Introduction about DDoS. Security Functional Requirements

Similar documents
1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

DDoS Overview and Incident Response Guide. July 2014

Check Point DDoS Protector

CS5008: Internet Computing

Denial of Service Attacks

Content Distribution Networks (CDN)

Firewall Firewall August, 2003

AntiDDoS1000 DDoS Protection Systems

VALIDATING DDoS THREAT PROTECTION

DDoS Protection Technology White Paper

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

CS 356 Lecture 16 Denial of Service. Spring 2013

TDC s perspective on DDoS threats

IxLoad-Attack: Network Security Testing

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

1. Firewall Configuration

How To Protect A Dns Authority Server From A Flood Attack

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide

How To Block A Ddos Attack On A Network With A Firewall

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

Acquia Cloud Edge Protect Powered by CloudFlare

Denial of Service Attacks and Countermeasures. Extreme Networks, Inc. All rights reserved. ExtremeXOS Implementing Advanced Security (EIAS)

CloudFlare advanced DDoS protection

Surviving DNS DDoS Attacks. Introducing self-protecting servers

Introduction of Intrusion Detection Systems

Complete Protection against Evolving DDoS Threats

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski

Firewall Defaults and Some Basic Rules

A S B

How To Stop A Ddos Attack On A Website From Being Successful

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Analyzed compe.tors Cisco RadWare Top Layer RioRey IntruGuard. January Cristian Velciov. (+40)

[Restricted] ONLY for designated groups and individuals Check Point Software Technologies Ltd.

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

Radware s Attack Mitigation Solution On-line Business Protection

JUST FOR THOSE WHO CAN T TOLERATE DOWNTIME WE ARE NOT FOR EVERYONE

Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks

SECURING APACHE : DOS & DDOS ATTACKS - I

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

Safeguards Against Denial of Service Attacks for IP Phones

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

DDoS Attack and Its Defense

Denial Of Service. Types of attacks

How To Prevent DoS and DDoS Attacks using Cyberoam

Chapter 8 Security Pt 2

Chapter 8 Network Security

Strategies to Protect Against Distributed Denial of Service (DD

FortiDDoS. DDoS Attack Mitigation Appliances. Copyright Fortinet Inc. All rights reserved.

Attack and Defense Techniques

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Huawei Traffic Cleaning Solution

Eudemon8000E Anti-DDoS SPU

Analysis of a DDoS Attack

How To Attack A Website With An Asymmetric Attack

Application DDoS Mitigation

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

About Firewall Protection

Analysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks

WhitePaper. Mitigation and Detection with FortiDDoS Fortinet. Introduction

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

Network Security 2. Module 2 Configure Network Intrusion Detection and Prevention

FortiDDos Size isn t everything

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Why Is DDoS Prevention a Challenge?

4 Delivers over 20,000 SSL connections per second (cps), which

DDoS Protection on the Security Gateway

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial

Data Sheet. DPtech Anti-DDoS Series. Overview

DoS: Attack and Defense

TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS

NSFOCUS Anti-DDoS System White Paper

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks

Firewalls and Intrusion Detection

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Seminar Computer Security

How Cisco IT Protects Against Distributed Denial of Service Attacks

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Distributed Denial of Service (DDoS)

Denial of Service (DoS) Technical Primer

Carrier/WAN SDN Brocade Flow Optimizer Making SDN Consumable

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

McAfee Network Security Platform [formerly IntruShield] Denial-of-Service [DoS] Prevention Techniques Revision C Revised on: 18-December-2013

Data Sheet. V-Net Link 700 C Series Link Load Balancer. V-NetLink:Link Load Balancing Solution from VIAEDGE

Security vulnerabilities in the Internet and possible solutions

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

AntiDDoS8000 DDoS Protection Systems

Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

PROFESSIONAL SECURITY SYSTEMS

A Layperson s Guide To DoS Attacks

Understanding Slow Start

What is a DoS attack?

Internet Services. Amcom. Support & Troubleshooting Guide

Web Application Level Approach against the HTTP Flood Attacks IOSEC HTTP Anti Flood/DoS Security Gateway Module

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

Attack Lab: Attacks on TCP/IP Protocols

Transcription:

S W G IT P Security Functional Requirements for Anti-DDoS Products Jun Woo Park (junusee@tta.or.kr) TTA, Korea Global Leader of ICT Standardization & Certification

Ⅰ Introduction about DDoS Ⅱ Security Functional Requirements

I. Introduction about DDoS 01 Introduction about DDoS 02 DDoS Attack Process 03 Methods of DDoS Attack 04 Operating Environment

01. Introduction about DDoS DDoS(Distributed Denial of Service) Multiple systems flood the bandwidth or resources of a target system Multiple systems(computers) attempt to access a particular server a lot at the same time The attack depletes resources of a target server or floods the network bandwidth Symptoms Unusually slow network performance Opening files or accessing web sites Unavailability of particular web site 4

02. DDoS Attack Process 5

03. Methods of DDoS Attack The attacks are generally classified into flood and application level. Flood Method Single Mixture - TCP Syn Flood - TCP Ack Flood - ICMP Flood - TCP Multi-connection DDoS Attack - TCP Syn-Ack Flood - TCP Fin Flood - UDP Flood - ICMP+UDP Flood - ICMP+TCP Flood - UDP+TCP Flood - ICMP+UDP+TCP Flood 6

03. Methods of DDoS Attack Method DDoS Attack Flood Single - TCP Syn Flood - TCP Ack Flood - ICMP Flood - TCP Multi-connection -TCP Syn-Ack Flood - TCP Fin Flood - UDP Flood - ICMP+UDP Flood Mixture - UDP+TCP Flood - ICMP+UDP+TCP Flood - ICMP+TCP Flood Application Level Single Mixture - Valid HTTP GET Flood - Invalid HTTP GET Flood - CC(Cache Control) - DNS Query Flood - Low bandwidth HTTP DoS - CC+TCP Flood 7

04. Operating Environment Inline(In-Path) Configuration Inline appliances are Generally deployed near the network firewall and in the direct flow of network traffic. And also have the beneficial property of viewing all inbound traffic perspective. 8

04. Operating Environment Out-of-Path Configuration Anti-DDoS is not in the direct path of the network traffic. A network traffic redirection technique is used to forward traffic to the appliance. Consist of mirroring device, detection sense, and blocking device 9

II. Security Functional Requirements 01 Security Functional Requirements 02 Testing Anti-DDoS Products 03 Certified Products

01. Security Functional Requirements Security Functions against DDoS attack Security Functions Detection/Block Trace Identification & Authentication Security Management Contents - Countermeasure against the DDoS attacks such as Flood, Fragmentation, Application Level - Audit generation of the detected and blocked traffic - Alarm - Traffic monitoring - Identification and authentication for an administrator - Policy setting and audit view 11

02. Testing Anti-DDoS Products The throughput capacity should be considered unlike other network security products. DDoS attack has properties of flooding network bandwidth and depleting resources of a target system. The throughput capacity of the products has to be verified. Security functions are affected by the throughput. And also, security functions(detecting and Blocking) have to be tested. 12

02. Testing Anti-DDoS Products Testing traffic for throughput capacity of the product Method Target Traffic Load Normal Traffic Sever Fragmented UDP 100% of the throughput capacity Testing traffic for security functions(detecting & Blocking) Method Target Traffic Load Attack Traffic Victim Checking Victim All methods of DDoS attack 90% of the throughput capacity Victim HTTP 1 tps Normal Traffic Server HTTP 5~10% of the throughput capacity 13

02. Testing Anti-DDoS Products Test cases Test Test Items Verification of throughput - Throughput - Packet Latency - Max Connection - Packet Loss Detection / Block - Detection time of attack packet - Blocking time of attack packet - Blocking rate of attack packet - Success rate of normal packet - Connection with victim server - Audit generation of detection & blocking 14

03. Certified Products Certified Products (Domestic) Company Product EAL Secui.com SECUI NXG D V1.0 EAL4 Nowcom COMTRUE Technologies SNIPER DDX V5.0.xg SNIPER DDX V5.1 DDoSCop-v2.0 EAL3 EAL4 EAL2 15

Global Leader of ICT Standardization & Certification Thank You

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information