Bohatei: Flexible and Elas2c DDoS Defense
|
|
- Isabella Wiggins
- 8 years ago
- Views:
Transcription
1 Bohatei: Flexible and Elas2c DDoS Defense Seyed K. Fayaz, Yoshiaki Tobioka, Vyas Sekar, Michael Bailey h5ps://github.com/ddos- defense/bohatei
2 DDoS a5acks are gecng worse High cost on vicims Increasing in number Increasing in volume Increasing in diversity Threatpost, 7/31/2015 Incapsula, 11/12/2014 Imperva, 2015 The New York Times, 3/30/2015 Cloudflare, 3/27/2013 Techworld, 7/16/2014 Arbor Networks, 2/14/2014 Radware, 10/7/2014 2
3 DDoS Defense Today: Expensive Proprietary Hardware Assets Intranet 3
4 LimitaIon: Fixed funcionality What if new types of a5acks emerge? Assets Intranet 4
5 LimitaIon: Fixed capacity a5ack vol.(gbps) fixed capacity waste t1 Assets waste t2 t3 t4 Ime Intranet 5
6 LimitaIon: Fixed locaion AddiIonal traffic latency due to waypoining RouIng hacks to enforce defense source desinaion shortest path 6
7 Need flexibility w.r.t. a5ack type Assets 7
8 Need Flexibility w.r.t A5ack LocaIons Assets B C A 8
9 Need ElasIcity w.r.t. A5ack Volume Assets 9
10 Bohatei in a nutshell.. A pracical ISP- scale system for Flexible and ElasIc DDoS Defense via Socware- Defined Networking (SDN) & Network FuncIons VirtualizaIon (NFV) à React to 500 Gbps scale a5acks in 1 min! 10
11 Outline MoIvaIon Background on SDN/NFV Bohatei overview and challenges System design ImplementaIon EvaluaIon Conclusions 11
12 Socware- Defined Networking (SDN) Centralized management + Open config APIs Controller Flow FwdAc2on Flow FwdAc2on Flow FwdAc2on 12
13 Network FuncIons VirtualizaIon (NFV) Today: Standalone and Specialized Proxy Firewall IDS/IPS AppFilter Commodity hardware 13
14 Why are SDN/NFV useful for DDoS defense? NFV SDN Expensive Fixed funcionality Fixed capacity Fixed locaion Our Work: Bring these benefits to DDoS Defense 14
15 Outline MoIvaIon Background on SDN/NFV Bohatei overview and challenges System design ImplementaIon EvaluaIon Conclusions 15
16 Bohatei Vision: Flexible + ElasIc Defense via SDN/NFV SDN/NFV Controller defense policy ajack traffic VM DC 1 DC 2 customer intranet ISP 16
17 Bohatei Controller Workflow Strategy layer Predict a5ack pa5ern Resource management Decide how many VMs, what types, where Network orchestraion Configure network to route traffic 17
18 Threat model: general, dynamic adversaries Targets one or more customers A5acker has a fixed budget w.r.t. total a5ack volume do{ Pick_Target() Pick_Attack_Type() Pick_Attack_Volume() Pick_Attack_Ingress() Observe_and_Adapt() } 18
19 Bohatei Design Challenges Strategy layer Predict a5ack pa5ern Resilient to adaptaion? Resource management Decide how many VMs, what types, where Fast algorithms? Network orchestraion Configure network to route traffic Scalable SDN? 19
20 Outline MoIvaIon Background on SDN/NFV Bohatei overview and challenges System design ImplementaIon EvaluaIon Conclusions 20
21 Naïve resource management is too slow! Defense library Compute/network resources Suspicious traffic predicions Global opimizaion Types, numbers, and locaions of VMs? RouIng decisions? Takes hours to solve 21
22 Our Approach: Hierarchical + Greedy Defense library Compute/network resources Suspicious traffic predicions ISP- level Greedy How much traffic to DC 1 Per datacenter 1 How much traffic to DC N Per datacenter N Which VM slots in DC 1 Which VM slots in DC N 22
23 ReacIve, per- flow isn t scalable Controller packet1 packet100 VM1 Port1 Port2 SW Port3 VM2 VM3 Switch Forwarding Table Flow outport Flow1 Port 2 Flow100 Port 3 A reacive, per- flow controller will be a new vulnerability 23
24 24 Idea: ProacIve tag- based steering Controller ProacMve set up packet 1 packet 100 packet 1 VM 1 packet Port1 SW Port 2 Port 3 VM 2 VM 3 Context Tag Tag outport Benign 1 1 Port 2 Suspicious 2 2 Port 3 ProacIve per- VM tagging enables scaling
25 Dynamic adversaries can game the defense Adversary s goals: 1. Increase defense resource consumpion 2. Succeed in delivering a5ack traffic A5ack vol.(gbps) predicted ajack volume for t 4 SYN flood DNS amp. t 1 t 2 t 3 t 4 Ime Simple predicion (e.g., prev. epoch, avg) can be gamed 25
26 Our approach: Online adaptaion Metric of Success = Regret minimizaion à How worse than best staic strategy in hindsight? Borrow idea from online algorithms: Follow the perturbed leader (FPL) strategy IntuiIon: PredicIon = F (Obs. History + Random Noise) This provably minimizes the regret metric 26
27 PuCng it together suspicious traffic spec. PredicIon strategy OrchestraIon predicts volume of suspicious traffic of each a5ack type at each ingress launching VMs, traffic path set up quanity, type, locaion of VMs Resource management defense policy ajack traffic VM DC 1 DC 2 customer intranet ISP 27
28 Outline MoIvaIon Background on SDN/NFV Bohatei overview and challenges System design ImplementaIon EvaluaIon Conclusions 28
29 Defense policy library A defense graph per a5ack type Customized interconnecion of defense modules Open source defense VMs Example (SYN flood defense) OK Analyze Srces: count SYN SYN/ACK per source [LegiImate] [Unknown] [A5ack] [LegiImate] SYNPROXY [A5ack] LOG DROP 29
30 ImplementaIon Control Plane resource manager OpenFlow defense library OpenDaylight FlowTags (Fayaz et al., NSDI 14) Data Plane Switches (OVS) FlowTags- enabled defense VMs (e.g., Snort) KVM core Intel Xeon machines h5ps://github.com/ddos- defense/bohatei 30
31 Outline MoIvaIon Background on SDN/NFV Bohatei overview and challenges System design ImplementaIon EvaluaIon Conclusions 31
32 EvaluaIon quesions Does Bohatei respond to a5acks rapidly? Can Bohatei handle 500 Gbps a5acks? Can Bohatei successfully cope with dynamic adversaries? 32
33 Responsiveness Hierarchical resource management: A few milliseconds (vs. hours) OpImality gap < 1% Benign traffic throughput (Gbps) SYN flood DNS amp. attack starts Elephant flow UDP flood Time (s) Bohatei restores performance of benign traffic 1 min. 33
34 Scalability: Forwarding table size Max required number of rules on a switch 10e ,000 1, Bohatei per-flow rules Attack traffic volume (Gbps) Per- VM tagging cuts #rules by 3-4 orders of magnitude ProacIve setup reduces Ime by 3-4 orders of magnitude 34
35 Adversarial resilience Regret w.r.t. volume of successful attacks (%) Uniform PrevEpoch Bohatei RandIngress RandAttack RandHybrid Steady FlipPrevEpoch Bohatei online adaptaion strategy minimizes regret. 35
36 Conclusions DDoS defense today : Expensive, Inflexible, and InelasIc Bohatei: SDN/NFV for flexible and elasic DDoS defense Key Challenges: Responsiveness, scalability, resilience Main soluion ideas: Hierarchical resource management ProacIve, tag- based orchestraion Online adaptaion strategy Scalable + Can react to very large a5acks quickly! Ideas may be applicable to other security problems 36
Bohatei: Flexible and Elastic DDoS Defense
Bohatei: Flexible and Elastic DDoS Defense Seyed K. Fayaz, Yoshiaki Tobioka, and Vyas Sekar, Carnegie Mellon University; Michael Bailey, University of Illinois at Urbana-Champaign https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/fayaz
More informationNetwork Security Demonstration - Snort based IDS Integration -
Network Security Demonstration - Snort based IDS Integration - Hyuk Lim (hlim@gist.ac.kr) with TJ Ha, CW Jeong, J Narantuya, JW Kim Wireless Communications and Networking Lab School of Information and
More informationIoTSafe: A Safe & Verified Security Controller for Internet-of-Things Tianlong Yu Carnegie Mellon University
IoTSafe: A Safe & Verified Security Controller for Internet-of-Things Tianlong Yu Carnegie Mellon University 1 Introduction The Internet-of-Things (IoT) has quickly moved from hype to reality. Like other
More informationNetwork Security: Network Flooding. Seungwon Shin GSIS, KAIST
Network Security: Network Flooding Seungwon Shin GSIS, KAIST Detecting Network Flooding Attacks SYN-cookies Proxy based CAPCHA Ingress/Egress filtering Some examples SYN-cookies Background In a TCP 3-way
More informationSoftware-Defined Network (SDN) & Network Function Virtualization (NFV) Po-Ching Lin Dept. CSIE, National Chung Cheng University
Software-Defined Network (SDN) & Network Function Virtualization (NFV) Po-Ching Lin Dept. CSIE, National Chung Cheng University Transition to NFV Cost of deploying network functions: Operating expense
More informationDDoS Overview and Incident Response Guide. July 2014
DDoS Overview and Incident Response Guide July 2014 Contents 1. Target Audience... 2 2. Introduction... 2 3. The Growing DDoS Problem... 2 4. DDoS Attack Categories... 4 5. DDoS Mitigation... 5 1 1. Target
More informationFlexible Building Blocks for Software Defined Network Function Virtualization (Tenant-Programmable Virtual Networks)
Flexible Building Blocks for Software Defined Network Function Virtualization (Tenant-Programmable Virtual Networks) Aryan TaheriMonfared Chunming Rong Department of Electrical Engineering and Computer
More informationSaisei and Intel Maximizing WAN Bandwidth
Intel Network Builders Saisei Solution Brief Intel Xeon Processors Saisei and Intel Maximizing WAN Bandwidth Introduction Despite the increased capacity available on WAN links1, service providers and enterprises
More informationOn Orchestrating Virtual Network Functions
On Orchestrating Virtual Network Functions Presented @ CNSM 2015 Md. Faizul Bari, Shihabur Rahman Chowdhury, and Reaz Ahmed, and Raouf Boutaba David R. Cheriton School of Computer science University of
More information[Restricted] ONLY for designated groups and individuals. 2014 Check Point Software Technologies Ltd.
[Restricted] ONLY for designated groups and individuals Contents 1 2 3 4 Industry Trends DDoS Attack Types Solutions to DDoS Attacks Summary 2 Cybercrime Landscape DNS Hijacking Malware 3% 3% Targeted
More informationBEHAVIORAL SECURITY THREAT DETECTION STRATEGIES FOR DATA CENTER SWITCHES AND ROUTERS
BEHAVIORAL SECURITY THREAT DETECTION STRATEGIES FOR DATA CENTER SWITCHES AND ROUTERS Ram (Ramki) Krishnan, Brocade Communications Dilip Krishnaswamy, IBM Research Dave Mcdysan, Verizon AGENDA Introduction
More informationRestorable Logical Topology using Cross-Layer Optimization
פרויקטים בתקשורת מחשבים - 236340 - סמסטר אביב 2016 Restorable Logical Topology using Cross-Layer Optimization Abstract: Today s communication networks consist of routers and optical switches in a logical
More informationSDN and NFV Open Source Initiatives. Systematic SDN and NFV Workshop Challenges, Opportunities and Potential Impact
SDN and NFV Open Source Initiatives Systematic SDN and NFV Workshop Challenges, Opportunities and Potential Impact May 19, 2014 Eric CARMES 6WIND Founder and CEO SPEED MATTERS V1.0. All rights reserved.
More informationUsing SDN-OpenFlow for High-level Services
Using SDN-OpenFlow for High-level Services Nabil Damouny Sr. Director, Strategic Marketing Netronome Vice Chair, Marketing Education, ONF ndamouny@netronome.com Open Server Summit, Networking Applications
More informationSDN PARTNER INTEGRATION: SANDVINE
SDN PARTNER INTEGRATION: SANDVINE SDN PARTNERSHIPS SSD STRATEGY & MARKETING SERVICE PROVIDER CHALLENGES TIME TO SERVICE PRODUCT EVOLUTION OVER THE TOP THREAT NETWORK TO CLOUD B/OSS AGILITY Lengthy service
More informationEthernet-based Software Defined Network (SDN)
Ethernet-based Software Defined Network (SDN) Tzi-cker Chiueh Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 Cloud Data Center Architecture Physical Server
More informationSoftware Defined Network (SDN)
Georg Ochs, Smart Cloud Orchestrator (gochs@de.ibm.com) Software Defined Network (SDN) University of Stuttgart Cloud Course Fall 2013 Agenda Introduction SDN Components Openstack and SDN Example Scenario
More informationPanel: Cloud/SDN/NFV 黃 仁 竑 教 授 國 立 中 正 大 學 資 工 系 2015/12/26
Panel: Cloud/SDN/NFV 黃 仁 竑 教 授 國 立 中 正 大 學 資 工 系 2015/12/26 1 Outline Cloud data center (CDC) Software Defined Network (SDN) Network Function Virtualization (NFV) Conclusion 2 Cloud Computing Cloud computing
More informationSDN. What's Software Defined Networking? Angelo Capossele
SDN What's Software Defined Networking? Angelo Capossele Outline Introduction to SDN OpenFlow Network Functions Virtualization Some examples Opportunities Research problems Security Case study: LTE (Mini)Tutorial
More informationDesigning Virtual Network Security Architectures Dave Shackleford
SESSION ID: CSV R03 Designing Virtual Network Security Architectures Dave Shackleford Sr. Faculty and Analyst SANS @daveshackleford Introduction Much has been said about virtual networking and softwaredefined
More informationNetwork Virtualization and Application Delivery Using Software Defined Networking
Network Virtualization and Application Delivery Using Software Defined Networking Project Leader: Subharthi Paul Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Keynote at
More informationQualifying SDN/OpenFlow Enabled Networks
Qualifying SDN/OpenFlow Enabled Networks Dean Lee Senior Director, Product Management Ixia Santa Clara, CA USA April-May 2014 1 Agenda SDN/NFV a new paradigm shift and challenges Benchmarking SDN enabled
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control
More informationMitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy
Mitigating Denial of Service Attacks Why Crossing Fingers is Not a Strategy Introduction Mark Baldwin - Owner of Tectonic Security MSSP and Security Consulting Primarily Work With SMBs DDoS Mitigation
More informationCS244 Lecture 5 Architecture and Principles
CS244 Lecture 5 Architecture and Principles Network Virtualiza/on in Mul/- tenant Datacenters, NSDI 2014. Guido Appenzeller Background Why is SDN Happening? CLOSED & PROPRIETARY NETWORKING EQUIPMENT Vertically
More informationEudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD.
Eudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD. Product Overview Faced with increasingly serious network threats and dramatically increased network traffic, carriers' backbone networks,
More informationTesting Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES
Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 SDN - An Overview... 2 SDN: Solution Layers and its Key Requirements to be validated...
More informationCheap and efficient anti-ddos solution
Cheap and efficient anti-ddos solution Who am I? Alexei Cioban Experience in IT 13 years CEO & Founder IT-LAB 7 years IT trainings 5 years 2 About company Year of foundation - 2007 12 employees www.it-lab.md
More informationOpen vswitch and the Intelligent Edge
Open vswitch and the Intelligent Edge Justin Pettit OpenStack 2014 Atlanta 2014 VMware Inc. All rights reserved. Hypervisor as Edge VM1 VM2 VM3 Open vswitch Hypervisor 2 An Intelligent Edge We view the
More informationIntel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family
Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family White Paper June, 2008 Legal INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL
More informationSoftware Defined Networking A quantum leap for Devops?
Software Defined Networking A quantum leap for Devops? TNG Technology Consulting GmbH, http://www.tngtech.com/ Networking is bottleneck in today s devops Agile software development and devops is increasing
More informationSDN Interfaces and Performance Analysis of SDN components
Institute of Computer Science Department of Distributed Systems Prof. Dr.-Ing. P. Tran-Gia SDN Interfaces and Performance Analysis of SDN components, David Hock, Michael Jarschel, Thomas Zinner, Phuoc
More informationDDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen. Eldad Chai, VP Product
DDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen Eldad Chai, VP Product Incapsula Application Delivery from the Cloud 2 DDoS 101 ISP Network Devices Web servers Applications
More information«The Cloud» Something Old, something New, something Borrowed and something Blue
«The Cloud» Something Old, something New, something Borrowed and something Blue Your entertainers for today Michaël Boeckx Infrastructure Architect I.R.I.S. ICT Marnix Vrambout Datacenter Manager I.R.I.S.
More informationPowering the Internet of Things: SDN/NFV Architectures
Powering the Internet of Things: SDN/NFV Architectures 6B Connected Devices 2013 2013 2016 2018 2020 50B Connected Devices Worldwide by 2020 Implications for Service Providers Scaling the Networks End
More informationTowards Autonomic DDoS Mitigation using Software Defined Networking
Towards Autonomic DDoS Mitigation using Software Defined Networking Authors: Rishikesh Sahay, Gregory Blanc, Zonghua Zhang, Hervé Debar NDSS Workshop on Security of Emerging Networking Technologies (SENT
More informationDefinition of a White Box. Benefits of White Boxes
Smart Network Processing for White Boxes Sandeep Shah Director, Systems Architecture EZchip Technologies sandeep@ezchip.com Linley Carrier Conference June 10-11, 2014 Santa Clara, CA 1 EZchip Overview
More informationSecurity Challenges & Opportunities in Software Defined Networks (SDN)
Security Challenges & Opportunities in Software Defined Networks (SDN) June 30 th, 2015 SEC2 2015 Premier atelier sur la sécurité dans les Clouds Nizar KHEIR Cyber Security Researcher Orange Labs Products
More informationHow To Orchestrate The Clouddusing Network With Andn
ORCHESTRATING THE CLOUD USING SDN Joerg Ammon Systems Engineer Service Provider 2013-09-10 2013 Brocade Communications Systems, Inc. Company Proprietary Information 1 SDN Update -
More informationSoftware-Defined Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments
Software-Defined Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments Aryan TaheriMonfared Department of Electrical Engineering and Computer Science University of Stavanger
More informationUse Cases for the NPS the Revolutionary C-Programmable 7-Layer Network Processor. Sandeep Shah Director, Systems Architecture EZchip
Use Cases for the NPS the Revolutionary C-Programmable 7-Layer Network Processor Sandeep Shah Director, Systems Architecture EZchip Linley Processor Conference Oct. 6-7, 2015 1 EZchip Overview Fabless
More informationStrategies to Protect Against Distributed Denial of Service (DD
Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics
More informationCloud Computing, Software Defined Networking, Network Function Virtualization
Cloud Computing, Software Defined Networking, Network Function Virtualization Aryan TaheriMonfared Department of Electrical Engineering and Computer Science University of Stavanger August 27, 2015 Outline
More informationSecuring the Virtualized Data Center With Next-Generation Firewalls
Securing the Virtualized Data Center With Next-Generation Firewalls Data Center Evolution Page 2 Security Hasn t Kept Up with Rate Of Change Configuration of security policies are manual and slow Weeks
More information2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative
2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago,
More informationCloudFlare advanced DDoS protection
CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationEnabling Practical SDN Security Applications with OFX (The OpenFlow extension Framework)
Enabling Practical SDN Security Applications with OFX (The OpenFlow extension Framework) John Sonchack, Adam J. Aviv, Eric Keller, and Jonathan M. Smith Outline Introduction Overview of OFX Using OFX Benchmarks
More informationNetwork Services in the SDN Data Center
Network Services in the SDN Center SDN as a Network Service Enablement Platform Whitepaper SHARE THIS WHITEPAPER Executive Summary While interest about OpenFlow and SDN has increased throughout the tech
More informationContent Distribution Networks (CDN)
229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationProtecting Your SDN and NFV Network from Cyber Security Vulnerabilities with Full Perimeter Defense
Protecting Your SDN and NFV Network from Cyber Security Vulnerabilities with Full Perimeter Defense Telco Systems and Celare in a nutshell Company overview Some of our customers Sister companies, subsidiary
More informationL2-L7 BASED SERVICE REDIRECTION WITH SDN/OPENFLOW
L2-L7 BASED SERVICE REDIRECTION WITH SDN/OPENFLOW Marc LeClerc VO Strategy and Marketing, NoviFlow Inc. 2015 Internet2 About NoviFlow NoviFlow offers the Highest Performance Switches and Forwarding Plane
More informationNetwork Security through Software Defined Networking: a Survey
jerome.francois@inria.fr 09/30/14 Network Security through Software Defined Networking: a Survey Jérôme François, Lautaro Dolberg, Olivier Festor, Thomas Engel 2 1 Introduction 2 Firewall 3 Monitoring
More informationSoftware Defined Networking What is it, how does it work, and what is it good for?
Software Defined Networking What is it, how does it work, and what is it good for? slides stolen from Jennifer Rexford, Nick McKeown, Michael Schapira, Scott Shenker, Teemu Koponen, Yotam Harchol and David
More informationPractical Advice for Small and Medium Environment DDoS Survival
Practical Advice for Small and Medium Environment DDoS Survival Chris "Mac" McEniry Sony Network Entertainment @macmceniry November 8 13, 2015 Washington, D.C. www.usenix.org/lisa15 #lisa15 1 Practical
More informationEthernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心
Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 SDN Introduction Decoupling of control plane from data plane
More informationDPtech ADX Application Delivery Platform Series
Data Sheet DPtech ADX Series DPtech ADX Application Delivery Platform Series Overview IT requirements for service capability can be summarized as "acceleration", "security" and "reliability". The contradiction
More informationDoS/DDoS Attacks and Protection on VoIP/UC
DoS/DDoS Attacks and Protection on VoIP/UC Presented by: Sipera Systems Agenda What are DoS and DDoS Attacks? VoIP/UC is different Impact of DoS attacks on VoIP Protection techniques 2 UC Security Requirements
More informationDDoS attacks on electronic payment systems. Sean Rijs and Joris Claassen Supervisor: Stefan Dusée
DDoS attacks on electronic payment systems Sean Rijs and Joris Claassen Supervisor: Stefan Dusée Scope High volume DDoS attacks Electronic payment systems Low bandwidth requirements: 5 from account X to
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More informationCheck Point DDoS Protector
Check Point DDoS Protector June 2012 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. Cybercrime
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Eric Choi < echoi@brocade.com> Senior Manager, Service Provider Business Unit, APJ 2012 Brocade Communications Systems, Inc. EPF 7 2012/09/17 Software-Defined Networking
More informationInternet Services. Amcom. Support & Troubleshooting Guide
Amcom Internet Services This Support and Troubleshooting Guide provides information about your internet service; including setting specifications, testing instructions and common service issues. For further
More informationSHIN, WANG AND GU: A FIRST STEP TOWARDS NETWORK SECURITY VIRTUALIZATION: FROM CONCEPT TO PROTOTYPE 1
SHIN, WANG AND GU: A FIRST STEP TOWARDS NETWORK SECURITY VIRTUALIZATION: FROM CONCEPT TO PROTOTYPE 1 A First Step Towards Network Security Virtualization: From Concept To Prototype Seungwon Shin, Haopei
More informationFortiDDos Size isn t everything
FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationOn the effect of forwarding table size on SDN network utilization
IBM Haifa Research Lab On the effect of forwarding table size on SDN network utilization Rami Cohen IBM Haifa Research Lab Liane Lewin Eytan Yahoo Research, Haifa Seffi Naor CS Technion, Israel Danny Raz
More informationIntroduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre
Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Wilfried van Haeren CTO Edgeworx Solutions Inc. www.edgeworx.solutions Topics Intro Edgeworx Past-Present-Future
More informationEarly Detection of DDoS Attacks in Software Defined Networks Controller
Early Detection of DDoS Attacks in Software Defined Networks Controller By Seyed Mohammad Mousavi A thesis submitted to the Faculty of Graduate and Postdoctoral Affairs in partial fulfillment of the requirements
More informationCENTER I S Y O U R D ATA
I S Y O U R D ATA CENTER R E A DY F O R S D N? C R I T I C A L D ATA C E N T E R C O N S I D E R AT I O N S FOR SOFT WARE-DEFINED NET WORKING Data center operators are being challenged to be more agile
More informationDifferent NFV/SDN Solutions for Telecoms and Enterprise Cloud
Solution Brief Artesyn Embedded Technologies* Telecom Solutions Intel Xeon Processors Different NFV/SDN Solutions for Telecoms and Enterprise Cloud Networking solutions from Artesyn Embedded Technologies*
More informationSerro Solutions Enables Managed Security Service Providers to Optimize Networking Performance and Cost
Serro Solutions Enables Managed Security Service Providers to Optimize Networking Performance and Cost Serro s SDN Controller automates Internet connections on a global scale to migrate traffic to lower
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationOpenDaylight Project Proposal Dynamic Flow Management
OpenDaylight Project Proposal Dynamic Flow Management Ram (Ramki) Krishnan, Varma Bhupatiraju et al. (Brocade Communications) Sriganesh Kini et al. (Ericsson) Debo~ Dutta, Yathiraj Udupi (Cisco) 1 Table
More information/ Staminus Communications
/ Staminus Communications Global DDoS Mitigation and Technology Provider Whitepaper Series True Cost of DDoS Attacks for Hosting Companies The most advanced and experienced DDoS mitigation provider in
More informationFlexible SDN Transport Networks With Optical Circuit Switching
Flexible SDN Transport Networks With Optical Circuit Switching Multi-Layer, Multi-Vendor, Multi-Domain SDN Transport Optimization SDN AT LIGHT SPEED TM 2015 CALIENT Technologies 1 INTRODUCTION The economic
More informationTelecom - The technology behind
SPEED MATTERS v9.3. All rights reserved. All brand names, trademarks and copyright information cited in this presentation shall remain the property of its registered owners. Telecom - The technology behind
More informationArista Software Define Cloud Networking
Reinventing Data Center Switching Arista Software Define Cloud Networking YaJian Huang - Systems Engineering Manager APAC yj@arista.com Arista Networks: Did You Know? Arista switches are deployed in production
More informationAcquia Cloud Edge Protect Powered by CloudFlare
Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....
More informationOpen Networking User Group SD-WAN Requirements Demonstration Talari Test Results
Open Networking User Group SD-WAN Requirements Demonstration Talari Test Results May 13, 2015 Talari 550 South Winchester Suite 550 San Jose, CA 95128 www.talari.com Defining the Software Defined WAN The
More informationFortiDDoS. DDoS Attack Mitigation Appliances. Copyright Fortinet Inc. All rights reserved.
FortiDDoS DDoS Attack Mitigation Appliances Copyright Fortinet Inc. All rights reserved. What is a DDoS Attack? Flooding attack from compromised PCs run by a Botmaster The Botmaster s motivations may be
More informationAssessing the Performance of Virtualization Technologies for NFV: a Preliminary Benchmarking
Assessing the Performance of Virtualization Technologies for NFV: a Preliminary Benchmarking Roberto Bonafiglia, Ivano Cerrato, Francesco Ciaccia, Mario Nemirovsky, Fulvio Risso Politecnico di Torino,
More informationOF 1.3 Testing and Challenges
OF 1.3 Testing and Challenges May 1 st, 2014 Ash Bhalgat (Senior Director, Products), Luxoft Santa Clara, CA USA April-May 2014 1 Agenda OpenFlow : What and Why? State of OpenFlow Conformance Challenges
More informationHow To Block A Ddos Attack On A Network With A Firewall
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
More informationSDN Software Defined Networks
There is nothing more important than our customers SDN Software Defined Networks A deployable approach for the Enterprise 2012 Enterasys Networks, Inc. All rights reserved SDN Overview What is SDN? Loosely
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationScaling IP Mul-cast on Datacenter Topologies. Xiaozhou Li Mike Freedman
Scaling IP Mul-cast on Datacenter Topologies Xiaozhou Li Mike Freedman IP Mul0cast Applica0ons Publish- subscribe services Clustered applica0ons servers Distributed caching infrastructures IP Mul0cast
More informationFoundation for High-Performance, Open and Flexible Software and Services in the Carrier Network. Sandeep Shah Director, Systems Architecture EZchip
Foundation for High-Performance, Open and Flexible Software and Services in the Carrier Network Sandeep Shah Director, Systems Architecture EZchip Linley Carrier Conference June 10, 2015 1 EZchip Overview
More information新 一 代 軟 體 定 義 的 網 路 架 構 Software Defined Networking (SDN) and Network Function Virtualization (NFV)
新 一 代 軟 體 定 義 的 網 路 架 構 Software Defined Networking (SDN) and Network Function Virtualization (NFV) 李 國 輝 客 戶 方 案 事 業 群 亞 太 區 解 決 方 案 架 構 師 美 商 英 特 爾 亞 太 科 技 有 限 公 司 Email: kuo-hui.li@intel.com 1 Legal
More informationBusiness Cases for Brocade Software-Defined Networking Use Cases
Business Cases for Brocade Software-Defined Networking Use Cases Executive Summary Service providers (SP) revenue growth rates have failed to keep pace with their increased traffic growth and related expenses,
More informationWHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems
WHITE PAPER FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems Abstract: Denial of Service (DoS) attacks have been a part of the internet landscape for
More informationHow Router Technology Shapes Inter-Cloud Computing Service Architecture for The Future Internet
How Router Technology Shapes Inter-Cloud Computing Service Architecture for The Future Internet Professor Jiann-Liang Chen Friday, September 23, 2011 Wireless Networks and Evolutional Communications Laboratory
More informationYahoo Attack. Is DDoS a Real Problem?
Is DDoS a Real Problem? Yes, attacks happen every day One study reported ~4,000 per week 1 On a wide variety of targets Tend to be highly successful There are few good existing mechanisms to stop them
More informationA1.1.1.11.1.1.2 1.1.1.3S B
CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security
More informationCS 91: Cloud Systems & Datacenter Networks Networks Background
CS 91: Cloud Systems & Datacenter Networks Networks Background Walrus / Bucket Agenda Overview of tradibonal network topologies IntroducBon to soeware- defined networks Layering and terminology Topology
More informationIntroduction to DDoS Attacks. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter
Introduction to DDoS Attacks Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News Q1 2014 DDoS Attack Trends DDoS Attack Trends Q4 2013 Mobile devices
More informationNEC s Carrier-Grade Cloud Platform
NEC s Carrier-Grade Cloud Platform Deploying Virtualized Network Functions in Cloud INDEX 1. Paving the way to Telecom Network Function Virtualization P.3 2. Open Carrier-grade Hypervisor P.3 Latency and
More informationSOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT
BROCADE SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT Rajesh Dhople Brocade Communications Systems, Inc. rdhople@brocade.com 2012 Brocade Communications Systems, Inc. 1 Why can t you do these things
More informationCloud.com CloudStack Community Edition 2.1 Beta Installation Guide
Cloud.com CloudStack Community Edition 2.1 Beta Installation Guide July 2010 1 Specifications are subject to change without notice. The Cloud.com logo, Cloud.com, Hypervisor Attached Storage, HAS, Hypervisor
More information