Customer Service We Are All
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
HAVE YOU EVER BEEN HACKED? 90% of companies have been hacked 70% of attacks go undetected 60% of all small/med size businesses go out of business within 6 months of a data security breach 32% of computers
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
Network Security: A New Perspective NIKSUN Inc. Security: State of the Industry Case Study: Hacker University Questions Dave Supinski VP of Regional Sales Supinski@niksun.com Cell Phone 215-292-4473 www.niksun.com
Cisco Network Foundation Protection Overview June 2005 1 Security is about the ability to control the risk incurred from an interconnected global network. Cisco NFP provides the tools, technologies, and
About net, and the influence that net gives to broadband ISP Masaru AKAI BB Technology / SBB-SIRT Agenda Who are we? What is net? About Telecom-ISAC-Japan Analyzing code How does net work? BB Technology
TDC s perspective on DDoS threats DDoS Dagen Stockholm March 2013 Lars Højberg, Technical Security Manager, TDC TDC in Sweden TDC in the Nordics 9 300 employees (2012) Turnover: 26,1 billion DKK (2012)
CISCO SERVICE CONTROL SOLUTION GUIDE Cisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 3.7.x 1 Introduction and Scope 2 Functionality Overview 3 Mass-Mailing-Based
IDP Series Intrusion Detection and Prevention Appliances PRODUCT CATEGORY BROCHURE Staying One Step Ahead With the accelerating number of applications allowed in from the Internet and the higher frequency
Modern Denial of Service Protection What is a Denial of Service Attack? A Denial of Service (DoS) attack is generally defined as a network-based attack that disables one or more resources, such as a network
BGP Flow Specification Deployment Experience Derek Gassen, Raul Lozano Time Warner Telecom Danny McPherson, Craig Labovitz Arbor Networks Agenda Flow Spec Overview About TWTC DDOS problem and Observations
W H I T E P A P E R Denial of Service (DoS) attacks on computers and infrastructure communications systems have been reported for a number of years, but the accelerated deployment of Voice over IP (VoIP)
Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer
Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Rocky K. C. Chang The Hong Kong Polytechnic University Presented by Scott McLaren 1 Overview DDoS overview Types of attacks
WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents
3GPP TSG SA WG3 Security S3#34 S3-040583 6-9 Jul 2004 updated S3-040566 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040566 based on the comments on SA3 mailing list Source:
Datasheet JUNOScope IP Service Manager Product Description As service providers and enterprises evolve to meet the demands of their customer base, one key to success is the enhancement of operational efficiencies
BGP S igil S RIPE 52 Meeting Istanbul, Turkey 26 April 2006 Russ Housley email@example.com Outline Introduction BGP S IETF Activities The Problem BGP provides critical routing infrastructure for the
ISSA The Global Voice of Information Security Network Security Architecture By Mariusz Stawowski ISSA member, Poland Chapter Secure networks are crucial for IT systems and their proper operation. Essential
Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
Application Note Filter-Based Forwarding Using Filter-Based Forwarding to Control Next-Hop Selection Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888
3GPP TSG SA WG3 Security S3#34 S3-040682 6-9 Jul 2004 updated S3-040632 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040583 based on the comments in SA3#34 meeting Source:
Application Note Limitation of Riverbed s Quality of Service (QoS) Riverbed s Quality of Service (QoS) configuration and limitations Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California
White Paper Secure Web Gateways Buyer s Guide > (Abbreviated Version) The web is the number one source for malware distribution. With more than 2 million 1 new pages added every day and 10,000 new malicious
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
McAfee Total Protection Reduce the Complexity of Managing Security Computer security has changed dramatically since the first computer virus emerged 25 years ago. It s now far more complex and time-consuming.
White paper Combating DoS/DDoS Attacks Using Cyberoam Eliminating the DDoS Threat by Discouraging the Spread of Botnets www.cyberoam.com Introduction Denial of Service (DoS) and Distributed Denial of Service
DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of
Security Threats to the Internet Backbone Presented by Ricky Lou IT Intelligence Limited Potential Risks DDoS on critical Internet Resources DNS Spoofing Wide-Area Internet Routing DDoS on critical Internet