Corero Network Security



Similar documents
Analysis of a DDoS Attack

First Line of Defense

First Line of Defense

Introduction to DDoS Attacks. Chris Beal Chief Security Architect on Twitter

Corero Network Security First Line of Defense Executive Overview

DRDoS Attacks: Latest Threats and Countermeasures. Larry J. Blunk Spring 2014 MJTS 4/1/2014

Your First Line of Defense AGAINST DDOS ATTACKS. scalability for First Line of Defense protection against cyber threats. ROBUST SECURITY COVERAGE

Corero Network Security First Line of Defense Overview

Your First Line of Defense AGAINST DDOS ATTACKS AND CYBER THREATS. for inspection performance, security. while providing an unprecedented

Denial of Service Attacks

Corero Network Security plc

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

Hosting Provider DDoS Protection Playbook

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons

Reducing the Impact of Amplification DDoS Attack

DDOS Mi'ga'on in RedIRIS. SIG- ISM. Vienna

How To Stop A Malicious Dns Attack On A Domain Name Server (Dns) From Being Spoofed (Dnt) On A Network (Networking) On An Ip Address (Ip Address) On Your Ip Address On A Pc Or Ip Address

Real Life DoS/DDOS Threats and Benefits of Deep DDOS Inspection. Oğuz YILMAZ CTO Labris Networks

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Automated Mitigation of the Largest and Smartest DDoS Attacks

DDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen. Eldad Chai, VP Product

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons

IPv6 and DDoS Protec0on: Securing Carrier Grade NAT Infrastructure

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

Acquia Cloud Edge Protect Powered by CloudFlare

How to launch and defend against a DDoS

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

How To Understand A Network Attack

TDC s perspective on DDoS threats

DDoS Threat Report. Chris Beal Chief Security Architect on Twitter

DDoS attacks in CESNET2

How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks

How To Mitigate A Ddos Attack

Campus LAN at NKN Member Institutions

Characterization and Analysis of NTP Amplification Based DDoS Attacks

CS 356 Lecture 16 Denial of Service. Spring 2013

WHITE PAPER Hybrid Approach to DDoS Mitigation

CloudFlare advanced DDoS protection

DDoS attacks and Cyber-threats Common Misconceptions, Uncommon Defense What s your First Line of Defense?

DNS amplification attacks

Attack and Defense Techniques

How To Attack Isc.Org.Org With A Dnet On A Network With A Pnet On The Same Day As A Dbus On A Pc Or Ipnet On An Ipnet.Org On A 2.5Th Gen.Net

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

How To Protect A Dns Authority Server From A Flood Attack

Automated Mitigation of the Largest and Smartest DDoS Attacks

DDoS Attacks & Mitigation

FIRST LINE OF DEFENSE

Understanding and Defending Against the Modern DDoS Threat

Network attack and defense

Network Security of Internet Services: Eliminate DDoS Reflection Amplification Attacks

FortiDDos Size isn t everything

A Very Incomplete Diagram of Network Attacks

Stream Deployments in the Real World: Enhance Opera?onal Intelligence Across Applica?on Delivery, IT Ops, Security, and More

Cloud Security In Your Contingency Plans

/ Staminus Communications

BEHAVIORAL SECURITY THREAT DETECTION STRATEGIES FOR DATA CENTER SWITCHES AND ROUTERS

[Restricted] ONLY for designated groups and individuals Check Point Software Technologies Ltd.

First Line of Defense

Don t get DDoSed and Confused. Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

VALIDATING DDoS THREAT PROTECTION

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Deploying IP Anycast. Core DNS Services for University of Minnesota Introduction and General discussion

DDoS Overview and Incident Response Guide. July 2014

CHAPTER 4 : CASE STUDY WEB APPLICATION DDOS ATTACK GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

NetFlow Analytics for Splunk

DDoS Attacks Can Take Down Your Online Services

Network Bandwidth Denial of Service (DoS)

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

PROFESSIONAL SECURITY SYSTEMS

Datacenter Transformation

First Line of Defense to Protect Critical Infrastructure

How To Block A Ddos Attack On A Network With A Firewall

The Continuing Denial of Service Threat Posed by DNS Recursion (v2.0)

Distributed Denial of Service (DDoS)

The Environment Surrounding DNS. 3.1 The Latest DNS Trends. 3. Technology Trends

DDoS Mitigation Solutions

DDoS Vulnerability Analysis of Bittorrent Protocol

NTP Reflection DDoS Attack Explanatory Document

DDoS Protection on the Security Gateway

TCP/IP Network Connectivity and ION Meters

NANOG DNS BoF. DNS DNSSEC IPv6 Tuesday, February 1, 2011 NATIONAL ENGINEERING & TECHNICAL OPERATIONS

FortiDDoS. DDoS Attack Mitigation Appliances. Copyright Fortinet Inc. All rights reserved.

Domain Name System Security

Splunk for Networking and SDN

ANATOMY OF A DDoS ATTACK AGAINST THE DNS INFRASTRUCTURE

DDC Sequencing and Redundancy

On-Premises DDoS Mitigation for the Enterprise

Transcription:

1 st Slovenian Network Operators Group Corero Network Security Peter Cutler, Systems Engineer EMEA

Hello Peter Cutler, Corero Systems Engineer BEng (Hons) Skype: petercutler_s peter.cutler@corero.com +44 7824 996 520

Unique Slovenian Legisla8on confirms the open and neutral character of the Internet and prohibits discrimina6on of Internet traffic on the basis of the services provided through it" ISPs will be prevented from restric6ng, delaying or slowing Internet traffic except in the case they have to solve conges6on, preserve security or address spam 3 2013 Corero www.corero.com

Classic Internet Opera8on Model Interconnect Backbone ISP 1 Business or ResidenTal ISP a.k.a Consumers Backbone ISP 2 Google Yahoo Bing etc Compe88ve Backbone Market Prices Down Service Up Net neutrality thrives 4 2013 Corero www.corero.com

North American Downstream Internet Traffic Source: Mashable 2014 Source: Sta8s8ca 2014 5 2013 Corero www.corero.com

Poten8al reasons for impact to Net Neutrality US- Specific Consolidated Opera8ng Model e.g. Verizon purchasing MCI (Consumer /Backbone now one) Opera8ng and Business Models to differen8ate Volume and Bandwidth delivered Security Delivered 6 2013 Corero www.corero.com

Denial of Service

SANS Ins8tute: DDOS Survey Feb 2014 Corero.com > Resources > Reports 8 2014 Corero www.corero.com

9 2014 Corero www.corero.com

10 2014 Corero www.corero.com

11 2014 Corero www.corero.com

Mi8ga8ng the Acack Corero s Security Operations Center Dashboard 5 Corero Customer 1 Corero customers can only view dashboards of their own data Corero SOC Staff Corero SOC can view and search data collected from all Corero customers and create new dashboards Splunk Search Head Dashboard 3 Internet Dashboard 4 Dashboard 6 Monitored customer data lives on customer premise Corero Partner 2 Corero Customer N Corero Partner 1 Corero partners can only view dashboards of customers they manage Corero Customer 1 Corero Customer 100 Corero Customer N Corero Management Software Corero Syslog, SNMP, etc. Corero Management Software Corero Syslog, SNMP, etc. Corero Management Software Corero Syslog, SNMP, etc. 12 2014 Corero www.corero.com

13 2013 Corero www.corero.com

14 2013 Corero www.corero.com

15 2013 Corero www.corero.com

16 2013 Corero www.corero.com

Security Event Repor8ng Answer who is acacking what IP s Masked IP s Masked 17 2013 Corero www.corero.com

..with addi8onal network metrics 18 2013 Corero www.corero.com

..Applica8on Protocol Analysis 19 2013 Corero www.corero.com

SecureWatch Top 3 Network Operator Relevant Security Events Number 4: SYN Flood : Number 3: Open DNS Resolvers VicTms are multple: Client performing lookup for the spoofed source (Real Vic8m!) Root name servers being queried. Backbone providers. 20 2014 Corero www.corero.com

Number 2: NTP Amplifica8on factor = J UDP/123 Asking the Ques8on: Ntpdc n c monlist <Address> Use nmap to scan for reflectors nmap su A PN n pu:19,53,123,161 script=ntp- monlist,dns- recursion,snmp- sysdescr <target> 21 2014 Corero www.corero.com

Number 1: SNMPv2..wait, what? Amplifica8on factor = J UDP/161 SNMP Polling enabled. Queries sent that match the community string. Guess? Public or Private?.. noauth for SNMPv3.. Botnet sends GetBulkRequest or Get query Spoof the source (Easy with UDP transport) For IPv4: Ques8on: 60-102bytes response: 423 1560bytes 22 2014 Corero www.corero.com

SmartWall TDS Power in a Small Package ¼ rack width Scalable Deployment Increments of 10 Gbps, 30M PPS 4U 19 23 2014 Corero www.corero.com

SmartWall TDS Power in a Small Package Nexus 5000 8 way LACP 80G (8x10G) NTD 80G (8x10G) NTD Nexus 5000 8 way LACP 1G Management Network 24 2014 Corero www.corero.com

Corero s Portolio SmartWall Threat Defense System First Line of Defense Internet SP Router C o r e r o Protected Cri8cal Infrastructure and Services Corero In the Cloud On Premises 25 2013 Corero www.corero.com

Thank you Peter.cutler@corero.com Twicer: Bleuhat

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information