Mitigating the DoS/DDoS Threat. Why You Need On-Premises Security Solution in Conjunction with Anti-DoS Managed Service - Whitepaper

Similar documents
SHARE THIS WHITEPAPER

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Debunking Myths About DDoS Attacks: Radware 2011 Global Security Report.

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

SHARE THIS WHITEPAPER. Attack Mitigation Service Fully Managed Hybrid (Premise & Cloud) Cyber-Attack Mitigation Solution - Whitepaper

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

SecurityDAM On-demand, Cloud-based DDoS Mitigation

[Restricted] ONLY for designated groups and individuals Check Point Software Technologies Ltd.

Introducing Radware Attack Mitigation System. Presenter: Werner Thalmeier September 2013

A Layperson s Guide To DoS Attacks

DENIAL-OF-SERVICE ATTACKS

DDoS Protection Technology White Paper

Protection against DDoS and WEB attacks. Michael Soukonnik Radware Ltd

Customer Cases. Andreas Nordenadler, Sales Manager

Ferramentas de Ataques de DDoS e a Evolução de ameaças a disponibilidade contra serviços Internet. Julio Arruda Gerente America Latina Engenharia

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

SHARE THE ERT REPORT GLOBAL APPLICATION & NETWORK

Application Security Backgrounder

Introduction to DDoS Attacks. Chris Beal Chief Security Architect on Twitter

VALIDATING DDoS THREAT PROTECTION

How To Protect Yourself From A Dos/Ddos Attack

TDC s perspective on DDoS threats

Global Application & Network Security Report 2013

IDG Connect DDoS Survey

White Paper A10 Thunder and AX Series Load Balancing Security Gateways

Multi-Layer Security for Multi-Layer Attacks. Preston Hogue Dir, Cloud and Security Marketing Architectures

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Business Case for a DDoS Consolidated Solution

DefensePro Whitepaper Fighting Cybercrime: Rethinking Application Security By Ron Meyran

FortiDDos Size isn t everything

Check Point DDoS Protector

Acquia Cloud Edge Protect Powered by CloudFlare

How To Block A Ddos Attack On A Network With A Firewall

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Defense In Depth To Fight Against The Most Persistent DDoS

DDoS Protection on the Security Gateway

CloudFlare advanced DDoS protection

Four Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers

How To Stop A Ddos Attack On A Website From Being Successful

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

Four Steps to Defeat a DDoS Attack

First Line of Defense to Protect Critical Infrastructure

Cloud Security In Your Contingency Plans

Web Application Defence. Architecture Paper

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

DDoS Attack and Its Defense

Radware s Behavioral Server Cracking Protection

Arbor s Solution for ISP

Protect Your Infrastructure from Multi-Layer DDoS Attacks

Smart Network. Smart Business. APSolute Immunity with DefensePro Brochure

DDoS Attacks & Mitigation

Ihr Standort bleibt erreichbar. Ihre Applikationen bleiben erreichbar!

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

ERT Attack Report. Attacks on Large US Bank During Operation Ababil. March 2013

Networking for Caribbean Development

Radware Solutions for NGDC

No Blind Spots in Perimeter Security with Security Event Information Management

FortiDDoS. DDoS Attack Mitigation Appliances. Copyright Fortinet Inc. All rights reserved.

TLP WHITE. Denial of service attacks: what you need to know

Practical Advice for Small and Medium Environment DDoS Survival

F5 (Security) Web Fraud Detection. Keiron Shepherd Security Systems Engineer

Load Balancing Security Gateways WHITE PAPER

DDoS - Distributed Denial of Service

Smart Network. Smart Business. Application Delivery Solution Brochure

Four Steps to Defeat a DDoS Attack

Manage the unexpected

Why Is DDoS Prevention a Challenge?

On-Premises DDoS Mitigation for the Enterprise

2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative

Four Steps to Defeat a DDoS Attack

Attack Mitigation Solution. Technology Overview - Whitepaper

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Smart Network. Smart Business. Application Delivery Solution Brochure

DDoS Overview and Incident Response Guide. July 2014

2011 Global Application

Complete Protection against Evolving DDoS Threats

NSFOCUS Web Application Firewall White Paper

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

How To Design An Intrusion Prevention System

How To Attack A Website With An Asymmetric Attack

Understanding and Defending Against the Modern DDoS Threat

Why Anti-DDoS Products and Services are Critical for Today s Business Environment

Radware s Attack Mitigation Solution On-line Business Protection

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Defending Against Cyber Attacks with SessionLevel Network Security

Ganzheitlicher Schutz von Rechenzentren, Web-Servern und Anwendungen

BEng (Hons) Telecommunications. Examinations for / Semester 1

TEST METHODOLOGY. Distributed Denial-of-Service (DDoS) Prevention. v2.0

/ Staminus Communications

Teradata and Protegrity High-Value Protection for High-Value Data

Technical Series. A Prolexic White Paper. 12 Questions to Ask a DDoS Mitigation Provider

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons

Solution for Virtualization to Ensure Optimal Network Security Environment

Transcription:

Mitigating the DoS/DDoS Threat Why You Need On-Premises Security Solution in Conjunction with Anti-DoS Managed Service - Whitepaper

Table of Contents Abstract...3 DDoS is Growing and Evolving...3 DDoS Layers of Attack: the Protection Challenges...5 The Radware Approach to Fight the DDoS Threat...7 Summary...9 Smart Network. Smart Business. 2

Abstract In the era of fast-growing cyber-hacktivism where DDoS attacks are the preferred weapon of mass disruption, a closer look is required for emerging attack campaigns. Attackers are getting sophisticated. There are frequent DDoS attack campaigns that disembark directly at the victims IT infrastructure, bypassing managed DDoS protection services. This paper highlights recent DDoS attacks trends and why they are successful; it then shows why relying on managed DDoS protection services provides a partial solution against the DDoS threat. This paper also introduces Radware DDoS protection solution and establishes the need for an on-premises security solution in addition to the managed DDoS service. DDoS is Growing and Evolving Introduction Cyber-hacktivism has become so prevalent that every online business, financial service, government agency, or critical infrastructure is likely a target. Financially motivated attackers are still a threat, however their activity is not on the news since just recently, they have received much less publicity. Ransom 4% Other 4% Angry Users 12% Competition 7% Motivation is unknown 50% Political/Hacktivism 22% Figure 1: Radware Security Survey 2011: While the unknown motivation is still prominent the most prominent motivation is by far political hacktivism Smart Network. Smart Business. 3

Cyber attacks have become the weapon of choice for hacktivists seeking to leverage the impact of conflicts and social protests. Recent examples are the Anonymous group joining the Occupy Wall Street protesters to launch cyber attacks on major financial institutions in New York, attacking Sony,, and other companies affiliated with the copyright industry for revenge as part of Operation Mega-upload. In addition, the Nightmare group works with the hacker 0xOmar to escalate their cyber war against Israel, Attackers are getting sophisticated An analysis of cyber attacks throughout 2011-2012 by Radware s Emergency Response Team (ERT), notes that companies that relied only on a one-size-fits-all in-the-cloud managed security, or on-premise security solutions alone, could not withstand the coordinated attack campaigns. The Radware ERT review of the attack traffic from multiple reported cases shows that: Attackers are deploying multi-vulnerability attack campaigns, targeting all layers of the victim s IT infrastructure. This includes the network, servers, and application layers. Attackers who previously used distributed denial of service (DDoS) attack tools that focused on networks have now developed new DDoS tools focusing on applications. Attackers are using low & slow attack techniques that misuse the application resource rather than resources in the network stacks. Attackers are using evasion techniques to avoid detection and mitigation including SSL based attacks, changing the page request in a HTTP page flood attacks and more. Application 54% VoIP 2% Network 46% SMTP 9% HTTPS 13% TCP - SYN Flood 25% HTTP 21% ICMP 6% IPv6 2% DNS 9% TCP- Other 6% UDP 7% Figure 2: Radware Security Survey 2011: Attack count by type and bandwidth Smart Network. Smart Business. 4

As a result, small to medium online businesses, financial services, data centers, and enterprises find themselves with limited capabilities and knowledge to fight against emerging network security threats. While the common practice of organizations is relying on DDoS protection from their service provider, the recent wave of attacks in 2012 shows that attackers are getting sophisticated and manage to bypass the service provider and hit businesses directly. This aises the need to build secured network architecture that combines in-the-cloud DDoS protection and on-premise DDoS protection. DDoS Layers of Attack: the Protection Challenges DDoS Layers of Attack From the point of view of a service provider, DDoS attacks can be partitioned into four dimensions as shown in Figure 3: Volumetric bandwidth flood attack Attackers flood the victim with a high volume of packets, consuming networking equipment resources or bandwidth resources. These are network DDoS flood attacks such as SYN flood attacks (high packet-per-second attacks), large UDP packet floods (bandwidth attacks), ICMP floods, and more. Application DDoS flood attacks These attacks generate complete sessions and target the application resources. Examples are HTTP Get or Post flood attacks, or DNS flood attacks. SSL based attacks Encrypted SSL DoS and DDoS attacks consume more CPU resources during the encryption and decryption of the content than processing of a clear text. As a result, encrypted application DoS & DDoS attacks amplify the impact, even at relatively low rates of requests per second. Low & slow DoS attacks Low & slow application DDoS attacks exploit application implementation weaknesses and design flaws. Examples are Slowloris, a tool that allows a single machine to take down another machine s web server with minimal bandwidth, and Circle cache-control (Circle-CC), which floods a website by scanning the site across multiple pages systematically. Volumetric Bandwidth Flood Attacks Application Flood Attacks SSL Based Attacks Low & Slow DoS Attacks Figure 3: DDoS layers of attacks, from high volume to low volume attacks Where Current Mitigation Solutions Fail As mentioned in the introduction, online businesses, financial services, data centers, and enterprises find themselves with limited capabilities and knowledge to fight against emerging network security threats. The common practice of organizations is to rely on DDoS protection from their service providers. However, the recent wave of attacks in 2012 shows that the attackers are getting sophisticated and manage to bypass the service provider and hit businesses directly, as shown in Figure 4. Smart Network. Smart Business. 5

Volumetric Bandwidth Flood Attacks Application Flood Attacks SSL Based Attacks Low & Slow DoS Attacks In-the-cloud DDoS Protection On-premises DDoS Protection Figure 4: Where current mitigation solutions fail to protect against DDoS attacks In-the-cloud DDoS protection is effective against the volumetric bandwidth attacks, and some providers also offer protection against application DDoS flood attacks, depending on the equipment they are using for detection and accurate mitigation. However,the service providers has no visibility into SSL encrypted traffic and cannot block SSL based attacks; furthermore, the low & slow attacks typically will go undetected by the service providers as they are low rate attacks that run under the detection thresholds. To summarize, in-the-cloud DDoS protections are effective in cleansing a high volume of DDoS flood attacks. Deploying an on-premises DDoS protection solution provides complete protection against the application DDoS flood attacks, SSL based attacks, and the low & slow attacks. On-premises DDoS protection can detect and mitigate volumetric attacks as well, however the physical location at the business perimeter network rather than the carrier link, offers limited effectiveness: attackers that flood victims with a large volume of traffic achieve Internet link saturation, which renders the on-premises solution useless. Figure 5 shows that 27% of customers participating at the Radware survey reported that their service was denied due to overload of the Internet link. 27% 30% 24% 8% 4% 5% Internet pipe Firewall IPS/IDS Load Balancer (ADC) The server under attack SQL server Figure 5: Which services or network elements are (have been the bottleneck) of DoS? Smart Network. Smart Business. 6

The Radware Approach to Fight the DDoS Threat Introducing Radware Attack Mitigation System (AMS) Protecting the application infrastructure requires deployment of multiple prevention tools. Radware s Attack Mitigation System (AMS), is a real-time network and application attack mitigation solution that protects the application infrastructure against network and application downtime, application vulnerability exploitation, malware spread, information theft, web service attacks, and web defacement. Radware s Attack Mitigation System contains three layers: Protections layer A set of security modules including: Denial-of-service (DoS) protection, Network Behavioral Analysis (NBA), Intrusion Prevention System (IPS), Reputation Engine and Web Application Firewall (WAF). These modules fully safeguard networks, servers, and applications against known and emerging network security threats Security risk management - Built-in Security Event Information Management (SEIM) collects and analyzes events from all modules to provide enterprise-view situational awareness Emergency Response Team (ERT) - Consists of knowledgeable and specialized security experts who provide 24x7 instantaneous services for customers facing a denial-of-service (DoS) attack in order to restore network and service operational status Fighting the DDoS threat is based on multiple AMS protection modules: Volumetric Bandwidth Flood Attacks Application Flood Attacks SSL Based Attacks Low & Slow DoS Attacks Radware Security Features Anti-DoS NBA SSL Attacks Protection IPS Figure 6: Mapping Radware AMS protection modules according to the DDoS layers of defense Anti-DoS This module protects against all types of network flood attacks including UDP floods, SYN floods, TCP floods, ICMP floods, and out-of-state flood attacks. NBA The NBA module detects application misuse attacks and protects against HTTP page and post flood attacks, DNS flood attacks, SIP flood attacks, and more. SSL attacks protection In conjunction with Radware SSL accelerator, AMS detects and prevents SSL encrypted attacks, including application flood attacks and vulnerability based attacks. IPS This module deploys deep packet inspection to detect and mitigate low & slow attack tools such as Slowloris, Sockstress, and others. Smart Network. Smart Business. 7

End-to-end Mitigation Solution At this stage, it is clear that an effective mitigation approach against the DDoS threat requires both in-the-cloud protection and on-premises protection. Radware AMS is the best fit in the industry against the DDoS threat and can be deployed in both locations: On-premises Protection Against: Application DDoS Attacks SSL Based Attacks Low & Slow Attacks SSL Attacks Protection NBA Anti-DoS IPS Internet ISP Core Network Attack Mitigation System Anti-DoS Customer Site In-the-cloud protection against: Volumetric Bandwidth Attacks Attack Mitigation System In-the-cloud Anti-DoS Service Figure 6: Radware end-to-end mitigation solution fighting the DDoS threat In-the-cloud protection: AMS is used to remove the volumetric bandwidth attacks to avoid the risk of link saturation. This is the first line of defense against DDoS attacks. On-premises protection: AMS is deployed at the business perimeter network to fend-off all type of DDoS attacks: the low & slow attacks, SSL based attacks, application flood attacks, and leakage of network flood attacks that managed to go undetected or unprotected in-the-cloud. Only end-to-end mitigation deployment (in-the cloud AND on-premises protection), enables businesses to fully protect their IT infrastructure against evolving DDoS attacks. Smart Network. Smart Business. 8

Summary DDoS attacks are prevalent and no online business or organization can ignore them anymore. Attackers are getting sophisticated and launch multi-vulnerability attack campaigns, which makes detection and mitigation nearly impossible. Organizations that used to rely on their service provider s DDoS protection service (in-the-cloud), find that the attacks hit their business, bypassing the provider s protection layer. In recent attack cases, we have seen that businesses that have deployed Radware AMS on premises in conjunction with DDoS protection at the service provider were able to survive and maintain their business operations in spite of large scale, large volume multi-vulnerability attack campaigns. When AMS is deployed on both sides (on premises and at the service provider), they have achieved the best protection. Radware AMS delivers the following solution benefits: Radware AMS is the only solution that can truly protect against all type of DDoS attacks including volumetric DDoS flood attacks, application flood attacks, SSL based attacks, and the low & slow DoS attacks. End-to-end deployment of Radware AMS is the best solution to fight the DDoS threat at all layers, mitigating all attack vectors in seconds. When deployed on-premises, the online business has full control of its security solution and can be assisted with Radware ERT when attack mitigation expertise is required. Make sure your service provider deploys Radware AMS or that the service provider can remove the volumetric attacks with any other solution they deploy. AMS offers the lowest cost OpEx and CapEx solution to fight DDoS attacks. 2012 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective owners. Smart Network. Smart Business. 9 PRD-AMS-DoSDDoS-Threat-WP-01-2012/02-US

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information