GÉANT Perspective on DDoS DDoS Mitigation in the NREN Environment Workshop



Similar documents
Firewall on Demand Multidomain

Attacks Against the Cloud: A Mitigation Strategy. Cloud Attack Mitigation & Firewall on Demand

Firewall-on-Demand. GRNET s approach to advanced network security services management via bgp flow-spec and NETCONF. Leonidas Poulopoulos

CISCO IOS NETWORK SECURITY (IINS)

and 26th november 2016

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

Implementing Cisco IOS Network Security

DNS Best Practices. Mike Jager Network Startup Resource Center

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Securing E-Commerce. Agenda. The Security Problem IC Security: Key Elements Designing and Implementing _06_2000_c1_sec3

Deep Security Vulnerability Protection Summary

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

DDoS Mitigation Strategies

DDoS Mitigation Techniques

Secure Networks for Process Control

Reducing the impact of DoS attacks with MikroTik RouterOS

Firewall on Demand User Guide. February 2016

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Cisco IOS Flexible NetFlow Technology

Identifying Patterns in DNS Traffic

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

How to Secure RHEL 6.2 Part 2

How To Protect Gante From Attack On A Network With A Network Security System

Goals. Understanding security testing

State of Texas. TEX-AN Next Generation. NNI Plan

IINS Implementing Cisco Network Security 3.0 (IINS)

Course Title: Penetration Testing: Security Analysis

Cisco Network Foundation Protection Overview

CMPT 471 Networking II

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015

DDoS attacks in CESNET2

Network Virtualization Network Admission Control Deployment Guide

What a Vulnerability Assessment Scanner Can t Tell You. Leveraging Network Context to Prioritize Remediation Efforts and Identify Options

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

FlowMon. Complete solution for network monitoring and security. INVEA-TECH

Cisco & Big Data Security

Cisco Security Agent (CSA) Network Admission Control (NAC)

Introduction to DDoS Attacks. Chris Beal Chief Security Architect on Twitter

Radware s Attack Mitigation Solution On-line Business Protection

Securing Cisco Network Devices (SND)

DANCERT RFC2350 Description Date: Dissemination Level:

FISMA / NIST REVISION 3 COMPLIANCE

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

VA Medical Device Protection Program (MDPP)

Network Security Administrator

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Web Application Defence. Architecture Paper

Patch and Vulnerability Management Program

Cisco Certified Security Professional (CCSP)

Bridging the gap between COTS tool alerting and raw data analysis

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

Secure Cloud-Ready Data Centers Juniper Networks

Best Practices Guide: Vyatta Firewall. SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA February 2013

Cyber Security RFP Template

Automated Mitigation of the Largest and Smartest DDoS Attacks

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Network Incident Report

Intro to Firewalls. Summary

McAfee Endpoint Protection Products

SolarWinds Certified Professional. Exam Preparation Guide

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

Classic IOS Firewall using CBACs Cisco and/or its affiliates. All rights reserved. 1

AgriLife Information Technology IT General Session January 2010

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

TORNADO Solution for Telecom Vertical

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

NetFlow use cases. ICmyNet / NetVizura. Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o.

CCNA Security 1.1 Instructional Resource

Network Security Knowledge is Everything! Network Operations

Implementing Cisco IOS Network Security v2.0 (IINS)

First Line of Defense

Internet infrastructure. Prof. dr. ir. André Mariën

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

Anomaly Detection in Backbone Networks: Building A Security Service Upon An Innovative Tool

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

VULNERABILITY MANAGEMENT

A Network Design Primer

Accenture Cyber Security Transformation. October 2015

TABLE OF CONTENTS NETWORK SECURITY 1...1

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Open Source Security: Opportunity or Oxymoron?

Concierge SIEM Reporting Overview

Network Segmentation

Network Security Platform 7.5

How NOC manages and controls inter-domain traffic? 5 th tf-noc meeting, Dubrovnik nino.ciurleo@garr.it

DDoS Attacks. An open-source recipe to improve fast detection and automate mitigation techniques

Network Immunity Solution. Technical White paper. ProCurve Networking

3 Days Course on Linux Firewall & Security Administration

NSFOCUS Web Application Firewall White Paper

The SIEM Evaluator s Guide

DDoS Mitigation Solutions

MPLS Layer 3 and Layer 2 VPNs over an IP only Core. Rahul Aggarwal Juniper Networks. rahul@juniper.net

Attack Evaluation and Mitigation Framework

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Transcription:

GÉANT Perspective on DDoS DDoS Mitigation in the NREN Environment Workshop GEANT Information & Infrastructure Security Team Evangelos Spatharas DDoS Mitigation Workshop Vienna, November 10 th 2015

INDEX DDoS Statistics How to Prevent Understand your Network Network Architecture - Zones Modular Firewall How to Detect NetFlow Monitoring and Alerting NetFlow Alternatives Log Monitoring How to Mitigate ACLs RTBH BGP Flowspec The Future of BGP Flowspec Firewall on Demand NSHaRP Fully Integration Q & A November 2015 June 2015 October 2014 May 2014 FoD Chain Firewall Architecture RTBH Patch Scanning System s Log Monitoring NSHaRP September 2010 February 2010

Events seen per Month D(D)oS Not Just in Fiction Movies GÉANT DDoS Attacks 6000 5000 4000 3000 2000 1000 0 4,862 1,877 81 183 641 509 143 Apr-15 May-15 Jun-15 Jul-15 Aug-15 Sep-15 Oct-15 April 2015 - October 2015 DNS, NTP, SMPT and other amplification attacks..

How to Protect Against DDoS? Interconnect NREN Level3 4

Defending GÉANT 5

Defending GÉANT 6

Preventative Controls - Zones GÉANT GÉANT Ltd INTERNAL Protected External Internet EXTERNAL 7

Preventative Controls Deep Defence Protected-External IP prefix, protocol & port(s), spoof, smurf etc. filtering VLAN 100 Transport protocol(s)/port(s) filtering Basic Filtering Internet,NREN,IX etc. 8

Preventative Controls Patch Scanning and Management Number of Vulnerable System by OS Asset management Areas of attention Monthly scans Top 15 Vulnerable Systems for the current month By criticality Prioritize and remediate weakest ones first Monthly scans 9

Detection 10

Detective Controls NetFlow Monitoring 11

Detective Controls NetFlow E-mail Alerts 12

Detective Controls Login Rate Monitorin + Iptables + 1. index=nix_hosts_apache "Login failed for user*" stats count(src_ipv4) by host search count> 1000 2. iptables -I INPUT 5 -m limit --limit 10000/min -j LOG --log-prefix Possible DDoS: " --log-level 7 3. Nagios plugins? 13

Mitigation 14

Mitigation Controls ACLs + RTBH + BGP Flowspec ACLs RTBH BGP Flowspec Doesn t scale Time consuming Granular Less coarse Service filtering 2004 2009 Scalable Fast implementation No granularity Too coarse Wide support Scalable Fast implementation Granular Less coarse No support from older OSs 15

ACLs Chain Architecture Chain architecture Head Middle Tail Auditing Troubleshooting Deployment 16

RTBH Statistics 6 RTBH-ed destinations 2+ billions of packets blocked Counters reset every month 17

BGP Flowspec - FoD fod.geant.net Developed and designed by

FoD WEB GUI 19

FoD WEB GUI 20

FoD How Does it Work? IX A Internet GÈANT NREN A Flowspe c FoD IX B NSHaRP 21

FoD How Do we Envision it to Work IX A Internet GÈANT NREN A Flowspe c FoD IX B NSHaRP 22

Demo Time! FoD Demo Time 23

What do YOU think? What do YOU think? 24

Q & A 25

Thank you GEANT Information & Infrastructure Security Team Evangelos.Spatharas@geant.org 26

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information