Effects of DoS.

Slides:

Advertisements

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Advertisements

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Lecture 11 Reliability and Security in IT infrastructure.

The Business and Technology of Caching-based Services for State Education Networks Mike Lane Cacheflow, Inc. Phone (773)

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Page  1 SaaS – BUSINESS MODEL Debmalya Khan DEBMALYA KHAN.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.

Introduction to Computer Ethics

SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.

Akamai Technologies - Overview RSA ® Conference 2013.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Penetration Test

BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.

Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.

Role Of Network IDS in Network Perimeter Defense.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.

Technology and Business Continuity

Leverage the Cloud to Minimize the Impact of Ransomware

Threat Modeling for Cloud Computing

CompTIA Security+ Study Guide (SY0-401)

Chapter 6: Securing the Cloud

| Data Connectors: Atlanta, GA

Cloud Computing Q&A Presented by:

Web Application Protection Against Hackers and Vulnerabilities

DDoS Attacks on Financial Institutions Presentation

Network Security Analysis Name : Waleed Al-Rumaih ID :

CHAPTER 9 Cooperative Strategy

THE NEED FOR DNS DOMAIN NAME SYSTEM

CONTRA Camouflage of Network Traffic to Resist Attack (Intrusion Tolerance Using Masking, Redundancy and Dispersion) DARPA OASIS PI Meeting – Hilton Head.

Outline Introduction Characteristics of intrusion detection systems

Living in a Network Centric World

Living in a Network Centric World

Social & emotional competence of children

How to prepare for the End of License of Windows Server 2012/R2

Cloud Testing Shilpi Chugh.

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

Competition in Markets

Network Security: IP Spoofing and Firewall

Unit 1.6 Systems security Lesson 2

Living in a Network Centric World

Protect Microsoft Azure Apps from the Risks of Defacement, Data Leakage and Identity Theft “Microsoft Azure is the obvious platform to deploy your cloud.

Automating Profitable Growth™

Living in a Network Centric World

SAMANVITHA RAMAYANAM 18TH FEBRUARY 2010 CPE 691

Threat Monitoring and Defense A fully managed and monitored security and compliance solution for cloud, hybrid, & on-premises infrastructure.

Red Team Exercise Part 3 Week 4

Living in a Network Centric World

Living in a Network Centric World

Protect Your Ecommerce Site From Hacking and Fraud

Chapter 9: Setting the list or quoted price

Living in a Network Centric World

DDoS attack Turn slides

Living in a Network Centric World

Living in a Network Centric World

WJEC GCSE Computer Science

Unit 1.6 Systems security Lesson 1

Outline Why is DDoS hard to handle?

Automating Profitable Growth™

Living in a Network Centric World

Presentation transcript:

Effects of DoS

Motivations Bragging rights Disputes Lolz Protest Political Hactivism Monetary Ransom Competition Delivery vector Data Theft Virus/Malware DoS attacks started as a way to lash out over the internet, spiteful torrents of traffic sent to establish dominance, to settle disputes, or for a vandals thrill. *Some attackers combines their efforts into a common purpose, using Denial of Service attacks as a message to further their political goals. *Others organize for financial gain, disrupting a business until a ransom is paid, or gaining profits from the disruptions of a key rival. *Lately we’ve been seeing DoS attacks launched not for disruption, but for distraction. These attacks are used to disguise other malicious traffic, and to manipulate companies into changing their security position to expose the real target.

Network: Capacity High capacity infrastructure 10Gbps/100Gbps Moves the bottle neck Aggregation layer? Firewall? Server? Historically the approach to Denial of Service attacks has been to increase the capacity of the resource under attack. As infrastructure and attacks get more sophisticated, this defense is not always sufficient. Increasing the capacity in one area simply moves the bottleneck and where you are forced to expand again and again. Even with self scaling infrastructure, at some point there will be a resource that a limited scalability, even if this is your wallet.

Network: Tolerance Tolerance < Attack < Capacity remove service vendor blackhole Not all attacks saturate the overall capacity of the system. Within any system there is a point, below the capacity, where we are no longer willing to accept the risk of an ongoing attack. This may be an official figure, or determined in the moment. But once an attack crosses this tolerance threshold, if all other mitigation efforts have failed, the only option is to remove or suspend the target of the attack. Your service providers also have their own tolerance threshold, and if you don’t take action, at some point they will blackhole or suspend service to the target A common strategy of attackers is to hit with a quick burst of traffic, hoping to trigger a blackhole by the service provider in order to take the site down.

Network Effects: Collateral Damage Bottleneck < Attack < Tolerance Slow ramping attacks Targeting specific resources Other attacks take advantage of bottlenecks in the infrastructure, attacking targets where the fail point may be below any thresholds in the hopes that these attacks will be more difficult to detect. Where these resources are shared the attack has the unintended effect of disruption other systems. Service providers are particularly sensitive to any collateral damage in their infrastructure, any resulting blackholes will be long lived.

Solution: Distributed Upstreams Upstream diversity Multiple carriers redundancy capacity Quasi-distributed attacks single origin network traffic shaping Common practice, for those that can afford it, is to configure additional upstreams to add redundancy for coping with outages, and * capacity for withstanding attacks. * Efforts here can be undermined by attacks that originate predominantly from within a single network. * Similarly some networks engage in traffic shaping for performance or cost benefit purposes which ultimately increases the likelihood of an attack dominating a single entry point.

Solution: Distributed Networks Diffuse collateral damage Vulnerable to targeted disruption of key services Distributed networks and cloud based solutions offer new challenges and opportunities for attack. Distributed networks diffuse the risk of collateral damage but can expose new attack surfaces. For example: if an attacker can disrupt your single sign-on service, any dependant services will likewise be disrupted.

Operations - Detection Operations Team Detecting attacks Dealing with anomalies sudden popularity legitimate traffic bursts The other crucial component to your infrastructure is your operations team who operate and maintain these systems. Ideally these are the people who detect the attack (although some reports suggest that over 60% of attacks are reported by end users). Each member of the operations team has their own core competencies and primary focus. If these are not DoS attacks detecting the attacks can be challenging. For example, the following is a traffic graph that contains an attack. *but its not until we start looking at protocols instead of traffic that we see the attack *To further complicate matters, this is not an attack, this is traffic to a particular page of a gambling site during the world cup.

Operations Effects - Fatigue DoS attacks cause stress interruption of duties customers demands management demands Creates openings for attack removing security bottlenecks Denial of Service attacks are stressful, your operations team has a primary focus, certain key duties, and, hopefully, pride in doing what they do well. During an attack they are not doing this. Customers will be calling looking for answers, complaints will be flooding their inboxes and message boards. Inevitably someone very important will call in on an emergency line and demand that you do whatever it takes to get things back up now, and inform you how much money the company looses by the second. This leads to poor choices. Operations teams will be tempted to remove the bottleneck in order to try to restore service. Often this bottleneck is a firewall or other security appliance build to thwart intrusion attempts which cannot withstand the constant barrage of a DoS attack. Once this appliance is removed, services resume, everyone is relieved until some time later when they discover the data theft that was hidden in the denial of service attack which was the real goal, and was just waiting for the security appliance to be removed.

There is no single solution for every attack blended defence of many layers Modern DoS attacks are a series of moves and countermoves responsive, experienced operations team There is no if you will be attacked, only a matter of when have a plan in place

One Solution One solution is to have a dedicated solution that exists separate from your core network. That contains its own security team, security appliances, and proxies to filter for all of your public communication back to your core network.