Petr Lasek, SE, RADWARE. Květen 2012
|
|
- Emery Goodwin
- 7 years ago
- Views:
Transcription
1 Petr Lasek, SE, RADWARE Květen 2012
2 Agenda Understanding online business threats Introducing Radware Attack Mitigation System (AMS) AMS technology overview Emergency response team (ERT) AMS Deployment Customer success Summary Slide 2
3 Online Security Challenges and Threats
4 Security Threat Vectors Large-volume network flood attacks Network scan Intrusion Port scan SYN flood attack Low & Slow DoS attacks (e.g., Sockstress) Application vulnerability, malware High and slow Application DoS attacks Web attacks: XSS, Brute force Web attacks: SQL Injection Slide 4
5 Network and Data Security Attacks: From the News Cost of Breach: Cost of Attack: Cost of Attack: $80M to recover the Reputation theft loss Reputation loss Customer churn Penalties to trading firms Authority investigation Slide 5
6 Multi-Vulnerability Attack Campaigns Large volume network flood attacks Network scan Large volume SYN flood Radware security incidents report 2011: Connection DoS attacks More Business than 70% of Radware reported Web cases application in 2011 vulnerability scan involved at least 3 attack vectors Attackers use multi-vulnerability Directed attack Application campaigns DoS attack: Slowloris making mitigation nearly impossible HTTP & HTTPS flood attacks Web application attack: SQL Injection Slide 6
7 Attackers Seek for Blind Spots DoS Protection IPS Large-volume network flood attacks Large-volume SYN flood Connection DoS attacks Why are Business multi-vulnerability attacks so successful? Current security practices fail to mitigate attacks Directed DoS attack: Slowloris Organizations deploy point security solutions Lack of expertise to analyze emerging HTTP threats & HTTPS flood attacks Slide 7
8 Mapping Security Protection Tools DoS Protection Behavioral Analysis IPS IP Rep. WAF Large volume network flood attacks Network scan Intrusion Port scan SYN flood attack Low & Slow DoS attacks (e.g.sockstress) Application vulnerability, malware High and slow Application DoS attacks Web attacks: XSS, Brute force Web attacks: SQL Injection Slide 8
9 Introducing Radware Attack Mitigation System
10 Radware Attack Mitigation System (AMS) Slide 10
11 AMS Protection Set DoS Protection Prevent all type of network DDoS attacks Reputation Engine Financial fraud protection Anti Trojan & Phishing IPS Prevent application vulnerability exploits WAF Mitigating Web application attacks PCI compliance NBA Prevent application resource misuse Prevent zero-minute malware spread Slide 11
12 OnDemand Switch: Designed for Attacks Mitigation DoS Mitigation Engine ASIC-based Prevent high-volume attacks Up to 12 million PPS of attack protection IPS & Reputation Engine ASIC-based String Match & RegEx Engine Performs deep packet inspection NBA Protections & WAF OnDemand Switch Platform capacity up to 12Gbps Slide 12
13 The Competitive Advantage: Performance Under Attack 12 Million PPS Attack Traffic Attack traffic does not impact legitimate traffic Device handles attack traffic at the expense of legitimate traffic! Multi-Gbps Capacity Legitimate Traffic Attack Attack Multi-Gbps Capacity Attack Legitimate Traffic Traffic + Attack DefensePro Other Network Security Solutions Slide 13
14 Radware Security Event Management (SEM) 3 rd Party SEM Correlated reports Trend analysis Compliance management RT monitoring Advanced alerts Forensics Slide 14
15 Radware AMS & ERT Security Operations Center (SOC) Provides weekly and emergency signature updates Maintains on-going application vulnerability protection Emergency Response Team (ERT) Provide 24x7 service for customers under attack Neutralize DoS/DDoS attacks and malware outbreaks Slide 15
16 Compliance and Standardization with AMS Compliance Reports PCI DSS FISMA GLBA HIPPA Slide 16
17 Radware Intellectual Property Eight Patents Secure Radware s Attack Mitigation Solution Slide 17
18 Radware AMS Portfolio DefensePro Anti-DoS, NBA, IPS, Rep. Engine AppWall Web Application Firewall (WAF) APSolute Vision Security Event Management (SEM) Slide 18
19 Technology Overview
20 AMS Technologies Static signature protection Real-time signatures protection Real-time feeds Negative & positive security models Adaptive policy creation Real-time signatures protection Slide 20
21 Network based DoS Protections
22 Network-based DoS Protections Real Time Protections Against: TCP SYN floods TCP SYN+ACK floods TCP FIN floods TCP RESET floods TCP Out of state floods TCP Fragment floods UDP floods ICMP floods IGMP floods Packet Anomalies Known DoS tools Custom DoS signatures Slide 22
23 Network Behavior Analysis & RT Signature Technology Public Network Mitigation optimization process Initial Filter Closed feedback Inbound Traffic Real-Time Signature Initial filter is generated: Packet Filter ID Optimization: ID ID AND AND IP Packet ID AND Source IP IP AND AND Packet size size AND TTL 5 Blocking Rules Start Traffic mitigation characteristics 1 2 Statistics Final Filter 0 Up to X 3 Learning Time [sec] Detection Engine Degree of Attack = High Low Filtered Traffic Outbound Traffic Protected Network Signature parameters Source/Destination Narrowest filters IP Source/Destination Port Packet Packet size ID TTL Source (Time IP To Address Live) DNS Packet Query size Packet TTL (Time ID To Live) TCP sequence number More (up to 20) RT Signatures 4 Degree of Attack = Low High (Negative (Positive Feedback) Slide 23
24 Attack Degree axis Decision Making - Attack Attack Case Z-axis Attack Degree = 10 (Attack) Attack area Suspicious area X-axis Abnormal protocol distribution [%] Normal adapted area Y-axis Abnormal rate of packets, Slide Slide 24 24
25 Flash crowd scenario Adaptive Detection Engine Degree of Attack (DoA) Attack area Suspicious area Low DoA Normal adapted area Rate-invariant input parameter Rate parameter input Slide 25
26 Flood Packet Rate (Millions) Mitigation Performance (DME) Legitimate HTTP Traffic (Gbit/s) Slide 26
27 Application based DoS Protections
28 Application-based DoS Protections Real-time protection against: Bot originated and direct application attacks HTTP GET page floods HTTP POST floods HTTP uplink bandwidth consumption attacks DNS query floods (A, MX, PTR, ) Advanced behavioral application monitoring: HTTP servers real time statistics and baselines DNS server real time statistics and baselines Slide 28
29 HTTP Mitigator
30 Behavioral analysis & Real Time Signatures DoS & DDoS Inbound Traffic Public Network Inputs - Network - Servers - Clients Application level threats Zero-Minute malware propagation Real-Time Signature Behavioral Analysis Inspection Module Closed Feedback Abnormal Activity Detection Outbound Traffic Enterprise Network Real-Time Signature Generation Optimize Signature Remove when attack is over Slide 30
31 Standard Security Tools: HTTP Flood Example BOT Command IRC Server Static Signatures Approach HTTP Bot (Infected host) - No solution for low-volume attacks as requests are legitimate - Connection limit against high volume attacks Agnostic to the attacked page Blocks legitimate traffic High false-positives HTTP Bot (Infected host) Internet Misuse of Service Resources Attacker Public Web Servers HTTP Bot (Infected host) HTTP Bot (Infected host) Slide 31
32 Real-Time Signatures: Accurate Mitigation Case: HTTP Page Flood Attack Behavioral Pattern Detection (1) IRC Server Based on probability HTTP Bot analysis identify which Web page (Infected host) (or pages) has higher than normal hits BOT Command Real Time Signature: Block abnormal users access to the specific page(s) under attack Attacker HTTP Bot (Infected host) Behavioral Pattern Detection (2) Identify abnormal user activity HTTP Bot (Infected host) Internet For example: HTTP Bot - Normal users (Infected download host) few pages per connection - Abnormal users download many pages per connection Misuse of Service Resources Public Web Servers Slide 32
33 Real-Time Signatures: Resistance to False Positive Case: Flash Crowd Access Behavioral Pattern Detection (1) Based on probability analysis identify which web page (or pages) has higher than normal hits Legitimate User Attack not detected No real time signature is generated No user is blocked Legitimate User Internet Behavioral Pattern Detection (2) No detection of abnormal user activity Legitimate User Public Web Servers Legitimate User Slide 33
34 Challenge/Response & Action Escalation System Botnet is identified (suspicious sources are marked) Attack Detection Real-Time Signature Created Light Challenge Actions Strong Challenge Action Selective Rate-limit?? X X TCP Challenge 302 Redirect Challenge Java Script Challenge RT Signature blocking Behavioral Real-time Signature Technology Challenge/Response Technology Real-time Signature Blocking Closed Feedback & Action Escalation Slide 34
35 AMS protections: unique value proposition Attack detection Real-time signature Light challenge Strong challenge Selective rate-limit Best security coverage Prevent all type of network and application attacks Complementing technologies fighting known and zero-day attacks Complete removal of non-browser rogue traffic Best user quality of experience (QoE) Reaching the lowest false-positive rate in the industry Advanced capabilities are exposed only when needed Reduced Cost of Ownership Automatic real-time attack mitigation with no need for human intervention Slide 35
36 DNS Mitigator
37 Behavioral DNS Application Monitoring DNS Query Distribution Analysis Associated threat vectors DNS QPS Rate Analysis per DNS Query Type TEXT records MX records Other records A records AAAA records PTR records A records base line MX records base line PTR records AAAA records Time Slide 37
38 Behavioral DNS Decision Engine DNS Query Distribution Analysis Rate Analysis DNS QPS TEXT records MX records Other records A records AAAA records PTR records A records base line MX records base line PTR records AAAA records Time Degree of Attack per DNS Query Type Fuzzy Logic Inference System Normal Suspect Attack Slide 38
39 Challenge/Response & Action Escalation System Botnet is identified (suspicious traffic is detected per query type) Attack Detection Real-Time signature created DNS query challenge Query rate limit Collective query challenge Collective query rate limit??? X X X Behavioral RT signature technology RT signature scope protection per query type Collective scope protection per query Type Closed Feedback & Action Escalation Slide 39
40 Service Cracking Behavioral Protections
41 Service Cracking Behavioral Protections Real-time protections against information stealth: HTTP servers Web vulnerability scans Bruteforce SIP servers (TCP & UDP) SIP spoofed floods Pre-SPIT activities SIP scanning SMTP/IMAP/POP3,FTP, Application Bruteforce Application scans Slide 41
42 Application Behavior Analysis Service Cracking Web Vulnerability Scan Scenario HEAD / HTTP/1.0 GET /examples/ HTTP/ OK Get /_vti_bin/shtml.exe HTTP/ Not Found Attacker GET /scripts/admin.pl HTTP/1.0 GET /cgi/websendmail HTTP/1.0 GET /cgi/textcounter HTTP/ OK 404 Not Found 404 Not Found Web Servers 200 OK Launches scan tool Non-detectable attack by standard signature-based IPS All transactions are legitimate Attack volume below rate threshold Slide 42
43 Application Behavior Analysis Service Cracking Standard IPS Approach - No signature protection - All requests are legal - Rate-limit thresholds High false-positive Requires constant tuning High frequency Error response code Blocked One time error Radware AMS Approach Advanced behavioral analysis to eliminate false positive Automatic detection and prevention Public Web Servers Slide 43
44 Network scanning and malware propagation Protections
45 Source-based Behavioral Analysis Behavioral Real-time protection against Zero- Minute Malware Propagation and network scans: UDP spreading worms detection TCP spreading worms detection High and low rate network scans Scanning/spreading pattern identification Infected source identification Slide 45
46 Connection behavioral score Connection behavioral score Source-based Analysis Source behavior analysis Normal Distribution Average Height Abnormal Distribution Width Port&IP Port&IP Decision-Making Mitigation Width Height Others Normal Suspect Attack Automatic RT Signatures Degree of Attack Slide 46
47 Mitigation: Source-based Real Time Signature? X? X? Analysis Analysis Analysis Intense Malware Activities Additional Spreading Activities Safe Environment After Both the Red first and filter Yellow against a objects worm is represent implemented, the malware spreading Closed-Feedback activities. Mechanism decides The Red that Worms the rest of the represent malware the spreading more activities intense spreading may disturb the network activities. operation. It adds additional prevention measures The Green according objects to a less represent intense legitimate criteria on top traffic. of the previous measure Initial Prevention Measure (e.g., source IP -> port 135 (TCP)) Optimization (e,g., source IP -> port 135 (TCP) OR port 445 (TCP) ) Optimization (e,g., source IP -> port 135 (TCP) OR port 445 (TCP) ) AND ( packet size AND TTL AND, ) Slide 47
48 IPS & Reputation Services
49 IPS & Radware s SOC Signatures Protection against: & Reputation Engine Application Vulnerabilities and exploits Web, Mail, DNS, databases, VoIP OS Vulnerabilities and exploits Microsoft, Apple, Unix based Network Infrastructure Vulnerabilities Switches, routers and other network elements vulnerabilities Malware Worms, Bots, Trojans and Drop-points, Spyware Anonymizers IPv6 attacks Protocol Anomalies Security Operation Center Leading vulnerability security research team Weekly and emergency signature updates Slide 49
50 Hello World hello-world-smtp Slide 50
51 Hello World hello-world-smtp hello-world-smatp TCP SMTP Text Hello World Case Sensitive Slide 51
52 Radware s SOC & Security Specialists Radware SOC has world recognition by the security industry and application vendors: SOC researchers and Security Specialists present their latest findings in industry events such as BlackHat and Defcon. Radware SOC is the first to discover application vulnerabilities in Apple iphone Safari web browser, Firefox 3, YATE IP telephony engine and more. Slide 52
53 Reputation Engine: The Need and Solution Malicious web sites have short life span and are created in matter of hours Static Signature Protection, with periodic updates, doesn t keep pace Antivirus & spyware removal software cannot protect against Pharming World-wide real-time research is the way to protect against such threats Anti-Fraud / Anti-Trojan service is a real differentiator for ISP/MSSP RSA Fraud Action One of the most proven and trusted online threat solutions 24x7 command center which constantly analyzes world-wide traffic Widest Phishing URL DB in the world today Takes preventive actions to remove malicious servers from the net DefensePro Service Real-time updates of new indentified malicious points by RSA Protection against: phishing, pharming and Malware (Fraud Trojan) attacks Slide 53
54 Financial Fraud: Methods Install Malware Attacker Web Site Victim Victim Victim Slide 54
55 Reputation Engine Phishing Campaign Malicious Site / Drop Point Fraud activities detected by AFCC service Internet Phishing Mail Trojan Communication to drop point DefensePro APSolute Vision AFCC AFCC Feed to Radware User clicks the Phishing link Insite feeds DefensePro with a real-time signature Slide 55
56 URL Types and Their Protection RSA Feed Type HTTP + Domain + Path Network Footprint GET /phishing.html HTTP 1.1 User agent: Firefox Host: Accept: text/html Advanced Filter: PATH + Host (Domain) HTTP + Domain GET /index.html HTTP 1.1 User agent: Firefox Host: Accept: text/html Basic Filter Host (domain) only HTTPS TCP Handshake TLS negotiation Encrypted Traffic Blocking the website entirely: [1]Translating the domain to an IP [2] Blocking that IP to port 443 Slide 56
57 SSL
58 Clear AMS Encrypted Attacks Mitigation Application cookie engines L7 ASIC Regex engine Traffic Anomalies Floods Network-Based DoS Attacks Application-Based DoS Attacks (Clear and SSL) Directed Application DoS Attacks (Clear and SSL) Clear Encrypted Web Cookie Challenge In case the client passes the HTTP filter check, DefensePro generates a Web cookie challenge (302 Client-side or JS challenge) that is encrypted and returned to the client by the Alteon SSL engine. Client termination responses point are decrypted and sent to the DefensePro, which validates the response. A client that responds correctly is authenticated (application level authentication ) and forced to open a new connection Alteon s directly SSL to the protected server. Acceleration Engine Encrypted Clear Once an attack is detected there are 3 main security actions that are done on each client who tries to connect to the protected server(s): Authenticated Encrypted SYN Attack Protection DefensePro authenticates the source through clients a safe-reset cookie mechanism, verifying the validity of the source IP and its TCP/IP stack. HTTP Signature Packet anomalies, DefensePro receives Behavioral DoS the & decrypted 1 st HTTP client request from the SSL engine Black & white lists TCP cookie engines and applies application layer signatures. This is done in order to remove the Directed HTTP DoS attacks that can only be mitigated by pre-defined or custom signatures. Slide 58
59 Policy Exceptions Black & White Lists Statefull ACL
60 Policy Exceptions Policies are defined in the Network/Server Protection table per network segments or servers There are cases where you want to set exception for the network policies: An infected host generates attack traffic and you want to block all traffic from this host till disinfected A management station polls regularly hosts to validate their software version thus creates semi scanning activity A host on the Internet launches an attack on your network, but you do not want to block it permanently by a policy More Policy exceptions can be set using: Black List White List Page 60
61 Black List The Black List comprises the traffic that the device always blocks without inspection. You use the Black List as policy exceptions for security policies. Page 61
62 Access Control List The Access Control List (ACL) module is a stateful firewall, which enables you to configure up to 500 flexible and focused stateful access-control policies. You can modify and view active ACL policies. You can also manage and view ACL report summaries in Web Based Management. ACL now contains access-control behavior and all block actions previously handled in the BWM module. The relevant ACL configuration takes precedence over the Session Table Aging parameter. To operate correctly, ACL needs to know the direction of session packets. Page 62
63 Bandwidth Management
64 Why to use Bandwidth Management? Managing your bandwidth prevents filling the link to capacity or overfilling the link, which may result in network congestion and poor performance. Tracking the bandwidth used by each application enables you the following: Ensure a guaranteed bandwidth for certain applications. Set limits as to how much bandwidth each classified traffic pattern can utilize. Page 64
65 Bandwidth Management Components
66 Counter Attacks
67 Radware s ERT Fights Back Slide 67
68 Stage 1- Simple connection Level
69 LOIC/Mobile LOIC Setup Slide 69
70 LOIC Attack traffic is dropped Slide 70
71 Mobile LOIC Attack traffic is dropped Slide 71
72 Mobile LOIC Attack traffic is dropped and connection is reset Slide 72
73 Stage 2 Advanced Connection Level
74 IP Protocol Manipulations TCP Sequence no: Send sequence no above window size, send illegal sequence no. Ack no: Send Ack no above/below correct seq. Window: Send window size = 0, send small window size. Urgent pointer: Send urgent pointer with very large/small number. Options: Send TCP options with a long no-op option string. UDP Send a packet with data incompatible with length Send ICMP Time exceeded message Send ICMP Parameter problem message Send ICMP Source Quench message Send ICMP Redirect with different destinations (try specifying the source as destination) HTTP Redirect to tar pit/source Elongated response Slide 74
75 LOIC - Preliminary Attack traffic is dropped and TCP zero window is sent to the source Slide 75
76 Stage 3 Integration within DP
77 Detection Forensics Integration Forensics Attack Detection THC SSL Tool Mobile LOIC Tool HTTP Flood SSL Flood Action = Window Size 0 Action = Drop &Suspend Attack Action = ƒ(detection, Forensics)
78 Summary
79 Summary: Counter Attacks Simple IP Protocol operations can affect attacker side and slow it down The same Idea may be extended to more elaborate Counter measures Integration of forensics and deeper awareness of attacker side can improve mitigation DP Modules to cross reference forensics and act accordingly Slide 79
80 WAF
81 The Secret Sauce Adaptive Policy Creation (1 of 3) App Mapping Threat Analysis Reservations.com /config/ /admin/ Risk analysis per application-path SQL Injection Spoof identity, steal user information, data tampering /register/ CCN breach Information leakage /hotels/ /info/ Directory Traversal Gain root access control /reserve/ Buffer Overflow Unexpected application behavior, system crash, full system compromise Slide 81
82 The Secret Sauce Adaptive Policy Creation (2 of 3) Reservations.com App Mapping Threat Analysis Policy Generation /config/ /admin/ SQL Injection Prevent access to sensitive app sections /register/ CCN breach ***********9459 Mask CCN, SSN, etc. in responses. /hotels/ /info/ Directory Traversal Traffic normalization & HTTP RFC validation /reserve/ Buffer Overflow P Parameters inspection Slide 82
83 The Secret Sauce Adaptive Policy Creation (3 of 3) App Mapping Threat Analysis Policy Generation Policy Activation Reservations.com /config/ Virtually zero false positive Time to protect /hotels/ /admin/ /register/ SQL Injection CCN breach ***********9459 Known vulnerabilities protections: Optimization of negative rules for best accuracy /info/ Directory Traversal /reserve/ Buffer Overflow P Add tailored application behavioral rules for Zero day protection Best coverage Slide 83
84 The Secret Sauce Unique Value Proposition App Mapping Threat Analysis Policy Generation Policy Activation Reservations.com Best security coverage Auto detection of potential threats Other WAFs require admins intervention and knowledge to protect Lowest false-positives Adaptive security protections optimized per application resource ( app- path ) Other WAFs auto generate global policies Shortest time to protect Highly granular policy creation and activation ( app-path ) Immediate policy modification upon application change Other WAFs wait upon global policy activation Reduced Cost of Ownership Automatic real-time attack mitigation with no need for human intervention Slide 84
85 Radware s SIEM
86 Radware Security Event Management (SIEM) APSolute Vision Management and security reporting & compliance Slide 86
87 Radware s built-in SIEM engine Built-in SEM Historical Reporting Engine Customizable Dashboards Event Correlation Engine Advanced Forensics Reports Compliance Reports Ticket Work Flow Management 3 rd Party Event Notifications Role/User Based Access Control Works with all Radware s Security Modules Slide 87
88 Radware s built-in SEM engine Unified Reports Threat analysis Target service Trend analysis Slide 88
89 Radware s built-in SEM engine - Dashboards Per user dashboard Slide 89
90 Radware s built-in SEM engine Event Correlation Event Correlation Rules by: Attack duration & time interval Managed devices Attack ID, Attack type Destination IP Protected Web Application Event description Source IP Action Risk weight definition Slide 90
91 Radware s built-in SEM engine Customer Report Per customer scheduled reports & alarms Scheduled Security Reports Scheduled Forensics Reports Event correlation & alarms Slide 91
92 PCI Compliance Summary Report Analysis Info PCI Requirement Action Plan Slide 92
93 Emergency Response Team
94 Radware s SOC Slide 94
95 Heads Up From SOC to Radware s RSM: We have been following the communications on various IRC channels used by the renowned Anonymous group This is a heads up to let you know that is currently under DDOS attack by Anonymous. The attack is performed using the LOIC tool. Here is a screen shot of the tool connected to the hive mind mode: the attack is planned for 2/6/11 at 13:00 GMT+1 (France time). Target: Warner Music Group Target: US Chamber of commerce Slide 95
96 Counter Attack A counter-offensive is the term used by the military to describe large scale, usually strategic offensive operations by forces that had successfully halted an enemy's offensive, while occupying defensive positions A counter-offensive is considered to be the most efficient means of forcing the attacker to abandon offensive plans. - Clausewitz Slide 96
97 Radware s ERT Fights Back 1 st step: AMS automatic defenses 2 nd step: ERT s Counterattack Choked Choked Choked Protected Servers Slide 97
98 ERT has identified LOIC s weakness point: Radware s ERT Fights Back An advanced discard action chokes the LOIC attack tool many attackers volunteer to quit By discarding a single packet at a certain offset position in the TCP stream, the mitigation layer causes the attackers machines to spend more than expected compute cycles managing more simultaneous connections. After about 10 minutes of this discard action, attackers complained in the Anonymous IRC channel about the tool slowing down their computers or LOIC crashing after a period of attack. Volunteers started to quit and attack volume was significantly decreased. Slide 98
99 Radware s ERT Fights Back How does it work Congestion window [bytes] Normal Attack Connection Data Transmitted Transmission time 0 sec 1 sec 2 sec Transmission time Slide 99
100 Radware s ERT Fights Back How does it work Advance packet discarding causes one connection to spread over more time ongestion window [bytes] Data is fragmented into smaller pieces 1 st data packet discard 2 nd data packet discard 3 rd 4 th Long transmission time 0 sec 1 sec 2 sec 3 sec 4 sec Transmission time Slide 100
101 Testimonials Hello ERT, We Of had an all the attack sites Monday these miscreants night directly pointed to Istanbul their "weapons" Police web at, sites XXX and was Cyber the Crime only revenuegenerating service that was targeted, and the only one that stayed up. Division web sites which is our customer(defensepro, AppDirector, AppWall), to protest Anonymous arrestments in I just Turkey wanted ( to send a quick note privately to make sure you are all aware that the DefensePro has been a key hardware component, no, THE key hardware component keeping our site We online. just watched we couldn't the attacks have done and it without DefensePro Radware, easily eliminated the attacks. We didn t My even team see has also any asked latency me during to make the sure attacks. we recognize Istanbul the huge Police contributions is thankful of Radware's to us and ERT to who was essentially part of our team 24x7 during these attacks, you. While most of the state websites gets unresponsive during the attacks, they One didn t of the feel toughest anything. critics on our team, put it like this: "This is a testament of them caring about their customers. They are in a business of making people happy in a crisis and they achieved it I really appreciate your partnership with flying and colors. dedication for supporting us. I am Thank you, glad that we have Radware as part of our critical infrastructure. Truly a superior product!! Slide 101
102 AMS Deployment & Control Options
103 Layered security needs Anti-DoS NBA IPS WAF Volumetric attacks Low & Slow, stateful -based application attacks & intrusions Directed Web attacks Virtual DC DefensePro Appwall DefensePro DefensePro s CI DC Anti DoS Scrubbing Center Slide 103
104 Layered security deployment options Anti-DoS NBA IPS WAF WAF VA Inline LOOP Copy DefensePro Virtual DC Out-of-path Appwall DefensePro DefensePro s CI DC Bridge T-Proxy ADC reverse proxy / cluster Anti DoS Scrubbing Center Slide 104
105 DP Local Out of Path (LOOP) Peacetime Copy LOOP Intelligent Switch Learning & attack detection Network DoS Application DoS Network Scanning & Malware propagation Application scanning Service cracking Datacenter Slide 105
106 DP Local Out of Path (LOOP) Attack time Copy Dynamic Redirect command LOOP Intelligent Switch Learning & attack detection Redirection done per attack target only: Network DoS (IP, Vlan, L4 Port, ) Application DoS Network Scanning & Malware propagation Inline mitigation only under attack. Application scanning Service cracking Datacenter Slide 106
107 Layered security deployment options Anti-DoS NBA IPS WAF WAF VA Inline LOOP Copy DefensePro Virtual DC Out-of-path Appwall DefensePro DefensePro s CI DC Bridge T-Proxy ADC Reverse proxy / cluster Anti DoS Scrubbing Center Slide 107
108 Appwall cluster deployment Web Servers DefensePro Load Balancer (AD / Alteon) Switch Application Servers Appwall cluster ADC Solution Traffic redirection of web application only High availability, health monitoring and scalability of Appwall Slide 108
109 Unified situational cloud awareness Unified situational awareness Pro-active threat detection & mitigation Dynamic risk mitigation engine Log management Compliance ROI reports Reduce cost Virtual DC CI DC Anti DoS Scrubbing Center Slide 109
110 Customer Success
111 Online Business Case: Reservation Site Pizza DDoS Attack hits German Sites More than 100,000 botnet clients have been making mass page requests Targeted 31 German sites: Pizza reservation sites such as pizza.de Real estate sites Travel reservation sites About the customer Large online travel site in Germany Offers low cost flights, hotels and car rental deals AMS in action Customer fully protected against the Pizza Bot attacks! Slide 111
112 Critical Infrastructure Customer Case Business Requirements Smooth and secure migration of its legacy voice infrastructure to pure VoIP technology Mobile service protection Why AMS? Network DDoS protection SIP and DNS focused protections Mobile infrastructure protection Accurate detection and prevention About the customer Austria's leading Telco provider 5.1 million mobile customers 2.3 million fixed access lines. Over 5 billion in yearly revenues (2010) Slide 112
113 MSSP Customer Case Business Requirements Offer value-added DDoS Protection for their hosted data center customers Why AMS? Best & proven coverage against all type of DDoS attacks Most accurate attacks detection and mitigation Advanced reporting per customer About the customer A major telecommunications provider in North America Over $15 billion revenue (2010) Slide 113
114 Heads Up From SOC to Radware s RSM: We have been following the communications on various IRC channels used by the renowned Anonymous group This is a heads up to let you know that is currently under DDOS attack by Anonymous. The attack is performed using the LOIC tool. Here is a screen shot of the tool connected to the hive mind mode: the attack is planned for 2/6/11 at 13:00 GMT+1 (France time). Target: Warner Music Group Target: US Chamber of commerce Slide 114
115 Radware Security Expertise : ERT Cases (1 of 2) Radware ERT helped High Council for Telecommunications (TIB) to achieve full protection against Anonymous attacks Anonymous group published a poster calling its fans to attack Turkish government agency Target: High Council for Telecommunications (TIB) When: June 9 th (Thursday) 2011 at 6PM Attack tool: Low Orbit Ion Canon (LOIC) Type of attack - Multi-vulnerability campaign HTTP Get flood attack TCP connection flood on port 80 SYN flood attack UDP flood attack Slide 115
116 Radware Security Expertise : ERT Cases (2 of 2) Radware ERT helped Istanbul police to achieve full protection against Anonymous attacks We just Anonymous watched the group attacks attacks and Istanbul DefensePro police easily revenge eliminated of the attacks. the arrest We didn t even see any latency during the attacks. Istanbul Police Target: is Istanbul thankful police to site us and to you. While most of the state websites When: gets June unresponsive 13 th 2011 during the attacks, they didn t feel anything. Attack tool: Low Orbit Ion Canon (LOIC) Istanbul police Type integrator of attack - Multi-vulnerability campaign Slide 116
117 Hong Kong Stock Exchange attacked from the news Since the interruption, HKEx s Information Technology team has been working closely with local and overseas security experts to investigate the cause of the attack and restore normal service. Slide 117
118 ERT case invoked HKSE site was attacked on the morning of August 10 th Web site crashed due to the attack Radware Hong Kong office shipped immediately attack mitigation device on site ERT opened war room, performing: Attacks analysis Device remote configuration 24x7 inspection Slide 118
119 Analysis: Multi-vulnerability attack campaign Attack UDP flood Impact Equipment Bottlenecks 1 SYN flood TCP connection flood HTTP page flood Consume TCP stack resources Consume Web application server resources (1) Firewall crashed under the attack Slide 119
120 Behavioral technology protects HKSE Traffic monitoring - UDP UDP flood attack detected UDP flood attack mitigated by Behavioral DoS feature in seconds Slide 120
121 TCP connection flood mitigation Legitimate traffic monitoring TCP connection flood detection and mitigated immediately Slide 121
122 Summary
123 Summary: Radware AMS Differentiators Best security solution for online businesses: DoS protection Network behavioral analysis (NBA) Intrusion prevention (IPS) Reputation Engine service Web application firewall (WAF) Built-in SEM engine Emergency Response Team (ERT) 24x7 Service for immediate response Neutralize DoS/DDoS attacks and malware outbreaks Lowest CapEx & OpEx Multitude of security tools in a single solution Unified management and reporting Radware offers low product and maintenance cost, as compared with most competitors. Greg Young & John Pescatore, Gartner, December 2010 Slide 123
124 Summary Attackers deploy multi-vulnerability attack campaigns Organizations deploy point security solutions Attackers seek blind spots Radware offers Attack Mitigation System (AMS): The only solution that can defend against emerging cyber-attack campaigns No blind spots in perimeter security The only attack mitigation solution that keeps your business up! Online business protection Data center protection MSSP Slide 124
125 Thank You
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationRadware s Attack Mitigation Solution On-line Business Protection
Radware s Attack Mitigation Solution On-line Business Protection Table of Contents Attack Mitigation Layers of Defense... 3 Network-Based DDoS Protections... 3 Application Based DoS/DDoS Protection...
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationIntroducing Radware Attack Mitigation System. Presenter: Werner Thalmeier September 2013
Introducing Radware Attack Mitigation System Presenter: Werner Thalmeier September 2013 Agenda Introducing Radware (quick) Current Attacks Landscape Quick Outlook on Radware Attack Mitigation System (AMS)
More informationData Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.
Data Centers Protection from DoS attacks. Trends and solutions Michael Soukonnik, Radware Ltd michaels@radware.com Riga. Baltic IT&T. 21.04.2010 Cybercrime Trends Page 2 Types of DoS attacks and classical
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationSHARE THIS WHITEPAPER
Denial-of-Service (DoS) Secured Virtual Tenant Networks (VTN) Value-added DoS protection as a service for Software Defined Network (SDN) a solution paper by Radware & NEC Corporation of America Whitepaper
More informationArrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015
Arrow ECS University 2015 Radware Hybrid Cloud WAF Service 9 Ottobre 2015 Get to Know Radware 2 Our Track Record Company Growth Over 10,000 Customers USD Millions 200.00 150.00 32% 144.1 16% 167.0 15%
More informationProtection against DDoS and WEB attacks. Michael Soukonnik Radware Ltd michaels@radware.com
Protection against DDoS and WEB attacks Michael Soukonnik Radware Ltd michaels@radware.com Landscape Ponemon Research 2012: Cyber security threats Cyber security threats according to risk mitigation priority
More informationSmart Network. Smart Business. APSolute Immunity with DefensePro Brochure
Smart Network. Smart Business. APSolute Immunity with DefensePro Brochure APSolute Immunity: Your Business Clear Choice for Proactive Network Security The Changing Threats Landscape: Non-Vulnerability
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationRadware Solutions for NGDC
Radware Solutions for NGDC Ofir Hatsor, June 2011 Main Drivers for NGDC Eliminate Costs of Downtime Improve Customer Experience & Employee Productivity Cut Application Infrastructure Cost by 20-50% Enhance
More informationAttack Mitigation Solution. Technology Overview - Whitepaper
Attack Mitigation Solution Technology Overview - Whitepaper Table of Contents Introduction...3 Market History...3 Recent Attack Trends...3 Technological Requirements of the Marketplace...4 Network-Based
More informationDDoS Mitigation Techniques
DDoS Mitigation Techniques Ron Winward, ServerCentral CHI-NOG 03 06/14/14 Consistent Bottlenecks in DDoS Attacks 1. The server that is under attack 2. The firewall in front of the network 3. The internet
More informationNSFOCUS Web Application Firewall White Paper
White Paper NSFOCUS Web Application Firewall White Paper By NSFOCUS White Paper - 2014 NSFOCUS NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationArbor s Solution for ISP
Arbor s Solution for ISP Recent Attack Cases DDoS is an Exploding & Evolving Trend More Attack Motivations Geopolitical Burma taken offline by DDOS attack Protests Extortion Visa, PayPal, and MasterCard
More informationTDC s perspective on DDoS threats
TDC s perspective on DDoS threats DDoS Dagen Stockholm March 2013 Lars Højberg, Technical Security Manager, TDC TDC in Sweden TDC in the Nordics 9 300 employees (2012) Turnover: 26,1 billion DKK (2012)
More informationSHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper
SHARE THIS WHITEPAPER On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper Table of Contents Overview... 3 Current Attacks Landscape: DDoS is Becoming Mainstream... 3 Attackers Launch
More informationSSL Inspection Step-by-Step Guide. June 6, 2016
SSL Inspection Step-by-Step Guide June 6, 2016 Key Drivers for Inspecting Outbound SSL Traffic Eliminate blind spots of SSL encrypted communication to/from the enterprise Maintaining information s communication
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationApplication Security Backgrounder
Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
More informationFortiWeb 5.0, Web Application Firewall Course #251
FortiWeb 5.0, Web Application Firewall Course #251 Course Overview Through this 1-day instructor-led classroom or online virtual training, participants learn the basic configuration and administration
More informationSteps for Basic Configuration
1. This guide describes how to use the Unified Threat Management appliance (UTM) Basic Setup Wizard to configure the UTM for connection to your network. It also describes how to register the UTM with NETGEAR.
More informationWeb Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationAttack Mitigation Solution
Attack Mitigation Solution Technology Overview - Whitepaper Powered by Radware, Inc. SHARE THIS WHITEPAPER Table of Contents Understanding the Threat Landscape... 3 The Evolution of Attackers Motivation...
More informationSecurityDAM On-demand, Cloud-based DDoS Mitigation
SecurityDAM On-demand, Cloud-based DDoS Mitigation Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS
More informationDDoS Protection Technology White Paper
DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of
More informationMulti-Layer Security for Multi-Layer Attacks. Preston Hogue Dir, Cloud and Security Marketing Architectures
Multi-Layer Security for Multi-Layer Attacks Preston Hogue Dir, Cloud and Security Marketing Architectures High-Performance Services Fabric Programmability Data Plane Control Plane Management Plane Virtual
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationComplete Protection against Evolving DDoS Threats
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More informationNetwork- vs. Host-based Intrusion Detection
Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477
More information1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?
Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against
More informationDefensePro Whitepaper Fighting Cybercrime: Rethinking Application Security By Ron Meyran
DefensePro Whitepaper Fighting Cybercrime: Rethinking Application Security By Ron Meyran Table of Contents Introduction...3 The Changing Threat Landscape...3 Organized Crime...3 Botnets The Rise Of The
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationWhy a Network-based Security Solution is Better than Using Point Solutions Architectures
Why a Network-based Security Solution is Better than Using Point Solutions Architectures In This Paper Many threats today rely on newly discovered vulnerabilities or exploits CPE-based solutions alone
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationFirst Line of Defense
First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Gain comprehensive visibility into DDoS attacks and cyber-threats with easily accessible
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationMetric Matters. Dain Perkins, CISSP Dain.Perkins@gmail.com
Metric Matters Dain Perkins, CISSP Dain.Perkins@gmail.com My Perspective Information security metrics do not show us how we need to improve our defenses Image: http://abcnews.go.com/sports/2014-fifa-world-cup-us-goalie-tim-howard/story?id=24400295
More informationMonitor Network Activity
Monitor Network Activity Panorama provides a comprehensive, graphical view of network traffic. Using the visibility tools on Panorama the Application Command Center (ACC), logs, and the report generation
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationManage the unexpected
Manage the unexpected Navigate risks and thrive Today s business world is threatened by a multitude of online security risks. But many organizations simply do not have the resources or expertise to combat
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationSecuring Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
More informationVALIDATING DDoS THREAT PROTECTION
VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to
More informationFortiDDos Size isn t everything
FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One
More informationThe Cyber Threat Profiler
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
More informationBarracuda Intrusion Detection and Prevention System
Providing complete and comprehensive real-time network protection Today s networks are constantly under attack by an ever growing number of emerging exploits and attackers using advanced evasion techniques
More informationWhy a Web Application Firewall Makes Good Business Sense How to Stay Secure with AppWall Whitepaper
Why a Web Application Firewall Makes Good Business Sense How to Stay Secure with AppWall Whitepaper Table of Contents Introduction...3 Living on the Edge: Your Unprotected Business is at Risk...3 The World
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationHillstone Intelligent Next Generation Firewall
Hillstone Intelligent Next Generation Firewall Kris Nawani Solution Manager (Thailand) 12 th March 2015 1 About Hillstone Networks Founded 2006 by Netscreen visionaries World class team with security,
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationSemantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0
Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator
More informationApplication DDoS Mitigation
Application DDoS Mitigation Revision A 2014, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Volumetric vs. Application Denial of Service Attacks... 3 Volumetric DoS Mitigation...
More informationMalicious Network Traffic Analysis
Malicious Network Traffic Analysis Uncover system intrusions by identifying malicious network activity. There are a tremendous amount of network based attacks to be aware of on the internet today and the
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationWhite paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.
TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...
More informationDDoS Protection on the Security Gateway
DDoS Protection on the Security Gateway Best Practices 24 August 2014 Protected 2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by
More informationFirst Line of Defense
First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Powerful web-based security analytics portal with easy-to-read security dashboards Proactive
More information1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
More information[Restricted] ONLY for designated groups and individuals. 2014 Check Point Software Technologies Ltd.
[Restricted] ONLY for designated groups and individuals Contents 1 2 3 4 Industry Trends DDoS Attack Types Solutions to DDoS Attacks Summary 2 Cybercrime Landscape DNS Hijacking Malware 3% 3% Targeted
More informationDDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest
DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service
More informationJUNOS DDoS SECURE. Advanced DDoS Mitigation Technology
JUNOS DDoS SECURE Advanced DDoS Mitigation Technology Biography Nguyen Tien Duc ntduc@juniper.net, +84 903344505 Consulting Engineer- Viet Nam CISSP # 346725 CISA # 623462 2 Copyright 2013 Juniper Networks,
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationNSFOCUS Web Application Firewall
NSFOCUS Web Application Firewall 1 / 9 Overview Customer Benefits Mitigate Data Leakage Risk Ensure Availability and QoS of Websites Close the Gap for PCI DSS Compliance Collaborative Security The NSFOCUS
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationDescription: Course Details:
Course: Malicious Network Traffic Analysis Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: There are a tremendous amount of network based attacks to be aware of on the internet
More informationContent Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway
TESTING & INTEGRATION GROUP SOLUTION GUIDE Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway INTRODUCTION...2 RADWARE SECUREFLOW... 3
More informationCS 356 Lecture 16 Denial of Service. Spring 2013
CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationSonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationAvailability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013
the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationGuidelines for Web applications protection with dedicated Web Application Firewall
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
More informationManaging Latency in IPS Networks
Application Note Revision B McAfee Network Security Platform Managing Latency in IPS Networks Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended
More informationlocuz.com Professional Services Security Audit Services
locuz.com Professional Services Security Audit Services Today s Security Landscape Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System layer.
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationNext Generation Firewall
Next Generation Firewall Product Overview SANGFOR Next-Generation Firewall is designed with Application Control, Intrusion Prevention and Web Security in mind, providing deep and fine-grained visibility
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More information