Network monitoring and analysis tools:



Similar documents
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

DDoS Overview and Incident Response Guide. July 2014

Secure Software Programming and Vulnerability Analysis

Distributed Denial of Service protection

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons

Service Description DDoS Mitigation Service

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

How Cisco IT Protects Against Distributed Denial of Service Attacks

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

State of Texas. TEX-AN Next Generation. NNI Plan

How To Protect A Dns Authority Server From A Flood Attack

Stress Testing and Distributed Denial of Service Testing of Network Infrastructures

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

Quality Certificate for Kaspersky DDoS Prevention Software

[Restricted] ONLY for designated groups and individuals Check Point Software Technologies Ltd.

Putting the Tools to Work DDOS Attack

Traffic Diversion Techniques for DDoS Mitigation using BGP Flowspec. Leonardo Serodio May 2013

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Hunting down a DDOS attack

Introduction about DDoS. Security Functional Requirements

SecurityDAM On-demand, Cloud-based DDoS Mitigation

Arbor s Solution for ISP

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

TDC s perspective on DDoS threats

A Layperson s Guide To DoS Attacks

CHAPTER 4 : CASE STUDY WEB APPLICATION DDOS ATTACK GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Surviving a DDoS Attack

Network Security Demonstration - Snort based IDS Integration -

: SENIOR DESIGN PROJECT: DDOS ATTACK, DETECTION AND DEFENSE SIMULATION

Tel: Fax: ey.com. Report of Independent Auditors

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Complete Protection against Evolving DDoS Threats

Stop DDoS Attacks in Minutes

DDoS Threat Report. Chris Beal Chief Security Architect on Twitter

WHITE PAPER Hybrid Approach to DDoS Mitigation

Distributed Denial of Service (DDoS) attacks. Imminent danger for financial systems. Tata Communications Arbor Networks.

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

VALIDATING DDoS THREAT PROTECTION

PROFESSIONAL SECURITY SYSTEMS

VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK

DDoS attacks in CESNET2

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Firewall Firewall August, 2003

FortiDDos Size isn t everything

NetFlow use cases. ICmyNet / NetVizura. Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o.

Corero Network Security plc

Automated Mitigation of the Largest and Smartest DDoS Attacks

JUST FOR THOSE WHO CAN T TOLERATE DOWNTIME WE ARE NOT FOR EVERYONE

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Choosing a Content Delivery Method

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

Introduction of Intrusion Detection Systems

Report of Independent Auditors

Acquia Cloud Edge Protect Powered by CloudFlare

Managed Anti-DDoS Service Protection

Man, Machine and DDoS Mitigation

Denial of Service (DoS) Technical Primer

CloudFlare advanced DDoS protection

RID-DoS: Real-time Inter-network Defense Against Denial of Service Attacks. Kathleen M. Moriarty. MIT Lincoln Laboratory.

DDoS Attacks & Mitigation

DoS/DDoS Attacks and Protection on VoIP/UC

Stop DDoS Attacks in Minutes

Check Point DDoS Protector

DIFFUSING DENIAL OF SERVICE

Penetration Testing. University of Sunderland CSEM02 Harry R Erwin, PhD

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Protection Solution. Strategic White Paper

Data Hosting solutions

A Senior Design Project on Network Security

Mitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy

Seminar Computer Security

Network attack and defense

Colt IP Access Colt Technology Services

The Importance of High Customer Experience

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!

5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep)

CS 356 Lecture 16 Denial of Service. Spring 2013

Protecting against DoS Attacks

Cloud Security In Your Contingency Plans

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

On the Deficiencies of Active Network Discovery Systems

Information Technology Solutions

Analysis of a DDoS Attack

SECURITY FLAWS IN INTERNET VOTING SYSTEM

Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment

How To Block A Ddos Attack On A Network With A Firewall

Campus LAN at NKN Member Institutions

DDoS Protection on the Security Gateway

Transcription:

P0 TELECOM ITALIA Network monitoring and analysis tools: Security Operation experiences in Carrier-class IP Backbone protection IT.TS.SOC - Security Operation Center Ing. Fabio Zamparelli 2nd TMA Phd School - Bridging the gap between theory and practice in network monitoring and analysis Napoli, Italy - 6th June, 2011

Short Agenda Who Am I? Where Do I work? What are we going to talk about? DDoS OK, OK When are we going to talk about the real field experience? What info/detection tool do we need during the Battle? Some Real World case studies from the battle field 1

Who Am I? A Geek and a Manager Passionate about and Working in Networking and Internet World since 1996 Graduated at Federico II, Napoli - Computer Engineering & Systems department A period of collaboration with GRID/COMICS research Group on IP Network Security Joined Telecom Italia in 2001 and entered the IP Backbone NOC team Since 2003 I ve been working in Technical Security teams; my first role was Public Network Security Engineering Team Leader In 2008 I ve been officially appointed, in organization charts, Manager as the SOC More or less 10 years experience in ICT Security technical and management stuff, with a strong understanding of Critical Infrastructures Protection and Carrier Class Network Security 2

Where Do I Work? In Telecom Italia s ICT Infrastructures and Corporate Security Operation Center A team of internal and external security specialists I m proud to lead In charge of Dealing with: Public and Corporate Network Security IT OSS&BSS applications, IT Infrastructures and Office Automation Securtiy H24 Security Monitoring and Incident Handling Penetration Tests, VAs, Code Review and Technical Security Auditing Vertical Security Platform O&M Only Logical Security, not Physical Different from the dedicated MSS SOC 3

What are we going to talk about? 1) What a DDoS is Denial of Service: is an attempt to make a computer resource unavailable to its intended users Distributed DoS: Multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers Flood the victim network with unwanted traffic that prevents legitimate traffic from reaching the victim system Bandwidth Depletion (Flood) DDoS Attack DoS Resource Depletion Exploit-based DoS Attack Exploit errors in the operating system/application, causing resource starvation and/or thrashing and/or crash and/or unauthorized access and riconfiguration. Tie up the resources (CPU/Mem/Time) of a victim host or other devices (ie: Firewall). 4

What are we going to talk about? 2) DDoS: last mile bandwith & resources depletion Can cause indirecty affected infrastructure victims PoP PoP Customer s last mile depletion, security device depletion etc Customer Infrastructure PoP Telco Infrastructure Big Internet 5

What are we going to talk about? 3) DDoS: Trends 1/2 DDoS Attacks are indicated to be the most significant operational threat (with a significant influence on Infrastructure Outages) 65% percent of respondents reported that the highestbandwidth DDoS attacks they experienced during this survey period was directed at their end customers, while 26% reported that their own ancillary support services such as DNS and Web portals were targeted; 8% indicated that their own network infrastructure was the target of the highest-bandwidth attack they experienced. Source: Arbor Networks Worldwide Infrastructure Security Report - 2010. 6

What are we going to talk about? 3) DDoS: Trends 2/2 Near 70% of respondents indicated that they experienced more then 1 DDoS attack per month. Average Number of DDoS Attacks per Month Fonte: Survey Arbor Network Source: Arbor Networks Worldwide Infrastructure Security Report - 2010. 7

OK, OK When are we going to talk about the real field experience? 1) T.I. IP Public Network s Anomaly Detection Platform 1/2 S E A B O N E Big Internet Private Peering Points OPB Public Peering Points POP BBE POP Detection built on Aggregated & Statistically Monitored Traffic Through Sampled NETFLOW/CFLOW from Giga-Routers & Tera-Routers Configured on Perimeter/Border Routers interfaces Reaching Specific Statistical Aggregations to detect Critical Infrastructure events and anomalies 8

OK, OK When are we going to talk about the real field experience? 1) T.I. IP Public Network s Anomaly Detection Platform 2/2 Some Figures. Up to 800/900 Gigabit per second of traffic sampled collected and statistically analyzed Up to 200 Gigabit per second of traffic sampled and statistically analyzed from a single Top Tera Router Up to 20k Flow per Second collected and statistically analyzed from a single Top Tera Router 9

OK, OK When are we going to talk about the real field experience? 2) Where does it become to be a critical infrastructure events? Some Numbers of actually managed DDoS Attacks towards us during the last few weeks Up to 3.3Gbps targeting a single IP Up to 2.5Mpps targeting a single IP Sustained Attack lasting for more then 12 hours; Average Under Attack Condition for certain web portal lasting for some days and, in some cases, weeks What problem these attacks can bring to a Telco operator? When is it considered a Customer Issue? When does it become a localized degradation of Quality At which point are we going to consider it a Critical Infrastructure event? 10

What info/detection tools do we need during the Battle? Ability to Configure/Profile what net-prefixes you want to monitor and to aggregate data for Clear and Real-Time updated Anomaly Detection within Gps pipes of data War-Time Reaction Strategy and Decisions, mainly built by identifying: What KIND of Attack it is Where the attack is entering FROM Where it is going TO Which router is announcing the targeted prefix? What is the links bandwidth though which the indirectly victimized router is connected TO the backbone? 11

Some Real World case studies from the battle field 1) First Case Study 1/2 12

Some Real World case studies from the battle field 1) First Case Study 2/2 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information