Presentation is loading. Please wait.

Presentation is loading. Please wait.

Matt Sheely Devrin Lewis UC IT DDoS Prevention Research Project.

Published byApril Potter Modified over 9 years ago

Similar presentations

Presentation on theme: "Matt Sheely Devrin Lewis UC IT DDoS Prevention Research Project."— Presentation transcript:

1 Matt Sheely Devrin Lewis UC IT DDoS Prevention Research Project

2 Overview History Problem Statement Hardware/Software Requirements Design Protocol Demo Testing Risk Management Budget Conclusion

3 History UC IT Attack –Distributed Denial of Service (DDoS) –Crippled UC network –Problem compounded: Blackboard services Outcome –DDoS prevention architecture: NetZentry NetZentry no longer supported –Outdated definition files in use

4 Problem Statement Currently, the UC IT department is looking for a new, non service based DDoS prevention architecture, either a hardware or software implementation, which performs to and/or exceeds the existing DDoS prevention architecture NetZentry.

5 Hardware/Software Requirements Vendor Supplied DDoS hardware –IntruGuard IG2000 (fiber) –Radware DefensePro x20 –Radware Absolute Insite ManagePro Cisco Catalyst 6500 Router Cisco 3750G PoE switch Radware Raptor Attack Tool Windows Server 2003 Machine (Management Console) Test Laptops

6 Design Protocol

7 Demo

8 Testing Weighted Value Chart Test StageMultiplier ValueDescription of Multiplier Value Configuration Testing 1.667Configuration testing was deemed lowest importance and will be used in case of a tie between vendor hardware. Baseline Testing 5.000Baseline testing was deemed highest importance in order to maintain legitimate network connectivity. Attack Testing 3.333Attack testing was deemed the second highest importance in order to maintain legitimate network connectivity.

9 Configuration Results ParametersPoor (1) Average (2) Excellent (3) Difficulty of Vendor Supplied Documentation x User Interfaces for Management x Vendor Availability x Overall configuration x ParametersPoor (1) Average (2) Excellent (3) Difficulty of Vendor Supplied Documentation x User Interfaces for Management x Vendor Availability x Overall configuration x Radware IntruGuard

10 Baseline Results ParameterVendorBlocks legitimate traffic (0) Fairly certain blocks legitimate traffic (1) Equal to be blocking as not blocking legitimate traffic (2) Fairly certain does not block legitimate traffic (3) Does not block legitimate traffic (6) Certainty of legitimate traffic not being blocked Radware x IntruGuard x

11 Attack Results Attack TypePass (1) Failed (0) RadwareIntruGuard Single Source, Non-spoofed TCP SYN Attack(21/04/09 14:36/12:18) 11 Single Source, Non- spoofed TCP RST Attack(21/04/09 14:46/12:27) 11 Multi-source, Spoofed TCP SYN attack (22/04/09 1:14)0 (1)1 Multi-source, Spoofed TCP RST attack (22/04/09 1:37)11 Single source, Non-spoofed UDP data flood (22/04/09 1:48)11 Single source, Non-spoofed UDP RTP flood (22/04/09 2:00)(ICMP 8) 11 Multi-source, Spoofed UDP Data flood (22/04/09 2:14)11 Multi-source, Spoofed UDP RTP flood (22/04/09 2:24)(ICMP 8) 11 Single source Non-spoofed ICMP echo request (27/04/09 1:20) (ICMP 8) 11 Single source Non-spoofed ICMP timestamp flood (27/04/09 1:20)(ICMP 8) 11 Multi-source Spoofed ICMP echo request (27/04 2:00)(ICMP 8) 11 Multi-source Spoofed ICMP timestamp flood (27/04 1:20)(ICMP 8) 11 Total attack testing score:1112

12 Risk Management RiskRisk LevelMitigation Vendor hardware delay and/ hardware failureHigh Maintain contact with vendors in order to anticipate hardware delay, and then have alternative procedures in order to maintain test schedule Vendor decision to withdraw from project. High Retain project with updated scope to compare two vendor hardware setups instead of three Test lab configurationModerate Run preliminary DDoS test on test network before beginning trial tests of hardware Test lab softwareModerate Back up plans for test software including vendor supplied testing software Lab hardware failureModerate Spare parts on hand to replace faulty hardware components. Over extending timelineModerate Develop multiple plans based on 3 or 4 week testing

13 Budget ProductRetail CostOur CostProvider Lab Resources Two Laptop Computers$2100 + (2*$900) = $3900$2,100UC Lab/Personal Radware Raptor Attack Tool00Vendor Cisco 3750G PoE Switch$5,049.000UC Network Operations Cabling$1.04 x 250ft = $2600UC Lab Vendor Hardware~$20,0000Vendor Visio$559.950MSDN Office 2007$164.94$10Student Book Store Windows Server 2K3 Machine$500.000UC Network Operations Labor$40 per hour0 Research hours30h x 2 = 60h0 Hardware installation5h x 3 x 2 = 30h0 Initial Lab setup10h x 2 = 20h0 DDoS Testing5h x 3 x 2 = 30h0 Recommedation report10h x 2 = 20h0 Total hours160h0 Labor costs160h x $40 = $64000 Total cost~$36,833.89$2,110

14 Conclusion TestRadware/IntruGuardMultiplierWeighted Total Configuration9/91.66715.003/15.003 Baseline3/12515/36 Attack11/123.33336.63/39.96 Complete Total 66.633/90.963 The IntruGuard IG2000 receives the recommendation to UCit based on the results of the test parameters as well as the fact that the Radware DefensePro requirement of downgrading to Java Run Time Environment 5.5 could be prohibitive to UCit.

15 Questions?

16

17

18 Configuration Screens

19

20

21 User Profile Network Administrator –Advanced network and security knowledge –Extensive knowledge of current UC network –Strong troubleshooting skills

22 Deliverables Installation and configuration process Documentation of configuration Analysis and performance report Recommendation report

23 For Vendor Responses refer to appropriate attached word documents: Radware_Response IntruGuard_Response

Download ppt "Matt Sheely Devrin Lewis UC IT DDoS Prevention Research Project."

Similar presentations

International Academy Design and Technology Technology Classes.

International Academy Design and Technology Technology Classes.
Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.

Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
9.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 9: Installing and Configuring.

9.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 9: Installing and Configuring.
11 ADMINISTERING MICROSOFT WINDOWS SERVER 2003 Chapter 2.

11 ADMINISTERING MICROSOFT WINDOWS SERVER 2003 Chapter 2.
Lesson 1: Configuring Network Load Balancing

Lesson 1: Configuring Network Load Balancing
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Mr. Mark Welton.  Good documentation is key in a network design  Well-written documentation saves both time and money  Makes troubleshooting issues.

Mr. Mark Welton.  Good documentation is key in a network design  Well-written documentation saves both time and money  Makes troubleshooting issues.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
Final Design and Implementation

Final Design and Implementation
Duties of a system administrator. A system administrator's responsibilities typically include:

Duties of a system administrator. A system administrator's responsibilities typically include:
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Similar presentations

Ads by Google