Working Group 5: Remediation of Server Based DDoS Attacks. Status Update



Similar documents
Working Group 5: Remediation of Server-Based DDoS Attacks. Status Update. March 20, 2014

Working Group 5: Remediation of Server-Based DDoS Attacks. Status Update

September, WORKING GROUP 5 Remediation of Server-Based DDoS Attacks Final Report

CSRIC IV - Working Group 4: Cybersecurity Best Practices Status Update

CYBERSECURITY RISK MANAGEMENT AND BEST PRACTICES WORKING GROUP 4: Final Report March 2015

CYBERSECURITY RISK MANAGEMENT AND BEST PRACTICES WORKING GROUP 4: Final Report March 2015

September 20, 2013 Senior IT Examiner Gene Lilienthal

Working Group 6: Best Practice Implementation

CSRIC V Working Group Descriptions and Leadership

Protect Yourself in the Cloud Age

DDoS Open Threat Signaling (DOTS) Working Group. Operational Requirements. Chris Morrow netman.net> Network Security Engineer, Google

Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

DHS, National Cyber Security Division Overview

Cloud Cyber Incident Sharing Center (CISC) Jim Reavis CEO, Cloud Security Alliance

Continuous Penetration Testing

IT LEADERSHIP COUNCIL STRATEGIC PLAN State of Idaho

Water Security in New Jersey: Partnership and Services

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team

DDoS Attacks Can Take Down Your Online Services

THE INDUSTRY How have technological changes affected the telecommunications industry, including entities that want to make automated calls?

UNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)

The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness

SNMP Reflected Amplification DDoS Attack Mitigation

INTERNATIONAL TELECOMMUNICATION UNION

Remarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel

Delving Into FCC's 'Damn Important' Cybersecurity Report

Coordinating Attack Response at Internet Scale (CARIS)

Introduction to DDoS Attacks. Chris Beal Chief Security Architect on Twitter

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC)

Information Security Program CHARTER

Testimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing:

Botnet Remediation Overview & Practices

THE MORAY COUNCIL. Guidance on data security breach management DRAFT. Information Assurance Group. Evidence Element 9 appendix 31

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

Cybersecurity and Incident Response Initiatives: Brazil and Americas

Remediating Violated Customers

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Business Continuity for Cyber Threat

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

Information Security and Risk Management

DDoS Open Threat Signaling (DOTS) Working Group. draft-ietf-dots-use-cases-00

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Phone Fax

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Priority III: A National Cyberspace Security Awareness and Training Program

CHAPTER 4 : CASE STUDY WEB APPLICATION DDOS ATTACK GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Cloud Security Alliance: Industry Efforts to Secure Cloud Computing

Modular Network Security. Tyler Carter, McAfee Network Security

Cyber Risks in the Boardroom

Operational security for online services overview

About Botnet, and the influence that Botnet gives to broadband ISP

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the

State of 911 Webinar NATIONAL 911 PROGRAM DECEMBER 15, 2015

Security Issues in Cloud Computing

A Network Administrator s Guide to Web App Security

CERT Collaboration with ISP to Enhance Cybersecurity Jinhyun CHO, KrCERT/CC Korea Internet & Security Agency

Cloud-Security: Show-Stopper or Enabling Technology?

Threat Management: Incident Handling. Incident Response Plan

2015 Online Trust Audit & Honor Roll Practices Deep Dive July 7, All rights reserved. Online Trust Alliance (OTA) Slide 1

Assuring Telecom (Infrastructure and Services) An Operations Perspective

The Hillstone and Trend Micro Joint Solution

Why you should adopt the NIST Cybersecurity Framework

Microsoft Services Premier Support. Security Services Catalogue

Microsoft Security Response Center (MSRC) Microsoft Malware Protection Center (MMPC)

Data Breach and Senior Living Communities May 29, 2015

CYBERSECURITY RISK MANAGEMENT

Application Security Manager ASM. David Perodin F5 Engineer

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

Transcription:

Working Group 5: Remediation of Server Based DDoS Attacks Status Update September 12, 2013 Peter Fonash (DHS), Co Chair Michael Glenn (CenturyLink), Co Chair

WG5 Objectives Description: Critical infrastructure sectors, including the financial sector, have been under assault from a barrage of DDoS attacks emanating from data centers and hosting providers. This Working Group will examine and make recommendations to the Council regarding network level best practices and other measures to mitigate the effects of DDoS attacks from large data centers and hosting sites. These recommendations should include technical and operational methods and procedures to facilitate stakeholder implementation of the recommended solution(s). Deliverable: Recommended measures communications providers can take to mitigate the incidence and impact of DDoS attacks from data centers and hosting providers, particularly those targeting the information systems of critical sectors. 2

WG5 Members Name Organization Name Organization Name Organization Peter Fonash (Co Chair) DHS Kevin Frank Sprint Eric Osterweil VeriSign, Inc. Mike Glenn (Co Chair) CenturyLink Mark Ghassemzadeh ACS Wayne Pacine Fed Reserve Board of Governors Paul Diamond (Co Editor) CenturyLink Darren Grabowski NTT Glen Pirrotta Comcast Bob Thornberry (Co Editor) Bell Labs, Alcatel Lucent Sam Grosby US Bank R.H. Powell Akamai Vern Mosley (FCC Liaison) FCC Joe Hall CDT Jim Reavis Cloud Security Alliance Jared Allison Verizon Dave LaBianca FS ISAC Neil Schwartzman CAUCE Chris Boyer AT&T Alan Langford Joomla Craig Spiezle Online Trust Alliance Don Blumenthal Public Interest Registry John Marinho CTIA David Stoline Drupal Matt Bretan Goldman Sachs Dan Massey IEEE Joe St Sauver Univ of Oregon/Internet2 Tim Byrd Bank of America Ron Mathis Intrado Kevin Sullivan Microsoft Martin Dolly ATIS Bill McInnis Internet Identity Jason Trizna Amazon Web Services Dale Drew Level 3 Chris Morrow Google Errol Weiss FSSCC Roland Dobbins Arbor Networks Mike O'Reirdan MAAWG Pam Witmer PA PUC David Fernandez Prolexic Technologies 3

Background CSRIC II in December 2010, approved WG8 s recommendations from their final report ISP Network Protection Practices recommended BPs in areas of prevention, detection, notification, mitigation, and privacy considerations focused on best practices (BPs) for ISPs that provide services to consumers on residential broadband networks, but noted many of the best practices identified in the report would also be valuable practices to apply in non consumer, non residential network contexts further recommended that, at a later date, the FCC consider whether additional best practice work would be valuable in the nonresidential context 4

Background (cont.) CSRIC III in March 2013, approved WG7 s recommendations from their final report U.S. Anti Bot Code of Conduct for ISPs (ABCs for ISPs) focused on botnet threat from residential broadband clients recommended voluntary ISP actions in areas of education, detection, notification, remediation, and collaboration further recommended the FCC, working in partnership with other federal government agencies and industry, facilitate the creation of case studies on bot mitigation activities 5

Background (cont.) Recent DDoS attacks have exploited vulnerabilities in web hosting companies and other large data centers to launch DDoS attacks on computer systems and websites An Illustrative Example 6

Background (cont.) CSRIC WG5 efforts will complement other botnet activities, including: Online Trust Alliance (OTA) Anti Botnet Working Group 1 multi stakeholder focus to develop and promote best practices to help prevent, detect, remediate, and recover from the threat of bots and related malicious activities Cloud Security Alliance (CSA) 2 cloud security stakeholder focus to develop and promote best practices Industry Botnet Group (IBG) 3 web host focus to develop best practices to mitigate effects of data center botnets 1 https://otalliance.org/botnets.html 2 https://cloudsecurityalliance.org 3 http://www.industrybotnetgroup.org 7

WG5 Status CSRIC IV WG5 charged to examine and make recommendations to the Council regarding network level best practices and other measures to mitigate the effects of DDoS attacks from large data centers and hosting sites WG5 has assembled a team of 40 members, including representatives from ISPs, banks, hosting providers, non profits, associations, academia, federal and state governments, and security experts to accomplish the CSRIC IV charge 8

WG5 Status (cont.) WG5 held a kickoff conference call with its working group members to discuss the CSRIC IV charge, develop an approach to accomplish the tasking, and develop the status update to the Council 9

WG5 Approach Develop representative case studies for server based DDoS attacks For each case study, identify network level actions taken to: Prevent, Deter, Detect, Notify, Defend, Remediate, and Recover from the attacks Determine if best practices were followed, or if gaps exist, in each of the above areas Document or develop network level best practices and other measures to mitigate the effects of DDoS attacks from large data centers and hosting sites 10

WG5 Schedule Bi weekly conference calls with members Quarterly face to face meetings (with phone in option for those unable to travel) June 2014 Draft Final WG5 Report September 2014 Final WG5 Report 11

Next Steps Firm up WG5 membership Revise initial work plan, based on member input, to accomplish the CSRIC IV charge Seek WG5 volunteers to lead development of case studies Schedule first face to face meeting Continue bi weekly conference calls Provide periodic status updates to Steering Committee and Council 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information