Presentation is loading. Please wait.

Presentation is loading. Please wait.

Richard Bible Security Solution Architect, F5 Networks DDOS EQUALS PAIN.

Published byNeal Manning Modified over 8 years ago

Similar presentations

Presentation on theme: "Richard Bible Security Solution Architect, F5 Networks DDOS EQUALS PAIN."— Presentation transcript:

1 Richard Bible Security Solution Architect, F5 Networks DDOS EQUALS PAIN

2 2© F5 Networks, Inc. Bandwidth carriers ISP’s bandwidth Your bandwidth Many: Thread jam Memory exhaustion Many: CPU Database load Thread jam Log attack Memory exhaustion Connection flood State Table: Too many connections State Table: TCP Flood. Negative caching Proxy bypass State Table: IP’s Low & slow Layer 7 – Random Layer 7 – Logical State Table: ACL Perf. Degrade FirewallDDoS applianceAPP acceleratorLoad balancerWeb serversDatabase BANDWIDTH >> PACKET >> CONNECTION >> OS >> HTTP(s) >> APP (PHP/ASP) >>> DB DDoS Attacks Exhaust Network Resources

3 3© F5 Networks, Inc. “ Sixty-five percent [of surveyed organizations] reported experiencing an average of three – DDoS attacks in the past 12 months, with an average downtime of 54 minutes. – 2012 Ponemon Institute Survey

4 4© F5 Networks, Inc. Izz ad-din al Quassam CyberFighters DDoS attacks on Bank of America, NYSE, Wells Fargo, PNC, Chase, SunTrust, Capital One and others. Peak attacks 75G, including mix of layer 3, 4, 5 and 7 attacks. Anti-DDoS scrubbers used for network attacks. F5 for Layer 7. Spotlight: Operation Ababil – September 2012 The CyberFighters appeared to have performed extensive network reconnaissance on data centers for each of the targets. Network reconnaissance likely included timing information on all available links and database queries.

5 5© F5 Networks, Inc. It happens to all of us…

6 6© F5 Networks, Inc. DDoS Ecosytem

7 7© F5 Networks, Inc. © F5 Networks, Inc 7 DDoS hides the real threat DDoS Attack on Bank Hid $900,000 Cyberheist Feb 13, 2013

8 8© F5 Networks, Inc. © F5 Networks, Inc 8 More sophisticated attacks are multi-layer Application SSL DNS Network

9 9© F5 Networks, Inc. Which DDoS mitigation to use? Content Delivery Network Carrier Service Provider Cloud-based DDoS Service Cloud/Hosted Service Network firewall with SSL inspection Web Application Firewall On-premise DDoS solution Intrusion Detection/Prevention On-Premise Defense

10 10© F5 Networks, Inc. The answer: “All of the above”

11 11© F5 Networks, Inc. devcentral.f5.com facebook.com/f5networksinc linkedin.com/companies/f5-networks twitter.com/f5networks youtube.com/f5networksinc

Download ppt "Richard Bible Security Solution Architect, F5 Networks DDOS EQUALS PAIN."

Similar presentations

© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.

© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.
Protecting Commercial and Government Web Sites: The Role of Content Delivery Networks Bruce Maggs VP for Research, Akamai Technologies.

Protecting Commercial and Government Web Sites: The Role of Content Delivery Networks Bruce Maggs VP for Research, Akamai Technologies.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.

Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.
F5 Synthesis Nilesh Mistry Field Systems Engineer n.mistry@f5.com.

F5 Synthesis Nilesh Mistry Field Systems Engineer
Attackers Vs. Defenders: Restoring the Equilibrium Ron Meyran Director of Security Marketing January 2013.

Attackers Vs. Defenders: Restoring the Equilibrium Ron Meyran Director of Security Marketing January 2013.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
2011 Infrastructure Security Report 7 th Annual Edition CE Latinamerica Carlos A. Ayala

2011 Infrastructure Security Report 7 th Annual Edition CE Latinamerica Carlos A. Ayala
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
Frederic Fleurat ffleurat@arbor.net SIT mazagan 2014 Frederic Fleurat ffleurat@arbor.net.

Frederic Fleurat SIT mazagan 2014 Frederic Fleurat
DDoS Attacks: The Latest Threat to Availability. © Sombers Associates, Inc. 2013 2 The Anatomy of a DDoS Attack.

DDoS Attacks: The Latest Threat to Availability. © Sombers Associates, Inc The Anatomy of a DDoS Attack.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.

Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.
The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.

The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg

Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg
Kill-Bots: Surviving DDoS Attacks That Mimic Legitimate Browsing Srikanth Kandula Dina Katabi, Matthias Jacob, and Arthur Berger.

Kill-Bots: Surviving DDoS Attacks That Mimic Legitimate Browsing Srikanth Kandula Dina Katabi, Matthias Jacob, and Arthur Berger.

Similar presentations

Ads by Google