Presentation is loading. Please wait.

Presentation is loading. Please wait.

DRUPAL CON NASHVIllE 2018 DRUPALCON NASHVILLE.

Published byLynne Anthony Modified over 6 years ago

Similar presentations

Presentation on theme: "DRUPAL CON NASHVIllE 2018 DRUPALCON NASHVILLE."— Presentation transcript:

1 DRUPAL CON NASHVIllE 2018 DRUPALCON NASHVILLE

2 DRUPAL CAMP NASHVILLE 2018 DDos attack victim? Prevention is better than cure.

3 DDos attack victim? Prevention is better than cure.
Sugandh Khanna Srijan, INDIA Drupal CON NASHVILLE March 2018

4 AGENDA Distributed denial of service (DDoS) attack - THREAT to Drupal.
What is Distributed denial of service (DDoS) attack? History of DDos attack DDos tool - LOIC Live demonstration Impacts of DDoS Attacks on Your Business Drupal Optimization for DDOS

5 Have you ever experienced:
your website disappears off the Internet? A sudden heavy traffic on your website that makes your website go down?

6 Well, Hold your breath! you may have become the victim of a distributed denial of service (DDoS) attack.

7 A website company faced an issue:
A site where the bots continually hit the user/register and user/password pages. At its height the site was getting bot hits a minute. It is a pain. If company did not allow people to open accounts the problem would not be significant.

8 What is distributed denial of service (DDoS) attack?

9 What is DOS Attack ? Before proceeding , those who are not aware of the term DOS (Denial of Service Attack), this paragraph is for you : DOS (Denial of Service) is an attack performed on computer or network that reduces, restricts or prevents accessibility os system resources to legitimate users. In simple terms, Attacker floods the victim system with malicious traffic to overload its resources. DOS attack can do temporary or permanent damage to a website. I can also slows down network performance.

10 In simple words…. bombarding an IP address with large amounts of traffic.

11 The principle is the same, but the malicious traffic is generated from multiple sources -- although orchestrated from one central point. The fact that the traffic sources are distributed -- often throughout the world -- makes a DDoS attack much harder to block than one originating from a single IP address.

12 You are not alone!

13 History of DDOS attack The first-ever DoS attack occurred in 1974 courtesy of David Dennis—a 13-year-old student One of the first large-scale DDoS attacks occurred in August 1999, when a hacker used a tool called “Trinoo” to disable the University of Minnesota’s computer network for more than two days. 2016 brought a long-feared DDoS threat to fruition: cyber- attacks were launched from multiple connected devices turned into botnets. High profile victims of DDoS attacks in 2015 included organizations as diverse as cloud hosting company Linode, games company Valve, Microsoft's Xbox Live network, the BBC, Rutgers University and even the Internet's DNS root servers.

14 DDoS Attack tool: LOIC Low Orbit Ion Cannon is an open source network stress testing and denial-of- service attack application, written in C#.

15

16

17

18

19 Impacts of DDoS Attacks on Your Business

20 Impacts of DDoS Attacks on Your Business
Revenue losses Downtime affects your bottom line. Based on industry surveys, the average cost of downtime is $5,600/minute, or over $300K/hour. Productivity Loss When critical network systems are shut down, your workforce’s productivity comes to a halt.

21 Impacts of DDoS Attacks on Your Business
Reputation Damage Your brand suffers if customers can’t access your site or become casualties of a data breach. Theft Attacks are becoming more advanced and now include stolen funds, customer data, and intellectual property.

22 What is the best way to protect a website from distributed denial-of-service attacks?

23 Drupal Optimization for DDos attack

24 Drupal Optimization for DDos
Make sure page caching is enabled, check the settings at admin/config/development/performance Another additional idea is to use a CDN such as cloudflare (they have a free plan) that will server whatever it can from cache without hitting your server.

25 Drupal Optimization for DDos
Boost is good. Boost provides static page caching for Drupal enabling a very significant performance and scalability boost for sites that receive mostly anonymous traffic. For shared hosting this is your best option in terms of improving performance. On dedicated servers, you may want to consider Varnish instead.

26 Drupal Optimization for DDos
Honeypot is awesome. Honeypot uses both the honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site (read more here). These methods are effective against many spam bots, and are not as intrusive as CAPTCHAs or other methods which punish the user [YouTube].

27 Drupal Optimization for DDos
Ban IP addresses from where the attacks are coming from.

28 Drupal Optimization for DDos
Bandwidth Oversubscription - This one is fairly straightforward. As you grow larger, your bandwidth costs drop. Generally large organizations will lease a significantly larger capacity than they need to account for growth and DDoS attacks. If an attacker is unable to muster enough traffic to overwhelm this, a volumetric attack is generally ineffective.

29 Drupal Optimization for DDos
Automated Mitigation - Many tools will monitor netflow data from routers and other data sources to determine a baseline for traffic. If traffic patterns step out of these zones, DDoS mitigation tools can attract the traffic to them using BGP or other mechanisms and filter out noise. They then pass the clean traffic further into the network. These tools can generally detect both volumetric attacks, and more insidious attacks such as slowloris.

30 Drupal Optimization for DDos
Upstream Blackholing - There are ways to filter UDP traffic using router blackholing. I've seen situations where a business has no need to receive UDP traffic (i.e. NTP and DNS) to their infrastructure, so they have their transit providers blackhole all of this traffic. The largest volumetric attacks out there are generally reflected NTP or DNS amplification attacks.

31 Drupal Optimization for DDos
Third Party Provider - Even many fairly large organizations fear that monster 300 Gbps attack. They often implement either a DNS-based redirect service or a BGP-based service to protect them in case they suffer a sustained attack. I would say CDN providers also fall under this umbrella, since they can help an organization stay online during an attack.

32 Drupal Optimization for DDos
System Hardening - You can often configure both your operating system and your applications to be more resilient to application layer DDoS attacks. Things such as ensuring enough inodes on your Linux server to configuring the right number of Apache worker threads can help make it harder for an attacker to take down your service.

33 DDos - Prevention is better than cure.
Any questions?

Download ppt "DRUPAL CON NASHVIllE 2018 DRUPALCON NASHVILLE."

Similar presentations

© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.

© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Distributed Denial of Service Attacks Dennis Galinsky, Brandon Mikelaitis, Michael Stanley Brandon Williams, Ryan Williams.

Distributed Denial of Service Attacks Dennis Galinsky, Brandon Mikelaitis, Michael Stanley Brandon Williams, Ryan Williams.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.

Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
Akamai Technologies - Overview RSA ® Conference 2013.

Akamai Technologies - Overview RSA ® Conference 2013.
--Harish Reddy Vemula Distributed Denial of Service.

--Harish Reddy Vemula Distributed Denial of Service.
Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.

Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.
DDOS. Methods – Syn flood – Icmp flood – udp Common amplification vectors – NTP 557 – CharGen 359 – DNS 179 – QOTD 140 – Quake 64 – SSDP 31 – Portmap28.

DDOS. Methods – Syn flood – Icmp flood – udp Common amplification vectors – NTP 557 – CharGen 359 – DNS 179 – QOTD 140 – Quake 64 – SSDP 31 – Portmap28.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.

Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.

Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.

Similar presentations

Ads by Google