For IT Infrastructure, Mobile and Cloud Computing - Why and how

Transcription

1 For IT Infrastructure, Mobile and Cloud Computing - Why and how

2 Will you fear me... First, who is this group called Anonymous? Put simply, it is an international cabal of criminal hackers dating back to 2003, who have shut down the websites of the U.S. Department of Justice and the F.B.I. They have hacked into the phone lines of Scotland Yard. They are responsible for attacks against MasterCard, Visa, Sony and the Governments of the U.S., U.K., Turkey, Australia, Egypt, Algeria, Libya, Iran, Chile, Colombia and New Zealand. (Source: Wikipedia) Source: Wikipedia Disruption and Denial of Service caused by hundreds of thousands of computers 3

3 May I be your nightmare... Ever read about your own death on your Website? -- Rupert Murdoch did... 4

4 Security Attacks and Damage Increasing Rapidly Exponential growth in new threats Number of vulnerabilities discovered in apps is far greater than in OS Hacking changed from Hobby to prosperous Business! Cybercrime economy estimated at $ 1 trillion in 2009! 6

5 The Source(s) of the Problem The Internet Flawed software Known vulnerabilities Unknown (zero-day) vulnerabilities Misconfiguration Network Servers Clients Trusting people

6 The Damage Loss of data Loss of time Monetary loss Disabled/crippled services Legal exposure Loss of reputation Customer churn

7 Types of Vulnerabilities 10

8 Network Security Threats Malware Viruses Worms Trojans Rootkits Spyware Spam Malicious adware/scareware Evasion techniques All of them are malicious..

9 It s all about Making Money Unauthorized bank, credit card transactions Advance fees (Nigeria) Product sales Scareware adware Criminal services Toolkits Stolen account information CAPTCHA-breaking services Virus testing Search redirection

10 The solution: Security Appliances (?) 20

11 Security Mechanisms/Devices Firewall VPN gateway Intrusion prevention (IPS) URL filtering Anti-virus Anti-spam Individual devices or combined Unified Threat Management (UTM) Feb 11, 2010 Fortinet ships 500,000 th ISA SonicWall NSA Series (now Dell)

12 Network Security Devices You have that all... But who can grant they are working correctly under Attack?

13 Measuring Security Devices Effectiveness Accuracy Performance Full load Real-world multiplay traffic Source: Microsoft Technet

14 Network Security Testing Known Vulnerabilities Unknown Vulnerabilities Massive DDoS Line-rate multiplay traffic Encrypted traffic Viruses Spam Trojans Rootkits Spyware Adware Network attacks Many thousands of vulnerabilities (CVE) Dozens of evasion techniques Frequent updates 24

15 Network Security Testing Known vulnerabilities (BPS/Ixia) Unknown vulnerabilities (BreakingPoint) Massive DDoS Line-rate multiplay traffic Encrypted traffic ARP flood PING Ping of death Smurf Unreachable host Land Teardrop SYN flood SYN/ACK FIN flood UDP fragment flood ACK fragment flood DNS flood Evasive UDP PING sweek Xmas tree 25

16 Network Security Testing Known vulnerabilities Unknown Vulnerabilities (BPS) Massive DDoS Line-rate multiplay traffic Encrypted traffic IPSec SSL/TLS 26

17 Trade-offs: DoS Attack Impact on Performance DoS Attack begins DoS Attack ends Customer traffic degradation IPsec performance degradation Results from an actual firewall test

18 Distributed Denial of Service

19 Illegal, yet happen frequently Easy to implement, easy to hide Monetary gain DDoS as a service DDoS blackmail What Motivates DDoS Attackers? Payback and revenge Take down competitive websites Personal attack Political Practicing DDoS attacks For fun

20 What are botnets? Automated software that controls a collection of zombie machines How big are they? 100,000+ zombies in large botnets Generate DDoS traffic at rates of 10 Gbps to 100 Gbps Botnets Microsoft Security Intelligence Report, June 2010

21 Unexpected Peak Hours DDoS attacks can be the result of an overwhelming number of legitimate Google recognized a DDoS pattern when millions of search queries for Michael J. death had an unexpected peak for several hours

22 Security in the Cloud 32

23 Cloud Service Providers Cloud Service Providers Say Data Security Not My Job : eweek.com May, 2010 Ponemon Institute survey: 103 US providers, 24 European providers 73% of U.S. providers: services did not substantially secure sensitive information 69% didn t believe securing data was their responsibility. Majority don t have dedicated security personnel Cloud providers are least confident in their ability to: Restrict privileged user access to sensitive data Ensure proper data segregation requirements 33

24 Virtualization Vulnerabilities Hyper-jacking VM escape VM hopping VM theft VM sprawl 34

25 VM Migration Vulnerability 35

26 Mobile Security 36

27 Air interface Applications Thousands each day Often written by novice programmers Vendors can t review everything Anti-virus often not installed Smartphone OS targets iphone Android Wireless Network Security 37

28 Testing Network Security Devices 38

29 Testing Network Security Devices Security effectiveness Ability to detect and block malicious traffic Effectiveness = blocked attacks / attempted attacks Detection accuracy False positives Blocking legitimate traffic = denial of service Scale and performance Application delivery performance QoE impact when handling attacks Resistance against high rates or volumes of attacks IPsec performance, especially for wireless gateways Availability Availability = 100 x uptime/(uptime + downtime)

30 Vendors Test Individual Components IDS/IPS 40

31 Enterprises need to test Entire Networks 41

32 IxLoad-Attack Ixia s comprehensive network security solution that validates: Distributed Security effectiveness Denial of Service Security accuracy Effectiveness Performance impact IxLoad-Attack test modules Vulnerabilities and malware DoS and DDoS Multiplay traffic generator Data theft simulation IPsec, SSL and GTP Vulnerabilities & Malware Data Leakage SSN, Credit Cards Data, Classified Information Accuracy Performance IPsec, SSL & GTP Real-world multiplay traffic

33 What is it all about? Making sure you can defend against the broad range of Threats Making sure you are supporting the real Traffic Mix Making sure the Evolution of Applications are safe / secure against the Evolution of Threats Every IT-Infrastructure is UNIQUE Vendor s datasheets will never show the real world! They just show a small part of their secure Lab environment. 43

34 What type of Stability Test do we offer? With BreakingPoint: IPv4 and IPv6 Fuzzing Tests L2 Fuzzing - Stack Scrambler Malformed Ethernet Frames L3 Fuzzing - Stack Scrambler Malformed IP Frames L4 Fuzzing - Stack Scrambler Malformed TCP and UDP Flows L7 Fuzzing - Application Simulator Malformed Applications IPv4 and IPv6 Traffic Impairment Test - Drop packet - Frack packet - Corrupt packet in bytes Corrupt packet in bytes Corrupt packet in bytes 257-end - Randomly corrupt packet - Corrupt IP checksum 44

35 Targeted Security Devices Targets a broad array of threat management devices: Intrusion prevention systems (IPS) Unified threat management (UTM) Firewalls VPN Gateways Data Leakage Prevention Content Filtering URL Filtering Anti-Virus Anti-Spam

36 Vulnerability & Malware Testing 9,000+ unique attacks Evasion techniques Bidirectional attacks Frequent attack updates Attacks over IPsec Security effectiveness under Load Attack injection with legitimate traffic Detailed user QoE measurements Vulnerabilities and malware injected over IPsec IxLoad-Attack Delivers DoS and DDoS Line rate 1GE and 10GE 26 DDoS attacks layer 2/4 Performance benchmarking UDP and TCP performance Voice, video and data mix Data leakage prevention Transmission of confidential data , HTTP, FTP, IM ZIP Archive, PDF, XLS, DOC

37 Physical Test Setup

38 Test Results Firewall performance while enabling network security services 42Gbps firewall mode, 32 Gbps IPS, 12 Gbps GAV Effectiveness of threat detection and prevention Stateful TCP application Gbps 200 high severity attacks 99% No appreciable CPU utilization impact with full DPI Security performance while under massive attacks 1Gbps DDoS, vulnerability attacks, 10Gbps application traffic 1,200,000 DDoS packets per second CPU utilization increased 30%, no appreciable HTTP impact

39 Test Results Vulnerabilities

40 Test Results DDoS

41 The right gear delivered by Ixia Network- and Security Test Equipment and Services for known and unknown Security Threats in Wired, Wireless, Virtual and Mobile Most efficient Security Monitoring Sie finden uns in Halle 12 -Stand IXIA / BreakingPoint -Stand IXIA / Anue -Stand IXIA IXIA / Anue IXIA / BreakingPoint 52

42 iphone5 Ziehung um 15:00 UHR Stand 449 Halle 12 53

43 Thank You Any questions feel free to contact me at