DENIAL OF SERVICE VIA INTERNET OF THINGS DEVICES: ATTACK METHODOLOGIES AND MITIGATION TECHNIQUES
|
|
- Muriel James
- 5 years ago
- Views:
Transcription
1 DENIAL OF SERVICE VIA INTERNET OF THINGS DEVICES: ATTACK METHODOLOGIES AND MITIGATION TECHNIQUES by RICHARD ROE Advisor Dr. Joshua Eckroth A senior research proposal submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in the Department of Mathematics and Computer Science in the College of Arts and Science at Stetson University DeLand, Florida Fall Term 2016 i
2 TABLE OF CONTENTS TABLE OF CONTENTS ii LIST OF FIGURES... iii ABSTRACT Introduction 2 2. Related Work. 4 2a. Attack Techniques. 5 2b. Mitigation Technologies 6 3. Proposed Work Initial Results Future Work Conclusion REFERENCES ii
3 LIST OF FIGURES Figure 1: Denial of Service Attack using Commodity Hardware.. 3 Figure 1: Denial of Service Attack using IoT Devices.. 4 Figure 3: Visualization of Probabilistic Models Figure 4: Density Plot of Service Response Time Figure 5: Comparison of Service Distributions iii
4 ABSTRACT The purpose of this research is to compare the effectiveness of traditional Denial of Service (DoS) attack vectors to a new attack method that is specifically designed for use in devices that have limited resources, such as Internet of Things (IoT) devices. New mitigation techniques will also be explored to help prevent, or reduce the effectiveness of, these attacks. While classical DoS attacks generally require both a large source of computing power and a specially crafted payload to be able to efficiently render the target machine or service inoperable, this research will focus on utilizing an attack that uses a generalized payload that targets a wide variety of internet services, and uses as little resources as possible. We will port the attack to common DoS utilities, as well as to a powerful IoT worm, so that the original tools attack methods can be compared to the new attack s effectiveness and resource consumption. Once done, they will again be compared, but when attacking new mitigation techniques specifically designed to thwart both these and other attacks of their class. The results of this research can be applied to helping defend internet-facing web services from attack in both the public and private sector, because a free and open local proxy is cheaper and easier to setup than an online, paid, cloud solution. We aim to study the effectiveness of different denial of service attacks, and to develop a mitigation solution that can help to prevent these attacks in a way that does not affect the performance of the target when under normal usage. 1
5 1. Introduction Traditional Distributed Denial of Service (DDoS) attacks rely on a malicious user having control of enough devices to be effective. This user can infect, either manually through the usage of some specially crafted malware or virus software, or through the victim computer s owner knowingly surrendering control of their machine over to the attacker, to create what is known as a botnet. A botnet is a collection of internet connected computers that an attacker uses to distribute the attack in effort to amplify their computing power and increases the effectiveness of DoS attacks. Recently, security researchers have applied a higher level of scrutiny on IoT devices and their relation to DDoS attacks due to the powerful attacks leveraged by the Mirai worm [1]. Today s prevalence of IoT enabled devices creates an interesting opportunity for internet users with malicious intent. IoT devices can easily be infected by discovering the default login information for each device manufacture. Once infected, the device can infect other machines as well as become part of a botnet of devices with limited resources, as with the Mirai worm [2]. Other botnets, such as the Low Orbital Ion Cannon (LOIC) [3], utilize commodity hardware like laptops and low-end desktops for their attacks, as shown in the figure below. We will include tools of this nature in our study as well. 2
6 Figure 1: Denial of Service Attack using Commodity Hardware Our novel attack method is specifically design for systems with limited memory and processing resources, like mobile hardware and microcomputers. By researching similar attack methods, a new payload and methodology was crafted that can achieve very high levels of effectiveness while utilizing relatively little memory while working within the bounds of the processing power of the device that the attack is running on. This makes performing an attack with IoT devices (as shown below) more effective, as it can be more effective, even given each device s limited resources. This attack will be ported to the Mirai worm, and to the LOIC. To compare the effectiveness of the attack, both the original and new versions of both tools will attack a virtual network running a basic web service, and we will measure the average response time and overall durability of the service. Once completed, work will be done in implementing new mitigation techniques in the form of a local TCP reverse proxy that acts as a protective layer over the target service, and will utilize probabilistic models to control connection between the 3
7 clients and the target system. Once these systems are developed, the virtual system will be tested again as before, but this time with the different mitigation services in place, to measure the effectiveness of each at reducing the potency of each attack. Figure 2: Denial of Service Attack using IoT Devices 2. Related Work DoS attacks, and their mitigation technologies, have been around for many years. However, new attacks like the one used in this research project, have only recently been discovered, and as such can thwart many of the existing popular mitigation technologies. In this section, we will first discuss many popular attack methodologies in a similar class to this attack, and then popular existing mitigation technologies. 4
8 2a. Attack Techniques Slowloris Attack Developed by Robert RSnake Hansen, this attack utilizes sending partial HTTP/S GET requests to a target machine to render web services inoperable while using minimal bandwidth. More specifically, the Slowloris attack attempts to keep as many concurrent HTTP/S connections open as possible so that the connection queue on the target device fills up and cannot accept new connections. This is done by establishing a valid HTTP/S connection, and sending partial or incomplete headers in the request. By never completing the actual GET request s handshake, the server is forced to hold the connection open for a very long time [4]. SlowDroid Developed by researchers for the IEIIT Institute of the National Research Council of Italy, SlowDroid is an android application that makes use of a similar attack to the Slowloris method. However, unlike the Slowloris attack, SlowDroid is not bound to a single protocol; by establishing a connection and instead sending single bytes of what accounts to an empty whitespace string (Unicode U+0020, ANSI number 32), SlowDroid can target a wider variety of protocols than just HTTP/S. SlowDroid s methodology also differs from the Slowloris attack in that it only sends a single byte at a time this still resets the server s timeout for the connection, while also reducing the overall bandwidth necessary to perform the attack [5]. Our Attack Originally developed as an android application but since ported to Rust, Go, the.net platform, and the Erlang BEAM VM, this attack takes a similar approach to the SlowDroid application s attack technique. However, instead of establishing a connection and sending empty 5
9 character bytes, our attack focuses on analyzing the response of each iterative step of the protocol s handshake. When attacking an encrypted protocol like SSH, the handshake must provide a legitimate SSH version to continue the handshake transaction. To account for this, the attack has valid information that it may return if it needs real information, otherwise it transmits a random byte. This allows handshake timeouts to be extended much longer than what can be achieved from the SlowDroid attack, and still works using minimal resources. 2b. Mitigation Technologies Cloudflare Cloudflare is a Content Delivery Network (CDN) that functions as a service for websites to deliver content to users and protect websites from Denial of Service attacks. Cloudflare is a proprietary system that works by acting as a middle layer between a client and a server. Cloudflare load balances traffic to the server by redirecting requests to different data centers based on location, and then analyzes incoming traffic identifying attributes like the client s physical IP address, the resource a client is requesting, and the frequency of requests made [6]. Independent analysis of web traffic to a web service hosted behind Cloudflare shows that Cloudflare also applies a singular timeout time to all connections, instead of a variable one based on web traffic. Cloudflare is limited in scope to only support HTTP/S traffic. The primary drawback to using Cloudflare to mitigate DDoS attacks is that the application server is only hidden behind a protective layer, but the service itself has no defense mechanism. If an attacker can discern the IP address of the application server instead of the address that routes traffic through Cloudflare, then the target is vulnerable to being attacked directly. This completely bypasses the protection offered by Cloudflare. 6
10 Apache ModQoS Apache ModQoS is a quality of service module for the Apache HTTP web server. This module grants the server administrator control mechanisms that allow for configuring rules that grant different priority to different types of web requests. It can be used to reject requests based on several factors, including concurrent connections and timeout time for reading requests. By configuring the module to not establish multiple requests from a single IP address, and lowering the overall timeout for HTTP handshakes, this module severely limits the attack potency of the Slowloris attack, and other more classical DoS attacks [7]. ModQoS can be bypassed with ease by an attacker if the traffic is distributed, or appears to be distributed. By anonymizing web traffic using proxies or Tor, traffic coming from a single address can be made to seem as if it is coming from many, which defeats the ability to block multiple concurrent connections from a single address. An attacker can also utilize a botnet to bypass the same defense mechanism. 3. Proposed Work Our proposed research is twofold we propose to compare existing implementations of DoS attacks in two popular utilities, and to compare those same attacks effectiveness when attacking the same service protected with new mitigation systems. For the initial research, our new DoS technique will be ported to the Mirai worm, which will be written in C, as well as the LOIC, which is written in C#. Both these new variants, and their original implementations, will target a virtual web service specifically, they will be attacking an Apache web server running in a Virtual Machine on Ubuntu. The state of the Virtual machine will be saved and replicated before each test to ensure that the system is the same before each test. As the web is subjected to 7
11 the attack, average response for normal web traffic will be recorded over time, until the system is no longer responsive. This will allow us to see how each attack affects both the responsiveness of the service, as well as to determine which attack is best at bringing the targeted system offline. The second stage will compare mitigation techniques. Using different probabilistic models, shown below, a reverse proxy will be implemented that closes connections based on a timeout determined by the given models. The reverse proxy will support five separate configurations, one for each model. As it establishes connections with clients, the system will begin closing connections based on the probability given by the. All initial responses at time = 0 will never be closed to ensure all connections can complete their handshakes if the initial connection provides the full request headers. The initial tests with the attack vectors will be replicated, but this time targeting the reverse proxy. The same criteria will be measured to determine each model s effectiveness at mitigating the attacks. Figure 3: Visualization of Probabilistic Models 8
12 4. Initial Results We developed an initial HTTP reverse proxy in the Rust language as a proof of concept. This system uses a concurrency model to be able to handle multiple HTTP handshakes in parallel, and proxy the connection to a local web server when the handshake is complete. The only function of the proxy is to wait until an HTTP handshakes is completed, proxy the request to a local webserver, and serve the response to the client. To gather data, we ran an Apache server locally on port 80 serving up a static HTML page that is 151 bytes in size. The developed proxy was also launched on port 88. We then created a script that requests the webpage from a specified source 250 times via the HTTP GET method, and records the roundtrip time for each request. This script was first configured to query the Apache webserver directly, and then performed the same test against the proxy. The response times of the two services, shown in the figure below, were very different. The Apache server had a mean response time of milliseconds, while the reverse proxy s response times had a mean of milliseconds. To test whether the distribution of the services response times have a normal distribution, we performed Shapiro-Wilk normality tests on their results, with a null hypothesis that states that the response times are normally distributed. Apache s distribution tested with a p-value of p = 2.2 * 10-16, which indicates that we must reject the null hypothesis that the distribution is normal. The proxy tested with the same p-value, p = 2.2 * While the response times were all much higher than Apache s, the proxy still ultimately routes web traffic to the Apache server. Given the same amount of computational overhead from the proxy per request, the distribution can be attributed to Apache itself, which helps to explain why the distributions are so similar. While the distributions themselves are not normal, they are consistent in distribution when compared to each other, shown in a side by side 9
13 comparison of the distributions below. When performing tests during the proposed research, the only significant difference to observe will be the relatively large overhead incurred by the proxy. We believe that this is due to poorly optimized code in the proxy. While the performance will be improved before further testing, there will be some form of difference in performance and quality of service for users that must be noted. Figure 4: Density Plot of Service Response Time 10
14 Figure 5: Comparison of Service Distributions 5. Future Work After this research is completed, we will have identified the efficiency of each different attack, as well as the effectiveness of our mitigation techniques in reducing each attack s potency. Because this reverse proxy will be focused on the HTTP handshake, future work may be done to compare each attack method s effectiveness against other common protocols like SSH, SMTP, and others, and the same mitigation philosophy could be applied to create similar systems to research effectiveness in protecting each protocol from such attacks. This research would also be interesting to view when applied to an entire network routing solution as opposed to a local reverse proxy. For example, if an Internet Service Provider were to automatically utilize an effective mitigation model and apply it to all their inbound internet requests, provided the models are effective at reducing the power of the attacks, what would the difference between the systems be when under attack? 11
15 6. Conclusion This research will focus primarily on the performance of a reverse proxy and its effectiveness in mitigating DoS attacks. To analyze its effectiveness, we will be comparing common DoS utilities to a new, novel attack method, and will determine the performance impact and overall stability of a vanilla system versus a system running behind the proxy. A proof of concept proxy has already been developed and has been tested to show that, while it maintains constant performance, it is much slower than a normal web service. Further optimizations will be done to help lower the overall request time to help lower the time difference between services. Testing will also be done on comparing the effectiveness of popular attack methods to the new method, and will focus on both the speed at which the attacks can bring a system to a halt, and the amount of resources needed to do so. We will be porting this attack to common DoS utilities including the Low Orbital Ion Cannon, and the Mirai worm, to focus on running attacks from systems with very limited memory and performance. 12
16 REFERENCES [1] Goodin D., Record-breaking DDoS Reportedly Delivered By >145k Hacked Cameras [Online]. Available: [Accessed ] [2] Prabhu, Hacker Release Source Code of Mirai DDOS Trojan [Online]. Available: [Accessed ] [3] Warren, How Operation Payback Executes Its Attacks [Online]. Available: [Accessed ] [4] Hansen, Slowloris HTTP DoS [Online]. Available: [Accessed ] [5] Cambiaso E., Papaleo G., and Aiello M., SlowDroid: Turning a Smartphone into a Mobile Attack Vector in 2014 International Conference on Future Internet of Things and Cloud (FiCloud). [6] Lai A., How Does Cloudflare Work? [Online]. Available: [Accessed ] [7] Unknown, How to Mitigate Slowloris Attacks [Online]. Available: gateslowlorisattacks-modqos [Accessed ] 13
ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationMobile LOIC Counter Measures
Technical Security Note Mobile LOIC Counter Measures North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International Radware Ltd. 22 Raoul Wallenberg St. Tel Aviv
More informationIntroduction to Security. Computer Networks Term A15
Introduction to Security Computer Networks Term A15 Intro to Security Outline Network Security Malware Spyware, viruses, worms and trojan horses, botnets Denial of Service and Distributed DOS Attacks Packet
More informationDDoS: Coordinated Attacks Analysis
DDoS: Coordinated Attacks Analysis This article will cover some concepts about a well-known attack named DDoS (Distributed Denial-of-Service) with some lab demonstrations as a Proof of Concept with countermeasures.
More informationChapter 10: Denial-of-Services
Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different
More informationSam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF
Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF Who am I? Sam Pickles Senior Engineer for F5 Networks WAF Specialist and general security type Why am I here? We get to see the pointy end of a lot of
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationLecture 12. Application Layer. Application Layer 1
Lecture 12 Application Layer Application Layer 1 Agenda The Application Layer (continue) Web and HTTP HTTP Cookies Web Caches Simple Introduction to Network Security Various actions by network attackers
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 1 1ST QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2017 4 DDoS
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More informationCapability Analysis of Internet of Things (IoT) Devices in Botnets & Implications for Cyber Security Risk Assessment Processes (Part One)
Capability Analysis of Internet of Things (IoT) Devices in Botnets & Implications for Cyber Security Risk Assessment Processes (Part One) Presented by: Andrew Schmitt Theresa Chasar Mangaya Sivagnanam
More informationCloudflare Advanced DDoS Protection
Cloudflare Advanced DDoS Protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
Comparison of Firewall, Intrusion Prevention and Antivirus Technologies (How each protects the network) Dr. Gaurav Kumar Jain Email: gaurav.rinkujain.jain@gmail.com Mr. Pradeep Sharma Mukul Verma Abstract
More informationNetwork Security Fundamentals
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 5 Viruses & Worms, Botnets, Today s Threats Viruses
More informationSecuring Your Business Against the Diversifying Targeted Attacks Leonard Sim
Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim Manager, Client & Partner Services, Asia 1 Agenda 2010 Threats Targeted Attacks Defense Against Targeted Attacks Questions 2
More informationCourse 831 EC-Council Certified Ethical Hacker v10 (CEH)
Course 831 EC-Council Certified Ethical Hacker v10 (CEH) Duration: 5 days What You Get: CEH v10 Certification exam voucher 5 days of high quality classroom training 18 comprehensive modules 40% of class
More informationINF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015
INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationDoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors
DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors 1 Table of Content Preamble...3 About Radware s DefensePro... 3 About Radware s Emergency Response Team
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationMITIGATING DENIAL OF SERVICE ATTACKS IN OLSR PROTOCOL USING FICTITIOUS NODES
MITIGATING DENIAL OF SERVICE ATTACKS IN OLSR PROTOCOL USING FICTITIOUS NODES 1 Kalavathy.D, 2 A Gowthami, 1 PG Scholar, Dept Of CSE, Salem college of engineering and technology, 2 Asst Prof, Dept Of CSE,
More informationDenial of Service (DoS)
Flood Denial of Service (DoS) Comp Sci 3600 Security Outline Flood 1 2 3 4 5 Flood 6 7 8 Denial-of-Service (DoS) Attack Flood The NIST Computer Security Incident Handling Guide defines a DoS attack as:
More informationProtecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution
Protecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution Today's security threats increasingly involve application-layer DDoS attacks mounted by organized groups of attackers
More informationExam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo
Exam : JK0-015 Title : CompTIA E2C Security+ (2008 Edition) Exam Version : Demo 1.Which of the following logical access control methods would a security administrator need to modify in order to control
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks
ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks 2 WHAT IS A DDOS-ATTACK AND WHY ARE THEY DANGEROUS? Today's global network is a dynamically developing
More informationAugust 14th, 2018 PRESENTED BY:
August 14th, 2018 PRESENTED BY: APPLICATION LAYER ATTACKS 100% 80% 60% 40% 20% 0% DNS is the second most targeted protocol after HTTP. DNS DoS techniques range from: Flooding requests to a given host.
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationAKAMAI THREAT ADVISORY. Satori Mirai Variant Alert
AKAMAI THREAT ADVISORY Satori Mirai Variant Alert Version: V002 Date: December 6, 2017 1.0 / Summary / Akamai, along with industry peers, has identified an updated variant of Mirai (Satori) that has activated
More informationProxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking
NETWORK MANAGEMENT II Proxy Servers Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking resources from the other
More informationCEH: CERTIFIED ETHICAL HACKER v9
CEH: CERTIFIED ETHICAL HACKER v9 SUMMARY The Certified Ethical Hacker (CEH) program is the core of the most desired information security training system any information security professional will ever
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationGuide to DDoS Attacks November 2017
This Multi-State Information Sharing and Analysis Center (MS-ISAC) document is a guide to aid partners in their remediation efforts of Distributed Denial of Service (DDoS) attacks. This guide is not inclusive
More informationEnterprise D/DoS Mitigation Solution offering
Enterprise D/DoS Mitigation Solution offering About the Domain TCS Enterprise Security and Risk Management (ESRM) offers full services play in security with integrated security solutions. ESRM s solution
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationFor example, if a message is both a virus and spam, the message is categorized as a virus as virus is higher in precedence than spam.
About Anti-Spam NOTE: Anti-Spam is a separate, licensed feature that provides a quick, efficient, and effective way to add anti-spam, anti-phishing, and anti-virus capabilities to your existing firewall.
More informationPotential Threats to Mobile Network Security
Potential Threats to Mobile Network Security (Can WAP virus infect the mobile phones?) BY K.NAGA MOHINI and P.RAMYA IV Btech (CSE) mohini.cse521@gmail.com IV Btech (CSE) ramya_pragada@yahoo.com COMPUTER
More informationThe Barracuda Web Application Firewall Versus Anonymous. Best Practices for Planning and Defending Against Attacks by Anonymous.
The Barracuda Web Application Firewall Versus Anonymous Best Practices for Planning and Defending Against Attacks by Anonymous White Paper The security analysts at Barracuda Central have been continuously
More informationThe Barracuda Web Application Firewall Versus Anonymous. Best Practices for Planning and Defending Against Attacks by Anonymous.
The Barracuda Web Application Firewall Versus Anonymous Best Practices for Planning and Defending Against Attacks by Anonymous White Paper The security analysts at Barracuda Central have been continuously
More informationImma Chargin Mah Lazer
Imma Chargin Mah Lazer How to protect against (D)DoS attacks Oliver Matula omatula@ernw.de #2 Denial of Service (DoS) Outline Why is (D)DoS protection important? Infamous attacks of the past What types
More informationCISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks
CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of
More informationDenial of Service. Denial of Service. A metaphor: Denial-of-Dinner Attack. DDoS over the years. Ozalp Babaoglu
Denial of Service Denial of Service Ozalp Babaoglu Availability refers to the ability to use a desired information resource or service A Denial of Service attack is an attempt to make that information
More informationCertified Ethical Hacker (CEH)
Certified Ethical Hacker (CEH) COURSE OVERVIEW: The most effective cybersecurity professionals are able to predict attacks before they happen. Training in Ethical Hacking provides professionals with the
More informationWHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks
WHITE PAPER 2017 DDoS of Things SURVIVAL GUIDE Proven DDoS Defense in the New Era of 1 Tbps Attacks Table of Contents Cyclical Threat Trends...3 Where Threat Actors Target Your Business...4 Network Layer
More informationEE 122: Network Security
Motivation EE 122: Network Security Kevin Lai December 2, 2002 Internet currently used for important services - financial transactions, medical records Could be used in the future for critical services
More informationIN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF ALASKA. No. ) ) ) ) ) ) ) ) ) ) ) INFORMATION
BRYAN D. SCHRODER United States Attorney ADAM ALEXANDER Assistant U.S. Attorney Federal Building & U.S. Courthouse 222 West 7th Ave., #9, Rm. 253 Anchorage, AK 99513-7567 Phone: 907-271-5071 Email: adam.alexander@usdoj.gov
More informationDenial of Service. Denial of Service. A metaphor: Denial-of-Dinner Attack. DDoS over the years. Ozalp Babaoglu
Denial of Service Denial of Service Ozalp Babaoglu Availability refers to the ability to use a desired information resource or service A Denial of Service attack is an attempt to make that information
More informationMultipot: A More Potent Variant of Evil Twin
Multipot: A More Potent Variant of Evil Twin K. N. Gopinath Senior Wireless Security Researcher and Senior Engineering Manager AirTight Networks http://www.airtightnetworks.net Email: gopinath.kn@airtightnetworks.net
More informationMalware, , Database Security
Malware, E-mail, Database Security Malware A general term for all kinds of software with a malign purpose Viruses, Trojan horses, worms etc. Created on purpose Can Prevent correct use of resources (DoS)
More informationProtocol Layers, Security Sec: Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017
CSC 401 Data and Computer Communications Networks Protocol Layers, Security Sec:1.5-1.6 Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017 Outline Computer Networks and the Internet (Ch 1) 1.1
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationSecure web proxy resistant to probing attacks
Technical Disclosure Commons Defensive Publications Series December 04, 2017 Secure web proxy resistant to probing attacks Benjamin Schwartz Follow this and additional works at: http://www.tdcommons.org/dpubs_series
More informationSecurity Configuration Guide: Denial of Service Attack Prevention, Cisco IOS Release 15M&T
Security Configuration Guide: Denial of Service Attack Prevention, Cisco IOS Release 15M&T Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com
More informationHow to Choose a CDN. Improve Website Performance and User Experience. Imperva, Inc All Rights Reserved
How to Choose a CDN Improve Website Performance and User Experience Imperva, Inc. 2017 All Rights Reserved CONTENTS Introduction...3 How Does a CDN Work?...5 The Most Important Factors to Consider When
More information2020: Time to Shutdown DDoS?
2020: Time to Shutdown DDoS? Stefano Vissicchio University College London @ Cosener s July 6th, 2018 2020: Time to Shutdown DDoS? Stefano Vissicchio NOT a security expert @ Cosener s July 6th, 2018 Isn
More informationIntel Security Advanced Threat Defense Threat Detection Testing
Intel Security Advanced Threat Defense Threat Detection Testing DR150724C July 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 Products Tested... 4 3.0 How We Did It...
More informationEasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 18: Network Attacks Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Network attacks denial-of-service (DoS) attacks SYN
More informationAuthor: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0
Author: Tonny Rabjerg Version: 20150730 Company Presentation WSF 4.0 WSF 4.0 Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the
More informationDNS Authentication-as-a-Service Preventing Amplification Attacks
DNS Authentication-as-a-Service Preventing Amplification Attacks Amir Herzberg Bar-Ilan University Haya Shulman Technische Universität Darmstadt Denial of Service Attacks: Statistics Reported bandwidths
More informationHTTP/2 Cannon: Experimental analysis on HTTP/1 and HTTP/2 Request Flood DDoS Attacks
HTTP/2 Cannon: Experimental analysis on HTTP/1 and HTTP/2 Request Flood DDoS Attacks Beckett, D., & Sezer, S. (2017). HTTP/2 Cannon: Experimental analysis on HTTP/1 and HTTP/2 Request Flood DDoS Attacks.
More informationInternet2 DDoS Mitigation Update
Internet2 DDoS Mitigation Update Nick Lewis, Program Manager - Security and Identity, Internet2 Karl Newell, Cyberinfrastructure Security Engineer, Internet2 2016 Internet2 Let s start with questions!
More informationEC-Council C EH. Certified Ethical Hacker. Program Brochure
EC-Council TM H Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional will ever want to be in.
More informationIntroduction. The Safe-T Solution
Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationCSCE 463/612 Networks and Distributed Processing Spring 2018
CSCE 463/612 Networks and Distributed Processing Spring 2018 Application Layer IV Dmitri Loguinov Texas A&M University February 13, 2018 1 Chapter 2: Roadmap 2.1 Principles of network applications 2.2
More informationDDOS RESILIENCY SCORE (DRS) "An open standard for quantifying an Organization's resiliency to withstand DDoS attacks" Version July
DDOS RESILIENCY SCORE (DRS) "An open standard for quantifying an Organization's resiliency to withstand DDoS attacks" Version 1.01.01 17 July 2017... Text is available under the GNU Free Documentation
More informationDO NOT OPEN UNTIL INSTRUCTED
CS 378 - Network Security and Privacy Spring 2017 FINAL May 3, 2017 DO NOT OPEN UNTIL INSTRUCTED YOUR NAME: Collaboration policy No collaboration is permitted on this exam. Any cheating (e.g., submitting
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationManaging SonicWall Gateway Anti Virus Service
Managing SonicWall Gateway Anti Virus Service SonicWall Gateway Anti-Virus (GAV) delivers real-time virus protection directly on the SonicWall security appliance by using SonicWall s IPS-Deep Packet Inspection
More informationNETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.
NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING. The old mantra of trust but verify just is not working. Never trust and verify is how we must apply security in this era of sophisticated breaches.
More informationLow Rate DOS Attack Prevention
ISSN No: 2454-9614 Low Rate DOS Attack Prevention S. Kandasamy, N.P. Kaushik *, A. Karthikeyan, S. Aravindh Srira *Corresponding Author: S.Kandasamy E-mail: skandu23@gmail.com Department of Computer Science
More informationFast and Evasive Attacks: Highlighting the Challenges Ahead
Fast and Evasive Attacks: Highlighting the Challenges Ahead Moheeb Rajab, Fabian Monrose, and Andreas Terzis Computer Science Department Johns Hopkins University Outline Background Related Work Sampling
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationFighting the. Botnet Ecosystem. Renaud BIDOU. Page 1
Fighting the Botnet Ecosystem Renaud BIDOU Page 1 Bots, bots, bots Page 2 Botnet classification Internal Structure Command model Propagation mechanism 1. Monolithic Coherent, all features in one binary
More informationComputer Networking Introduction
Computer Networking Introduction Halgurd S. Maghdid Software Engineering Department Koya University-Koya, Kurdistan-Iraq Lecture No.3 Chapter 1: roadmap 1.1 what is the Internet? 1.2 network edge end systems,
More informationINSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic
Virus Protection & Content Filtering TECHNOLOGY BRIEF Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server Enhanced virus protection for Web and SMTP traffic INSIDE The need
More informationReview for Internet Introduction
Review for Internet Introduction What s the Internet: Two Views View 1: Nuts and Bolts View billions of connected hosts routers and switches protocols control sending, receiving of messages network of
More informationEC-Council C EH. Certified Ethical Hacker. Program Brochure
EC-Council TM C EH Program Brochure Target Audience This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationEvaluating the Security Risks of Static vs. Dynamic Websites
Evaluating the Security Risks of Static vs. Dynamic Websites Ballard Blair Comp 116: Introduction to Computer Security Professor Ming Chow December 13, 2017 Abstract This research paper aims to outline
More informationInternetwork Expert s CCNA Security Bootcamp. Common Security Threats
Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet
More informationFigure 1: Attempts for /ws/v1/cluster/apps/new-application
ERT Threat Alert DemonBot October 26, 2018 Abstract Radware s Threat Research Center is monitoring and tracking a malicious agent that is leveraging a Hadoop YARN unauthenticated remote command execution
More informationLecture 6: Worms, Viruses and DoS attacks. II. Relationships between Biological diseases and Computers Viruses/Worms
CS 4740/6740 Network Security Feb. 09, 2011 Lecturer: Ravi Sundaram I. Worms and Viruses Lecture 6: Worms, Viruses and DoS attacks 1. Worms They are self-spreading They enter mostly thru some security
More informationWHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY
WHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY Dave Dubois, Global Security Product Management Version: 1.0, Jan 2018 A Multi-Layer Approach
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationDoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action
DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action 1 Table of Content Preamble...3 About Radware s DefensePro... 3 About Radware s Emergency Response
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationR (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.
R (2) N (5) Oral (3) Total (10) Dated Sign Experiment No: 1 Problem Definition: Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. 1.1 Prerequisite:
More informationASA Access Control. Section 3
[ 39 ] CCNP Security Firewall 642-617 Quick Reference Section 3 ASA Access Control Now that you have connectivity to the ASA and have configured basic networking settings on the ASA, you can start to look
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More information86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013
Vulnerabilities help make Web application attacks amongst the leading causes of data breaches +7 Million Exploitable Vulnerabilities challenge organizations today 86% of websites has at least 1 vulnerability
More information