Matt Sheely Devrin Lewis UC IT DDoS Prevention Research Project.

Slides:

Advertisements

Similar presentations

International Academy Design and Technology Technology Classes.

Advertisements

Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Computer Security and Penetration Testing

Security Awareness: Applying Practical Security in Your World

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

9.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 9: Installing and Configuring.

11 ADMINISTERING MICROSOFT WINDOWS SERVER 2003 Chapter 2.

Lesson 1: Configuring Network Load Balancing

Lesson 19: Configuring Windows Firewall

COEN 252: Computer Forensics Router Investigation.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Mr. Mark Welton.  Good documentation is key in a network design  Well-written documentation saves both time and money  Makes troubleshooting issues.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

Final Design and Implementation

Duties of a system administrator. A system administrator's responsibilities typically include:

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.

IBIS System: Requirements and Components Lois M. Haggard Office of Public Health Assessment.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

Internet Service Provisioning Phase - I August 29, 2003 TSPT Web:

Pre-Project Activities Text Chapters 5 and 6. Pre-Project Activities 1.Contract Review 2.Development Plan 3.Quality Plan.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Computers & Employment By Andrew Attard and Stephen Calleja.

Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Project ManagementDay 1 in the pm Project Management (PM) Structures.

IPv6 Network Assessor 111 © 2005 Cisco Systems, Inc. All rights reserved. Susan Shareshian Solutions Manager, Cisco Systems, Inc.

CPMT 1451 IT Essentials: PC Hardware and Software ITCC 1301 Cisco Exploration 1: Network Fundamentals ITCC 1304 Cisco Exploration 2: Routing Protocols.

Windows 7 Firewall.

ITEC 275 Computer Networks – Switching, Routing, and WANs Week 12 Chapter 14 Robert D’Andrea Some slides provide by Priscilla Oppenheimer and used with.

Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.

--Harish Reddy Vemula Distributed Denial of Service.

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 2 – 6 IP Access Lists 1.

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

Maintaining and Updating Windows Server Monitoring Windows Server It is important to monitor your Server system to make sure it is running smoothly.

Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.

Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.

Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam

Network design Topic 6 Testing and documentation.

NetTech Solutions Protecting the Computer Lesson 10.

Module 10: Windows Firewall and Caching Fundamentals.

1 Syllabus at a glance – CMCN 6103 Introduction Introduction to Networking Network Fundamentals Number Systems Ethernet IP Addressing Subnetting ARP DNS.

NETWORKING & SYSTEM UPDATES

DoS/DDoS attack and defense

Chapter 12 The Network Development Life Cycle

123rd Air Control Squadron Mobile network

1 Chapter Overview Monitoring Access to Shared Folders Creating and Sharing Local and Remote Folders Monitoring Network Users Using Offline Folders and.

DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.

SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.

CHAPTER 3 Router CLI Command Line Interface. Router User Interface User and privileged modes User mode --Typical tasks include those that check the router.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Campus Network Design.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.

SECURE LAB: CREATING A CISCO 3550 VLSM NETWORK

© 2002, Cisco Systems, Inc. All rights reserved.

Examcollection VCE Download

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Introduction to Networking

Introduction to Operating Systems

Cisco Braindumps

Unit 27: Network Operating Systems

ITMI Computer Lab Renewal GBA 573 Summer 2004 Jeffrey Preston

Unit 11- Computer Networks

Presentation transcript:

Matt Sheely Devrin Lewis UC IT DDoS Prevention Research Project

Overview History Problem Statement Hardware/Software Requirements Design Protocol Demo Testing Risk Management Budget Conclusion

History UC IT Attack –Distributed Denial of Service (DDoS) –Crippled UC network –Problem compounded: Blackboard services Outcome –DDoS prevention architecture: NetZentry NetZentry no longer supported –Outdated definition files in use

Problem Statement Currently, the UC IT department is looking for a new, non service based DDoS prevention architecture, either a hardware or software implementation, which performs to and/or exceeds the existing DDoS prevention architecture NetZentry.

Hardware/Software Requirements Vendor Supplied DDoS hardware –IntruGuard IG2000 (fiber) –Radware DefensePro x20 –Radware Absolute Insite ManagePro Cisco Catalyst 6500 Router Cisco 3750G PoE switch Radware Raptor Attack Tool Windows Server 2003 Machine (Management Console) Test Laptops

Design Protocol

Demo

Testing Weighted Value Chart Test StageMultiplier ValueDescription of Multiplier Value Configuration Testing 1.667Configuration testing was deemed lowest importance and will be used in case of a tie between vendor hardware. Baseline Testing 5.000Baseline testing was deemed highest importance in order to maintain legitimate network connectivity. Attack Testing 3.333Attack testing was deemed the second highest importance in order to maintain legitimate network connectivity.

Configuration Results ParametersPoor (1) Average (2) Excellent (3) Difficulty of Vendor Supplied Documentation x User Interfaces for Management x Vendor Availability x Overall configuration x ParametersPoor (1) Average (2) Excellent (3) Difficulty of Vendor Supplied Documentation x User Interfaces for Management x Vendor Availability x Overall configuration x Radware IntruGuard

Baseline Results ParameterVendorBlocks legitimate traffic (0) Fairly certain blocks legitimate traffic (1) Equal to be blocking as not blocking legitimate traffic (2) Fairly certain does not block legitimate traffic (3) Does not block legitimate traffic (6) Certainty of legitimate traffic not being blocked Radware x IntruGuard x

Attack Results Attack TypePass (1) Failed (0) RadwareIntruGuard Single Source, Non-spoofed TCP SYN Attack(21/04/09 14:36/12:18) 11 Single Source, Non- spoofed TCP RST Attack(21/04/09 14:46/12:27) 11 Multi-source, Spoofed TCP SYN attack (22/04/09 1:14)0 (1)1 Multi-source, Spoofed TCP RST attack (22/04/09 1:37)11 Single source, Non-spoofed UDP data flood (22/04/09 1:48)11 Single source, Non-spoofed UDP RTP flood (22/04/09 2:00)(ICMP 8) 11 Multi-source, Spoofed UDP Data flood (22/04/09 2:14)11 Multi-source, Spoofed UDP RTP flood (22/04/09 2:24)(ICMP 8) 11 Single source Non-spoofed ICMP echo request (27/04/09 1:20) (ICMP 8) 11 Single source Non-spoofed ICMP timestamp flood (27/04/09 1:20)(ICMP 8) 11 Multi-source Spoofed ICMP echo request (27/04 2:00)(ICMP 8) 11 Multi-source Spoofed ICMP timestamp flood (27/04 1:20)(ICMP 8) 11 Total attack testing score:1112

Risk Management RiskRisk LevelMitigation Vendor hardware delay and/ hardware failureHigh Maintain contact with vendors in order to anticipate hardware delay, and then have alternative procedures in order to maintain test schedule Vendor decision to withdraw from project. High Retain project with updated scope to compare two vendor hardware setups instead of three Test lab configurationModerate Run preliminary DDoS test on test network before beginning trial tests of hardware Test lab softwareModerate Back up plans for test software including vendor supplied testing software Lab hardware failureModerate Spare parts on hand to replace faulty hardware components. Over extending timelineModerate Develop multiple plans based on 3 or 4 week testing

Budget ProductRetail CostOur CostProvider Lab Resources Two Laptop Computers$ (2*$900) = $3900$2,100UC Lab/Personal Radware Raptor Attack Tool00Vendor Cisco 3750G PoE Switch$5, UC Network Operations Cabling$1.04 x 250ft = $2600UC Lab Vendor Hardware~$20,0000Vendor Visio$ MSDN Office 2007$164.94$10Student Book Store Windows Server 2K3 Machine$ UC Network Operations Labor$40 per hour0 Research hours30h x 2 = 60h0 Hardware installation5h x 3 x 2 = 30h0 Initial Lab setup10h x 2 = 20h0 DDoS Testing5h x 3 x 2 = 30h0 Recommedation report10h x 2 = 20h0 Total hours160h0 Labor costs160h x $40 = $64000 Total cost~$36,833.89$2,110

Conclusion TestRadware/IntruGuardMultiplierWeighted Total Configuration9/ / Baseline3/12515/36 Attack11/ /39.96 Complete Total / The IntruGuard IG2000 receives the recommendation to UCit based on the results of the test parameters as well as the fact that the Radware DefensePro requirement of downgrading to Java Run Time Environment 5.5 could be prohibitive to UCit.

Questions?

Configuration Screens

User Profile Network Administrator –Advanced network and security knowledge –Extensive knowledge of current UC network –Strong troubleshooting skills

Deliverables Installation and configuration process Documentation of configuration Analysis and performance report Recommendation report

For Vendor Responses refer to appropriate attached word documents: Radware_Response IntruGuard_Response