Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to protect your network from the escalating threat of DDoS

Published byFrancine Harrison Modified over 6 years ago

Similar presentations

Presentation on theme: "How to protect your network from the escalating threat of DDoS"— Presentation transcript:

1 How to protect your network from the escalating threat of DDoS
Kleber Carriello de Oliveira Consulting Engineer

2 Distributed Denial of Service (DDoS)
DDoS – Explicacao bastante simplistica, o atacante vai “ENTUPIR” um gargalo, seja de banda, de processamento, de tabelas de estado.. Filling up your network capacity

3 Key Findings of the Survey
Threat severity and complexity continue to increase Attack size increases dramatically, impacting underlying network infrastructure Application layer attacks continue with some new applications being targeted more frequently. The Threat-to-Defense gap is the widest observed to date DDoS attack capabilities of miscreants are outpacing the defensive measures taken by network service providers Firewall and IPS equipment represents critical points of failure during DDoS attacks Mobile network growth is a game changer – availability of limitless botnets with greater bandwidth and few network control points New technologies affect fragility of Internet Infrastructure

4 DDoS Attack Sizes Over Time

5 Attack Motivation

6 Attack Frequency

7 Attack target

8 Application Layer

9 Failure of Firewall and IPS in the IDC
Nearly half of all respondents have experienced a failure of their firewalls or IPS due to DDoS attack

10 The IPv6 Security Arms Race
Vendors and network operators are rushing to introduce IPv6 visibility and security as networks scale up

11 The IPv6 Security Arms Race

12 The IPv6 Security Arms Race

13 DDoS Defense – No longer an Ostrich Mentality
The attitude to DDoS as a Service Availability Threat has traditionally been to bury your head and hope that it doesn’t happen to you. The attitude is quickly changing because of attack: Frequency Scope Motivation Source: Arbor Networks 2011 Worldwide Infrastructure Security Report

14 Impact of DDoS Attacks on the Business
Botnets & DDoS attacks cost an average enterprise $6.3M* for a 24-hour outage! Source: Ponemon Institute – 2010 State of Web Application Security * Source: McAfee – Into the Crossfire – January 2010 The impact of loss of service availability goes beyond financials: Operations How many IT personnel will be tied up addressing the attack? Help Desk How many more help desk calls will be received, and at what cost per call? Recovery How much manual work will need to be done to re-enter transactions? Lost Worker Output How much employee output will be lost? Penalties How much will have to be paid in service level agreement (SLA) credits or other penalties? Lost Business How much will the ability to attract new customers be affected? What is the full value of that lost customers? Brand & Reputation Damage What is the cost to the company brand and reputation? Mais do que SOMENTE o impacto direto de estar for a do ar (um site de ecommerce), imagine o dano a Reputacao de um governo que nao pode se defender, ou de uma empresa de telecomunicacoes, que nao pode se comunicar.

15 DDoS Tool Landscape – Easy Access for Everyone
Many malware families have added DDoS capabilities Attackers now have hundreds of tools to choose from at varying costs and complexities Single user flooding tools Host booters Shell booters DDoS bots of varying complexity There are no hard-and-fast lines between one threat class and another. The intent behind a tool and the motive for it’s use play a part in how it has been classified. This is not intended to be an exhaustive list of DDoS threats, only a sample.

16 Understanding DDoS

17 What is a DDoS Attack? During a Distributed Denial of Service (DDoS) attack, compromised hosts (bots) or vigilante users from distributed sources overwhelm the target with illegitimate traffic so that the servers can not respond to legitimate clients.

18 High Bandwidth Volumetric DDoS

19 Protocol Attacks

20 Connection Based Attacks

21 Reflection Attacks

22 Application-Layer Attacks

23 How to Protect Against DDoS

24 A Solution Needs to Handle All Attack Types
Different defenses are needed for different types of threats

25 DDoS Overwhelming Traditional Defenses
Current DDoS attacks are designed to thwart general defenses Use large, distributed botnets Employ low-and-slow application layer attacks Combine the above for obfuscation

26 Intelligent DDoS Mitigation Systems
Block common and complex attacks using a variety of counter-measures such as the ones listed here Detect and stop application-layer DDoS attacks that are hard to detect in the cloud General Single Source Attack Distributed DDoS Spoofed / Non-Spoofed Attacks TCP Attacks TCP SYN Floods Invalid TCP Flag Combinations Window Size Attacks (Sockstress, etc) Slow TCP Connections (TCP Idling, etc) HTTP / Web Attacks Slow HTTP Connections (Slowloris / Pyloris) HTTP GET / POST URL Floods DNS DNS Floods DNS Authentication Other UDP / ICMP Floods IP / TCP / UDP Fragment Floods IP NULL Floods Stop advanced attacks including application-layer DDoS attacks using multiple counter-measures Multiple dimensions of counter-measures can be leveraged to stop dynamic and diverse threats

27 Intelligent, Layered DDoS Protection Solution
DATA CENTER IPS Load Balancer ISP Based Mitigation Firewall Peakflow SP TMS Pravail APS In-Cloud DDoS Protection Protect Against all attack types Protect datacenter links Leverage expertise of the ISP CPE-Based DDoS Protection Always On Protection Keep services running when attacked Cloud signal to ISP system when overwhelmed

28 September 2012 Financial Sector Attacks
Case Study: September 2012 Financial Sector Attacks

29 The beginning of “Operation Ababil”
"Cyber fighters of Izz ad-din Al qassam” posted a call to action on Pastebin on September 18, calling for Muslims to attack the Bank of America and the New York Stock Exchange Four days earlier, messages linked to the same group called for attacks against Google's YouTube citing their refusal to take down a movie that offended some Muslims These attacks have continued over the past few weeks towards varying targets In spite of claims of responsibility tied to specific groups, Arbor has found no evidence to link these attacks to any particular group or nation-state. Time will tell the true motivations but the source is not relevant because the goal is to maintain availability and integrity of the applications and services. We must remain vigilant because there will always be another threat.

30 Attacks Take Major Financials Off-line

31 Triple Crown Attack – Multi-vector on a New Level
Three new tools being used Tool.Brobot, Tool.Kamikaze and Tool.Amos Multiple concurrent attack vectors GET and POST app layer attacks on HTTP and HTTPS DNS query app layer attack TCP SYN floods Floods on UDP, TCP, ICMP and other IP protocols Unique characteristics of the attacks Use of Shell booters (infected web servers) with high upstream b/w Very high packet per second rates per individual source Large bandwidth attack on multiple companies simultaneously

32 Lessons Learned Enterprise
Firewalls/IPS truly don’t offer any protection All companies attacked have these devices Carrier/MSSPs coverage has limits Resource strain when customers get attacked simultaneously Slower to upgrade to the latest releases/protections Need to deploy DDoS security in multiple layers On premise for control and speed Multiple upstream options MSSPs Capacity models need to be re-evaluated as larger multi-vector multi-customer attacks have become a reality Increase speed of new technology adoption

33 Thank You Kleber Carriello de Oliveira

Download ppt "How to protect your network from the escalating threat of DDoS"

Similar presentations

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Attackers Vs. Defenders: Restoring the Equilibrium Ron Meyran Director of Security Marketing January 2013.

Attackers Vs. Defenders: Restoring the Equilibrium Ron Meyran Director of Security Marketing January 2013.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
2011 Infrastructure Security Report 7 th Annual Edition CE Latinamerica Carlos A. Ayala

2011 Infrastructure Security Report 7 th Annual Edition CE Latinamerica Carlos A. Ayala
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Arbor Multi-Layer Cloud DDoS Protection

Arbor Multi-Layer Cloud DDoS Protection
Arbor Networks solutions

Arbor Networks solutions
Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg

Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
DDoS Protection, An Inside Look The 3 main types of attacks Will I be victim ? Why Us ? The Top 3 Misconceptions Fact vs Fiction A Realistic Defense.

DDoS Protection, An Inside Look The 3 main types of attacks Will I be victim ? Why Us ? The Top 3 Misconceptions Fact vs Fiction A Realistic Defense.
ISSA Nashville Chapter, May 17 th 2013 Alexander Karstens Senior Systems Engineer IXIA Communications Preparing your organization for DDoS.

ISSA Nashville Chapter, May 17 th 2013 Alexander Karstens Senior Systems Engineer IXIA Communications Preparing your organization for DDoS.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.

Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
2012 Infrastructure Security Report Darren Anstee, Arbor Solutions Architect 8 th Annual Edition.

2012 Infrastructure Security Report Darren Anstee, Arbor Solutions Architect 8 th Annual Edition.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Similar presentations

Ads by Google