Presentation is loading. Please wait.

Presentation is loading. Please wait.

Financial Services Sector Coordinating Council (FSSCC) 1 Current DDoS landscape - Potential Impact Solutions – ISP v.s Carrier Agnostic Solutions – Fundamental.

Published bySheena Porter Modified over 8 years ago

Similar presentations

Presentation on theme: "Financial Services Sector Coordinating Council (FSSCC) 1 Current DDoS landscape - Potential Impact Solutions – ISP v.s Carrier Agnostic Solutions – Fundamental."— Presentation transcript:

1 Financial Services Sector Coordinating Council (FSSCC) 1 Current DDoS landscape - Potential Impact Solutions – ISP v.s Carrier Agnostic Solutions – Fundamental Architecture Designs Long Range Vision Committee - 2/1/2011 Threat Viewpoint – Distributed Denial of Service (DDoS) Threat Intelligence Committee

2 Financial Services Sector Coordinating Council (FSSCC) Current DDoS Landscape Recent Increase in activity o Summer 2010 – North Korea DDOS attack on 3 global banks and US Government web sites o Fall 2010 – Wikileaks supporter attacks on financial services and airlines web sites Activists becoming more involved – Mastercard, Visa and Paypal attack 3,000 participants and use of 30,000 node Botnet o The publicity of the Wikileaks attacks, and the tool used, make this type of attack available to anyone with a cause to champion. Expect broader and more frequent DDOS attacks o Simple to use DDOS attack tools available on the public internet, some preconfigured to attack specific sites – simply point and click (ex. next page) Availability of BOTnets to perform attacks becoming a commodity on the internet o $9.14 per 100 bots per hour is a recently quoted blackmarket rate AT&T CISO testifies to congress #1 concern is DDOS attacks. Observed spam attack by an activist group based on their disagreement with an advertising campaign. Impact of attack against e-commerce systems would be significant. especially for businesses providing direct to consumer business services Long Range Vision Committee - 2/1/2011 Threat Viewpoint – Distributed Denial of Service (DDoS) Threat Intelligence Committee 2

3 Financial Services Sector Coordinating Council (FSSCC) Sample of DDoS Tool Simplicity Long Range Vision Committee - 2/1/2011 Threat Viewpoint – Distributed Denial of Service (DDoS) 3

4 Financial Services Sector Coordinating Council (FSSCC) Solutions – Carrier Agnostic Carrier Agnostic Solution – Benefits o Single solution regardless of number of ISP’s used by the company. o Simplifies incident management and coordination of mitigation efforts. o Provides Cross-ISP correlation for incident detecting, reporting and mitigating attacks. o Mitigation efforts can be performed closer to point of attack. o Dedicated staff for DDOS only – core competency. o Provides both network and application layer attack protection. o Typically Cloud based solutions with ample resources should adjustments be required. o Costs anticipated to be lower than combination of multiple ISP solutions.Costs are variable in the event overages of GPS volumes are reached. Carrier Agnostic Solution – Considerations o Requires configuring edge routers to forward netflow or snmp data to vendor for analysis and monitoring. o Off-Ramping solution requires re-routing ALL webzone traffic through vendor network to be filtered. NOTE: Concerns about re-directing all traffic through a third party environment o Costs are variable in the event overages of allocated protection volumes are reached. Long Range Vision Committee - 2/1/2011 Threat Viewpoint – Distributed Denial of Service (DDoS) 4 Threat Intelligence Committee

5 Financial Services Sector Coordinating Council (FSSCC) Solutions – Carrier Agnostic Long Range Vision Committee - 2/1/2011 Threat Viewpoint – Distributed Denial of Service (DDoS) 5 Threat Intelligence Committee

6 Financial Services Sector Coordinating Council (FSSCC) Solutions – ISP ISP Solution- Benefits oISP uses own netflow data for analysis, eliminating need to configure edge routers to forward traffic to vendor. oISP internally redirects traffic to filtering mechanisms, no change required to reroute traffic to vendor during incident. oFiltering can be restricted to specific host(s) traffic, filtering of entire class B traffic is not required. oCosts are NOT variable in the event overages of allocated volumes are reached. ISP Solution- Considerations oMultiple implementations required, one for each ISP providing internet service to webzone environment. oUnsure if all ISPs used offer DDOS protection services oIncident detecting, reporting and mitigating attacks is limited to single ISP environment. Increases complexity for incident management. oMitigation efforts can be performed closer to point of attack only if within ISP network. oTypically use shared security resources, staff is not dedicated solely for DDOS support – not company core competency. oProvides only network layer attack protection, not application layer attacks. oCombined costs of multiple ISP solutions is anticipated to be higher than single combination of multiple ISP solutions. Long Range Vision Committee - 2/1/2011 Threat Viewpoint – Distributed Denial of Service (DDoS) 6 Threat Intelligence Committee

7 Financial Services Sector Coordinating Council (FSSCC) Solutions – ISP Long Range Vision Committee - 2/1/2011 Threat Viewpoint – Distributed Denial of Service (DDoS) 7 Threat Intelligence Committee

8 Financial Services Sector Coordinating Council (FSSCC) Executive Summary Threat Scope of Potential ImpactRisks & ConsiderationsPotential Outcomes CountermeasuresResource StrategyCommunication StrategyFollow-Up Actions Long Range Vision Committee - 2/1/2011 8 Threat Viewpoint Summary – Distributed Denial of Service (DDoS)

9 Financial Services Sector Coordinating Council (FSSCC) Long Range Vision Committee - 2/1/2011 Open Discussion 9 Next Committee Meeting March 1, 2011

Download ppt "Financial Services Sector Coordinating Council (FSSCC) 1 Current DDoS landscape - Potential Impact Solutions – ISP v.s Carrier Agnostic Solutions – Fundamental."

Similar presentations

Network Operations Research Nick Feamster

Network Operations Research Nick Feamster
1 Effective, secure and reliable hosted email security and continuity solution.

1 Effective, secure and reliable hosted security and continuity solution.
Self-Managing Anycast Routing for DNS

Self-Managing Anycast Routing for DNS
Deployment of MPLS VPN in Large ISP Networks

Deployment of MPLS VPN in Large ISP Networks
The Threat Landscape Jan 2013. 2013 Threat Report 2.

The Threat Landscape Jan Threat Report 2.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Use Cases for I2RS I2RS Interim Meeting Nicolai Leymann, Deutsche Telekom AG 19.04.2013.

Use Cases for I2RS I2RS Interim Meeting Nicolai Leymann, Deutsche Telekom AG
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.

IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
John Kristoff DePaul Security Forum 2003 1 Network Defenses to Denial of Service Attacks John Kristoff +01 312 362-5878.

John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff

Similar presentations

Ads by Google