Less Guessing, More Facts. How to survive or avoid a DDoS Attack. Simulate Large Scale Cyber Attacks. Andy Young Snr Systems Engineer

Transcription

1 Less Guessing, More Facts There is a better way How to survive or avoid a DDoS Attack. Simulate Large Scale Cyber Attacks. Andy Young Snr Systems Engineer

2 The Network Has Evolved Application landscape Social media, peer-to-peer, video streaming, HTTP as transport Mobility and virtualisation Network application mixes constantly changing Network load and traffic imperfections Performance demands continue to increase Unpredictability (bursts, throttling, availability) Latency, fragments and malformed packets Cyber security threats DDoS, Botnets, application attacks, malware Threats growing in number and complexity Escalating legal, regulatory & financial liabilities

3 Threats Have Evolved Volumetric DoS Attacks SYN Flood, Ping Flood, LOIC attack, UDP Flood SMURF Attack, Teardrop Attack LAND Attack More Advanced Stateful TCP (three way handshake Only) DNS Request Flooding Fragments that add up to almost a full packet Layer 7 Attacks Slowloris Attack RCV Window 0 SlowPOST Attack VoIP Flood IVR Walking

4 Test your Critical Security Infrastructure The industry is over exposed due to weak testing capabilities Intuitively we all know testing is important in validating network design, security and change control Stable High performance Resilient Secure Common justification for short cuts in testing and validating It s to expensive: OPEX, CAPEX, Resources, Vendors test, so I don t have Don t know how to do it mt.gov

5 Traditional Test Labs complex and unmanageable Traditional DIY Testing Latest Testing Technology Simple synthetic open source test tools One off custom tests Small number of VM for functional test Un-Manageable to scale to real network No Security Testing No Fuzzing Enterprise to Nation Scale Testing Real world network traffic Mobile, Carrier and Enterprise 200+ applications 2,500+ super flows Real world security 35,000+ live malware 6,000+ exploits and obfuscations Botnets Fuzzing

6 Today s Application Traffic

7 Case Study #1 Consumer Electronics Manufacturer Customer Clients Data Leakage Network Visibility FTP/ Database Internet Forensics Forensics A B Social Media

8 Case Study #2 Financial Exchange Cloud- Based DDoS Protec*on DDoS Traffic Volumetric DDoS traffic Directed to target web servers Web- based Applica*on Traffic hhp transacdonal traffic Between BreakingPoint clients and target web servers DDoS Traffic Volumetric DDoS Traffic re- directed by DDoS Service Provider DDoS Service Provider Good Applica*on Traffic TransacDonal web- based ApplicaDon traffic through DDoS Service Provider 1- Arm Tes*ng Target Web Servers BreakingPoint Load GeneraDon DDoS Defence Validation

9 EVERY Test Performance and Security Simulation and Testing Application and Threat Intelligence 2 WEEKS Real Attacks 6,000+ live security attacks 35,000+ pieces of live malware 180+ evasions DDoS and botnet simulation Custom attacks Research and frequent updates Real-World Applications Carrier Feeds 200+ application protocols Social, peer-to-peer, voice, video Web, enterprise applications, gaming Mobile Storage workloads Custom applications Frequent updates Unprecedented Performance 26 biweekly updates NEW applications 960 Gbps blended application traffic 720M concurrent HTTP sessions 24M HTTP sessions/second 12M CC SSL sessions/second NEW DDoS/APT

10 Markov Text Generation To: Received: qmail 1913 by uid 1439; Sun Jul 18 17:01: Message- ID: From: X- Mailer: Microsoa Outlook Express Date: Wed Jan 12 01:44: Subject:, haven't you any scheme up BeHer go and see what that is, Jeeves. Subject: a rummy kind of voice, His lordship is lying on the mat, sir. In more than 10 languages 10

11 PARTIAL LIST 200+ OF MORE THAN APPLICATIONS AND PROTOCOLS Mobile HTTP Mobile BlackBerry Services BBC iplayer Apple App Store Android Market Peer-to-Peer AppleJuice BitTorrent Peer BitTorrent Tracker BitTorrent edonkey Gnutella Leaf Gnutella Ultrapeer PPLive/QQLive WinNY Remote Access RDP REXEC RFB RLogin Telnet Custom Applications BGP RAW Secure Data Transfer HTTPS SSH System/Network Admin DNS DNS (Deprecated) IDENT IPMI v1.5 Finger LDAP NTP RIP RPC Bind RPC Mount SNMP SNMPv1 Sun RPC Syslog Time Social Networking Facebook Twitter Telephony and Cable TV SMPP MM1 H.225 H.225 RAS H.245 H.248 H.323 TR-069 Testing and Measurement Chargen Daytime Discard Echo OWAMP Control OWAMP Test QOTD TWAMP Control TWAMP Test Streaming Media Pandora Netflix Voice Video Media BICC H H.225 RAS H.245 H.248 MMS MM1 RTCP RTP RTP Unidirectional Stream RTCP RTSP SCCP (Cisco Skinny) SIP Skype Skype UDP Helper STUN STUN v2

12 Attacks and Malware 6,000+ live security attacks 35,000+ pieces of live Malware Ability to send custom malware Botnet Simulation 180+ evasions Bi-weekly ATI updates 12

13 Thank You! There is a better way Andy Young Senior Systems Engineer ayoung@ixiacom.com