Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg

Slides:

Advertisements

Similar presentations

© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.

Advertisements

Guide to Network Defense and Countermeasures Second Edition

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Akamai DNS Offerings RSA © Conference ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Domain Name System (DNS) Network Security Asset or Achilles.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.

Barracuda Web Application Firewall

Unified Logs and Reporting for Hybrid Centralized Management

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

With the Help of the Microsoft Azure Platform, Devbridge Group Provides Powerful, Flexible, and Scalable Responsive Web Solutions MICROSOFT AZURE ISV PROFILE:

Arbor Multi-Layer Cloud DDoS Protection

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

Worldwide Infrastructure Security Report C F Chui, Arbor Networks.

Barracuda Networks Steve Scheidegger Commercial Account Manager

Beyond DDoS: Case Studies on Attack Mitigation for Financial Services Mike Kun and Patrick Laverty, Akamai CSIRT.

ISSA Nashville Chapter, May 17 th 2013 Alexander Karstens Senior Systems Engineer IXIA Communications Preparing your organization for DDoS.

Norman SecureSurf Protect your users when surfing the Internet.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

2012 Infrastructure Security Report Darren Anstee, Arbor Solutions Architect 8 th Annual Edition.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Barracuda Load Balancer Server Availability and Scalability.

DonorDirect Offers a Donor Management System Made Specifically for Your Nonprofit Ministry and Delivered by the Powerful Microsoft Azure Platform MICROSOFT.

Corero Network Security First Line of Defense Introduction © 2014 Corero

Adra Match BALANCER: Balance Sheet Reconciliation Software Powered by the Microsoft Azure Cloud MICROSOFT AZURE ISV PROFILE: ADRA MATCH Adra Match develops.

Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.

Web Application Firewall (WAF) RSA ® Conference 2013.

It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security.

Akamai Technologies - Overview RSA ® Conference 2013.

Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.

--Harish Reddy Vemula Distributed Denial of Service.

The benefits of externalizing Web DMZ-as-a-Service in the Cloud James Smith, Sr. Security Sentrix

Team 6: (DDoS) The Amazon Cloud Attack Kevin Coleman, Jeffrey Starker, Karthik Rangarajan, Paul Beresuita, Arunabh Verma and Amay Singhal.

DDOS. Methods – Syn flood – Icmp flood – udp Common amplification vectors – NTP 557 – CharGen 359 – DNS 179 – QOTD 140 – Quake 64 – SSDP 31 – Portmap28.

Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.

Drew Reinders | GSEC Principal Solutions Engineer Defending Your Castle.

Sample Presentation Headline REPRESENTATIVE SUBHEAD TO SUPPORT SUBJECT Presenter’s Name Presenter’s Title Presentation Date DeterLab A Tool for Cybersecurity.

Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.

Actualog Social PIM Helps Companies to Manage and Share Product Information Using Secure, Scalable Ease of Microsoft Azure MICROSOFT AZURE ISV PROFILE:

Windows Azure Virtual Machines Anton Boyko. A Continuous Offering From Private to Public Cloud.

The Dark Menace: Characterizing Network-based Attacks in the Cloud

Mailjet and Microsoft Azure Offer All-in-One Infrastructure and Deliverability while Saving IT and Enterprise Time and Money with Scalability MICROSOFT.

DoS/DDoS attack and defense

Kona Security Solutions - Overview

DDoS Readiness Program. About Red Button Red Button A Leader in DDoS Consulting Founded in 2014 Service based Self funded Found by Ziv Gadot – Formerly.

Bring Your Own Security (BYOS™): Deploy Applications in a Manageable Java Container with Waratek Locker on Microsoft Azure MICROSOFT AZURE ISV PROFILE:

Axis AI Solves Challenges of Complex Data Extraction and Document Classification through Advanced Natural Language Processing and Machine Learning MICROSOFT.

Built on the Powerful Microsoft Azure Platform, Forensic Advantage Helps Public Safety and National Security Agencies Collect, Analyze, Report, and Distribute.

Microsoft Azure and ServiceNow: Extending IT Best Practices to the Microsoft Cloud to Give Enterprises Total Control of Their Infrastructure MICROSOFT.

V2 January © 2015 Citrix | Confidential – Content in this presentation is under NDA. NetScaler Pitch Deck One solution for all apps.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

©2014 Cleo. All rights reserved. Company confidential. Managing Chaos: Andy Moir Director, Product Marketing 2 Data Movement in 2015.

Improve the Performance, Scalability, and Reliability of Applications in the Cloud with jetNEXUS Load Balancer for Microsoft Azure MICROSOFT AZURE ISV.

Task Performance Group Provides Cutting-Edge E-Commerce B2B EDI Integration Using MegaXML SaaS Solution on Microsoft Azure Cloud Platform MICROSOFT AZURE.

Richard Bible Security Solution Architect, F5 Networks DDOS EQUALS PAIN.

Call-Center Agents, Customers Communicate More Conveniently with SMS Chat App COMPANY PROFILE: EARLY CONNECT Early Connect is a regional SaaS ISV founded.

No boundaries with Unified Web Security Solutions Steven Vlastra Sr. Systems Engineer - Benelux.

Accelerating Your Journey to a Safe Cloud

Web Application Protection Against Hackers and Vulnerabilities

DDoS Attacks on Financial Institutions Presentation

Real-time protection for web sites and web apps against ATTACKS

New Heights by Guiding Them into the Cloud

A10 Networks vThunder Leverages the Powerful Microsoft Azure Cloud Platform to Offer Advanced Layer 4-7 Networking, Security on a Global Scale MICROSOFT.

Replace with Application Image

AKAMAI INTELLIGENT PLATFORM™

Managing Chaos: Data Movement in 2014 Steve Jordan

Dell Data Protection | Rapid Recovery: Simple, Quick, Configurable, and Affordable Cloud-Based Backup, Retention, and Archiving Powered by Microsoft Azure.

F5 Networks Solutions Silverline Silverline

Presentation transcript:

Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg. F5 Networks Andrzej Kroczek a.kroczek@f5.com

“Software defined” everything Technology Shifts Are Creating Opportunity Advanced threats “Software defined” everything Internet of Things SDDC/Cloud Mobility HTTP is the new TCP

Frequency of attacks - 2014 Script kiddies The rise of hacktivism Feb 05 Bitly – Outage as result of DDoS attack Feb 11 Elance Freelance Job Site – NTP Reflection Attack; temporary website disruption Feb 11 oDesk – Temporary website disruption as result of DDoS attack Feb 20 Namecheap – Simultaneous attack on 300 websites it registers Mar 04 Meetup Event Planning – NTP Amplification attack carried out by extortionists Mar 11 GitHub Code Host – UDP based Amplification attack Mar 17 Royalty Free Stock Images – DDoS attack by extortionists Mar 20 Hootsuite – DDoS attack by extortionists Mar 24 Basecamp – DDoS attack by extortionists Mar 27 SurveyGizmo – DDoS attack; Site down 2 days; ISP abandoned recovery 2014 Script kiddies The rise of hacktivism Cyber war

The business impact of DDoS Cost of corrective action Reputation management

Which DDoS technology to use? Cloud/Hosted Service Completely off-premises so DDoS attacks can’t reach you Amortized defense across thousands of customers DNS anycast and multiple data centers protect you Strengths On-Premises Defense Direct control over infrastructure Immediate mitigation with instant response and reporting Solutions can be architected to independently scale of one another Strengths Customers pay, whether attacked or not Bound by terms of service agreement Solutions focus on specific layers (not all layers) Weaknesses Many point solutions in market, few comprehensive DDoS solutions Can only mitigate up to max inbound connection size No other value. Only providing benefit when you get attacked. (excludes F5)

Which DDoS technology to use? HyBRID Model Cloud and On-Prem Combined on-premises and cloud solution to stop all attacks Amortized defense across thousands of customers DNS anycast and multiple data centers protect you Immediate mitigation with instant response and reporting Direct control over on-premises infrastructure Solutions can be architected to independently scale of one another Strengths

Securing applications can be complex Ownership Challenges with security team making the dev team fix vulnerabilities Attack visibility Is often lacking details to truly track and identify attacks and their source, and ensure compliance and forensics Changing threats increasing in complexity that requires intelligence and on- going learning Webification Impossible to build safeguards into applications in a timely manner Scalability and performance Needed to ensure services are available during the onset of aggressive attacks Compliance Maintaining compliance with government standards

F5 Offers Comprehensive DDoS Protection Threat Intelligence Feed Next-Generation Firewall Corporate Users Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Cloud Network Application Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood Financial Services Multiple ISP strategy Legitimate Users Cloud Scrubbing Service E-Commerce ISPa/b Network and DNS Application DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning HTTP attacks: Slowloris, slow POST, recursive POST/GET DDoS Attackers Volumetric attacks and floods, operations center experts, L3-7 known signature attacks Subscriber IPS Strategic Point of Control

Consolidated datacenter protection Use case Before f5 Network DDoS Protection Application DDoS Protection Web Access Management Attackers Load Balancing Load Balancing w/ SSL User Firewalls DNSSEC Rising Security Threats/Attacks with f5 Load balancing multiple firewalls Load balancing application s Separate approaches to securing against attacks

Consolidated datacenter protection App Servers Classic Server Network DDoS Application DDoS Web Access Management Before f5 Firewall Load Balancer & SSL Load Balancer with f5 DNS Security Web Application Firewall Access Security App Servers Classic Server Data Center Firewall Application Security User Consolidation of firewall, app security, traffic management Protection for data centers and application servers High scale for the most common inbound protocols