Presentation is loading. Please wait.

Presentation is loading. Please wait.

Effects of DoS.

Published byMark Merritt Modified over 6 years ago

Similar presentations

Presentation on theme: "Effects of DoS."— Presentation transcript:

1 Effects of DoS

2 Motivations Bragging rights Disputes Lolz Protest Political Hactivism
Monetary Ransom Competition Delivery vector Data Theft Virus/Malware DoS attacks started as a way to lash out over the internet, spiteful torrents of traffic sent to establish dominance, to settle disputes, or for a vandals thrill. *Some attackers combines their efforts into a common purpose, using Denial of Service attacks as a message to further their political goals. *Others organize for financial gain, disrupting a business until a ransom is paid, or gaining profits from the disruptions of a key rival. *Lately we’ve been seeing DoS attacks launched not for disruption, but for distraction. These attacks are used to disguise other malicious traffic, and to manipulate companies into changing their security position to expose the real target.

3 Network: Capacity High capacity infrastructure 10Gbps/100Gbps Moves the bottle neck Aggregation layer? Firewall? Server? Historically the approach to Denial of Service attacks has been to increase the capacity of the resource under attack. As infrastructure and attacks get more sophisticated, this defense is not always sufficient. Increasing the capacity in one area simply moves the bottleneck and where you are forced to expand again and again. Even with self scaling infrastructure, at some point there will be a resource that a limited scalability, even if this is your wallet.

4 Network: Tolerance Tolerance < Attack < Capacity remove service vendor blackhole Not all attacks saturate the overall capacity of the system. Within any system there is a point, below the capacity, where we are no longer willing to accept the risk of an ongoing attack. This may be an official figure, or determined in the moment. But once an attack crosses this tolerance threshold, if all other mitigation efforts have failed, the only option is to remove or suspend the target of the attack. Your service providers also have their own tolerance threshold, and if you don’t take action, at some point they will blackhole or suspend service to the target A common strategy of attackers is to hit with a quick burst of traffic, hoping to trigger a blackhole by the service provider in order to take the site down.

5 Network Effects: Collateral Damage
Bottleneck < Attack < Tolerance Slow ramping attacks Targeting specific resources Other attacks take advantage of bottlenecks in the infrastructure, attacking targets where the fail point may be below any thresholds in the hopes that these attacks will be more difficult to detect. Where these resources are shared the attack has the unintended effect of disruption other systems. Service providers are particularly sensitive to any collateral damage in their infrastructure, any resulting blackholes will be long lived.

6 Solution: Distributed Upstreams
Upstream diversity Multiple carriers redundancy capacity Quasi-distributed attacks single origin network traffic shaping Common practice, for those that can afford it, is to configure additional upstreams to add redundancy for coping with outages, and * capacity for withstanding attacks. * Efforts here can be undermined by attacks that originate predominantly from within a single network. * Similarly some networks engage in traffic shaping for performance or cost benefit purposes which ultimately increases the likelihood of an attack dominating a single entry point.

7 Solution: Distributed Networks
Diffuse collateral damage Vulnerable to targeted disruption of key services Distributed networks and cloud based solutions offer new challenges and opportunities for attack. Distributed networks diffuse the risk of collateral damage but can expose new attack surfaces. For example: if an attacker can disrupt your single sign-on service, any dependant services will likewise be disrupted.

8 Operations - Detection
Operations Team Detecting attacks Dealing with anomalies sudden popularity legitimate traffic bursts The other crucial component to your infrastructure is your operations team who operate and maintain these systems. Ideally these are the people who detect the attack (although some reports suggest that over 60% of attacks are reported by end users). Each member of the operations team has their own core competencies and primary focus. If these are not DoS attacks detecting the attacks can be challenging. For example, the following is a traffic graph that contains an attack. *but its not until we start looking at protocols instead of traffic that we see the attack *To further complicate matters, this is not an attack, this is traffic to a particular page of a gambling site during the world cup.

9 Operations Effects - Fatigue
DoS attacks cause stress interruption of duties customers demands management demands Creates openings for attack removing security bottlenecks Denial of Service attacks are stressful, your operations team has a primary focus, certain key duties, and, hopefully, pride in doing what they do well. During an attack they are not doing this. Customers will be calling looking for answers, complaints will be flooding their inboxes and message boards. Inevitably someone very important will call in on an emergency line and demand that you do whatever it takes to get things back up now, and inform you how much money the company looses by the second. This leads to poor choices. Operations teams will be tempted to remove the bottleneck in order to try to restore service. Often this bottleneck is a firewall or other security appliance build to thwart intrusion attempts which cannot withstand the constant barrage of a DoS attack. Once this appliance is removed, services resume, everyone is relieved until some time later when they discover the data theft that was hidden in the denial of service attack which was the real goal, and was just waiting for the security appliance to be removed.

10 There is no single solution for every attack blended defence of many layers Modern DoS attacks are a series of moves and countermoves responsive, experienced operations team There is no if you will be attacked, only a matter of when have a plan in place

11 One Solution One solution is to have a dedicated solution that exists separate from your core network. That contains its own security team, security appliances, and proxies to filter for all of your public communication back to your core network.

Download ppt "Effects of DoS."

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
The Business and Technology of Caching-based Services for State Education Networks Mike Lane Cacheflow, Inc. Phone (773) 383-9955.

The Business and Technology of Caching-based Services for State Education Networks Mike Lane Cacheflow, Inc. Phone (773)
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.

N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Page  1 SaaS – BUSINESS MODEL Debmalya Khan DEBMALYA KHAN.

Page  1 SaaS – BUSINESS MODEL Debmalya Khan DEBMALYA KHAN.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.

“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.
Introduction to Computer Ethics

Introduction to Computer Ethics
SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.

SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.
Akamai Technologies - Overview RSA ® Conference 2013.

Akamai Technologies - Overview RSA ® Conference 2013.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Penetration Test https://store.theartofservice.com/the-penetration-test-toolkit.html.

Penetration Test

Similar presentations

Ads by Google