Understanding and Defending Against the Modern DDoS Threat

Similar documents
DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

DDoS attacks and Cyber-threats Common Misconceptions, Uncommon Defense What s your First Line of Defense?

On-Premises DDoS Mitigation for the Enterprise

Introduction to DDoS Attacks. Chris Beal Chief Security Architect on Twitter

Corero Network Security plc

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

First Line of Defense to Protect Critical Infrastructure

First Line of Defense

VALIDATING DDoS THREAT PROTECTION

First Line of Defense

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

How To Block A Ddos Attack On A Network With A Firewall

FortiDDos Size isn t everything

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

[Restricted] ONLY for designated groups and individuals Check Point Software Technologies Ltd.

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

DDoS Overview and Incident Response Guide. July 2014

ADC Survey GLOBAL FINDINGS

Stop DDoS Attacks in Minutes

A Layperson s Guide To DoS Attacks

TDC s perspective on DDoS threats

JUNOS DDoS SECURE. Advanced DDoS Mitigation Technology

WHITE PAPER Hybrid Approach to DDoS Mitigation

CRYPTUS DIPLOMA IN IT SECURITY

Pravail 2.0 Technical Overview. Exclusive Networks

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

A Decision Maker s Guide to Securing an IT Infrastructure

Stop DDoS Attacks in Minutes

Critical Security Controls

DDoS Threat Report. Chris Beal Chief Security Architect on Twitter

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer

How To Mitigate A Ddos Attack

Networking for Caribbean Development

DDoS Protection on the Security Gateway

Datacenter Transformation

How To Protect Yourself From A Dos/Ddos Attack

IDS / IPS. James E. Thiel S.W.A.T.

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

CMPT 471 Networking II

Corero Network Security First Line of Defense Executive Overview

Cloud Security In Your Contingency Plans

FortiDDoS. DDoS Attack Mitigation Appliances. Copyright Fortinet Inc. All rights reserved.

Cisco RSA Announcement Update

KASPERSKY DDOS PROTECTION. Discover how Kaspersky Lab defends businesses against DDoS attacks

/ Staminus Communications

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

F5 (Security) Web Fraud Detection. Keiron Shepherd Security Systems Engineer

F-SECURE MESSAGING SECURITY GATEWAY

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

SecurityDAM On-demand, Cloud-based DDoS Mitigation

DDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen. Eldad Chai, VP Product

A Primer for Distributed Denial of Service (DDoS) Attacks

DDoS DETECTING. DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. [ Executive Brief ] Your data isn t safe. And neither is your website or your business.

Firewalls and Intrusion Detection

The principle of Network Security Monitoring[NSM]

Security Testing Summary of Next-Generation Enterprise VoIP Solution: Unify Inc. OpenScape SBC V8

SECURING APACHE : DOS & DDOS ATTACKS - II

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

Four Steps to Defeat a DDoS Attack

How To Protect A Dns Authority Server From A Flood Attack

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Cisco IPS Tuning Overview

Intrusion Detection Systems

Potential Targets - Field Devices

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Yahoo Attack. Is DDoS a Real Problem?

NSFOCUS Web Application Firewall White Paper

How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

Chapter 11 Cloud Application Development

Breaking the Cyber Attack Lifecycle

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

IDS and Penetration Testing Lab ISA 674

Automated Mitigation of the Largest and Smartest DDoS Attacks

Securing Cisco Network Devices (SND)

Introducing IBM s Advanced Threat Protection Platform

Security of IPv6 and DNSSEC for penetration testers

Business Case for a DDoS Consolidated Solution

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Windows Remote Access

Certified Ethical Hacker (CEH)

Firewall Design Principles Firewall Characteristics Types of Firewalls

Transcription:

Understanding and Defending Against the Modern DDoS Threat SESSION ID: CLE-T09 Stephen Gates Chief Security Evangelist Corero Network Security @StephenJGates

Understand you re vulnerable!

How well are others preparing? 40% of enterprises are completely or mostly unprepared 23% of respondents indicated they did not have a plan 16% were unaware of any such current or future plans 26% are still relying on their operational infrastructure 50% have never tested their DDoS defense capabilities Access the entire report: www.corero.com/sans-ddos-survey

Easy to launch - tough to stop!

Do DDoS attacks really work?

Are the attackers getting smarter? Researchers have spotted an uptick in the number of ways attackers are launching DDoS attacks Attackers are becoming wise to the ways of DDoS detection and defenses Attackers are developing new methods of bypassing traditional defenses

Have the attacker s motivations changed? Attacker Profiles Hacker/Crackers Cyber Criminals Cyber Armies Cyber Terrorist Cyber Hacktivist Notoriety Profit Politics Fear Agenda Today there is a new category of attacker Cyber Mercenary Anything for Money

There is more than one type!

What categories/types of DDoS are there? Network Level DDoS Attacks Reflective DDoS Attacks Outbound DDoS Attacks Application Layer DDoS Attacks Specially Crafted Packet Attacks Defense IP Threat- Level Assessment Defense Stateful Flow Awareness Defense Bi-Directional Flood Detection Defense Behavior Analysis Defense Protocol Analysis According to a recent survey conducted by the SANS Institute The most damaging DDoS attacks mix volumetric attacks with targeted, application-specific attacks.

DDoS Digital Attack Map http://www.digitalattackmap.com/ Fragmented Application TCP Connect Volumetric

Beware of (L7) attacks!

What are some examples of L7 attacks? Repetitive: Home page, home page, home page Bogus login attempt Forgot my password Random keyword search SlowRead downloads Stock quote lookups 1,2,3

(L7) live attack demonstration

L7 Attack Demo Network Setup Attackers 50.244.70.243 50.244.70.244 10.10.10.4 Attacker Apache Web Server 14

Plan ahead!

What are the best practices? Address Planning-for and Response-to DDoS Evaluate ISP "Clean Pipe" Services Evaluate DDoS "Mitigation as a Service" Options Deploy DDoS Detection and Mitigation Equipment on Premises Why on-premises?

What solution addresses all DDoS attacks? Good Users Good Traffic On-Premises Defense Attackers Unwanted Traffic X Full Pipe Attacks X Attack Traffic On-Demand Cloud anti-ddos Attack Leakage Protected Critical Infrastructure According to a recent SANS Analyst survey: Hybrid solutions are nearly four times more prevalent than on-premise or cloud-only solutions.

You can t block what you can t see!

What does your visibility look like? Deploy solutions that: Provide complete traffic visibility Monitor all incoming connections Monitor all incoming requests Block all unwanted traffic Log all security policy violations Record attack traffic PCAP Gather attack intelligence

Watch for blended attacks!

What does a blended attack look like? Today s sophisticated DDoS Attackers will: Footprint (profile) the Web Presence Scan the infrastructure and Web resources Initiate network-level volumetric attack Maintain Flood spoof all source IPs Initiate low-and-slow application attacks Initiate specially-crafted packet attacks Initiate DNS reflective/amplified attacks Attempt to exploit (compromise) downstream servers Simultaneously launch as many types of attacks as possible A combined attack simply increases the chances of success!

Test your defenses!

What are the attackers using? Hping3 NMAP Low Orbit ION Cannon www.yoursite.com High Orbit ION Cannon KillApache.p l Slowloris HULK Metasploit SlowHTTPtest

Ask good questions!

Do you know what your SLA covers? Ensure you know what s covered & what s not Ask you ISP regularly about their defenses with regards to new attack vectors and tools Ask your ISP to adhere to Best Common Practices for example BCP-38/RFC 2827 http://www.rfc-base.org/rfc-2827.html Ask your ISP to do more to help solve the DDoS and cyber threat issue Ask your ISP to start offering cleaner-bandwidth options If you re not satisfied then consider other options

The Internet Needs a New First Line of Defense

Can t my FW, IPS or SLB defeat DDoS? Problem Many security devices claim to have DDoS protection Most have a single configuration Recommendation Find Solutions that: are purposely designed have extremely granular configurations can defend against all attack vectors can handle the load cannot be DDoS d itself include 24x7 support services DDoS On DDoS Off

Can firewalls block L7 attacks? Unwanted Traffic Internal Network Buffer Overflows Web TCP Port 80, 443 Services Application Layer DDoS DNS TCP/UDP Port 53 Code Injections Brute-Force Password Specially Crafted Packets All Firewalls work the exact same way! Mail TCP Port 25 FTP/SSH TCP Port 21, 22

Can t my Service Provider Block all DDoS? Some service providers might be able to help! However not all service providers have the right: Equipment Experience L2-L7 Visibility Secure service offerings

What s going to solve this problem? Undesired Users & Services DDoS Attacks & Competitive Abuse Protocol Violations & AETs Targeted Server Attacks Unwanted Traffic Key Steps of Protection Allow only EXPECTED traffic Evaluate AMOUNT of traffic Enforce CORRECTNESS of traffic Analyze INTEGRITY of traffic Restrict Access Limit Rates Enforce Protocols Prevent Intrusions Increase VISIBILITY into all unwanted traffic Increase Visibility

How can I learn more? Check Out Our Website If you d like a PDF copy of today s presentation, email info@corero.com Questions? Please forward them to stephen.gates@corero.com Check out my blog @ www.securitybistro.com Connect on Linkedin - www.linkedin.com/in/securitystephengates/ Follow us on Twitter - @Corero

Thank You! Stephen.Gates@Corero.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information