Understanding the Mirai Botnet
|
|
- Arline Short
- 6 years ago
- Views:
Transcription
1 Understanding the Mirai Botnet Manos Antonakakis, Tim April, Michael Bailey, Matthew Bernhard, Elie Bursztein Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi Michalis Kallitsis!, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou Akamai Technologies, Cloudflare, Georgia Institute of Technology, Google, Merit Network University of Illinois Urbana-Champaign, University of Michigan 1
2 Mirai 2
3 Growing IoT Threat Billion 2020 ~30 Billion 3
4 Research Goals Snapshot the IoT botnet phenomenon Reconcile a broad spectrum of botnet data perspectives Understand Mirai s mechanisms and motives 4
5 Lifecycle Attacker Send command Infrastructure Command & Control Report Server Dispatch Loader Relay Load Report Devices Scan Victim Bots Attack DDoS Target 5
6 Measurement Attacker Data Source Size Send command Network Telescope 4.7M unused IPs Infrastructure Command & Control Report Server Dispatch Loader Active Scanning Telnet Honeypots 136 IPv4 scans 434 binaries Relay Report Load Malware Repository 594 binaries Active/Passive DNS 499M daily RRs Devices Scan Victim C2 Milkers 64K issued attacks Bots Krebs DDoS Attack 170K attacker IPs Attack Dyn DDoS Attack 108K attacker IPS DDoS Target July February
7 What is the Mirai botnet? 7
8 Population # network telescope scans 700, , , , , , , /01/16 09/01/16 10/01/16 11/01/16 12/01/16 01/01/17 02/01/17 Date Total Mirai Scans 8
9 Rapid Emergence # network telescope scans 700, , , , , , ,000 0 # network telescope scans 140, , ,000 80,000 60,000 40, :42 AM Single Scanner :00 3:59 AM Botnet Expands 08/01 06:00 08/01 12:00 08/01/16 09/01/16 10/01/16 11/01/16 12/01/16 01/01/17 02/01/17 Date 08/01 18:00 23:59 PM 64,500 scanners 08/02 00:00 08/02 06:00 08/02 12:00 08/02 18:00 08/03 00:00 Total Mirai Scans Mirai TCP/23 scans Non-Mirai TCP/23 scans 08/03 06:00 08/03 12:00 08/03 18:00 Date 9
10 Many Ports of Entry 700,000 # network telescope scans 600, , , , , ,000 IoT Telnet TCP/2323 Total Mirai Scans TCP/23 TCP/ /01/16 09/01/16 10/01/16 11/01/16 12/01/16 01/01/17 02/01/17 Date 10
11 Many Ports of Entry 700,000 CWMP TCP/7547 # network telescope scans 600, , , , , , K peak Total Mirai Scans TCP/ /01/16 09/01/16 10/01/16 11/01/16 12/01/16 01/01/17 02/01/17 Date 11
12 Many Ports of Entry 700,000 CWMP TCP/7547 # network telescope scans 600, , , , , ,000 ~1 month = 6.7K Total Mirai Scans TCP/ /01/16 09/01/16 10/01/16 11/01/16 12/01/16 01/01/17 02/01/17 Date 12
13 Many Ports of Entry 700,000 # network telescope scans 600, , , , , ,000 Total Mirai Scans TCP/23231 TCP/22 TCP/2222 TCP/37777 TCP/443 TCP/5555 TCP/6789 TCP/8080 TCP/ /01/16 09/01/16 10/01/16 11/01/16 12/01/16 01/01/17 02/01/17 Date 9 Additional Protocols 13
14 200K-300K Mirai Bots 700,000 # network telescope scans 600, , , , , ,000 Steady state Total Mirai Scans TCP/23231 TCP/22 TCP/2222 TCP/37777 TCP/443 TCP/5555 TCP/6789 TCP/8080 TCP/80 TCP/23 TCP/2323 TCP/ /01/16 09/01/16 10/01/16 11/01/16 12/01/16 01/01/17 02/01/17 Date 14
15 Modest Mirai 700,000 # network telescope scans 600, , , , , ,000 Carna botnet Mirai botnet Total Mirai Scans 0 08/01/16 09/01/16 10/01/16 11/01/16 12/01/16 01/01/17 02/01/17 Date 15
16 Global Mirai Mirai TDSS/TDL4 South America + Southeast Asia = 50% of Infections North America + Europe = 94% of Infections 16
17 Cameras, DVRs, Routers Targeted Devices Source Code Password List Infected Devices HTTPS banners Device Type # Targeted Passwords Examples Device Type # HTTPS banners Camera / DVR 26 (57%) dreambox, Router 4 (9%) smcadmin, zte521 Printer 2 (4%) , 1111 VOIP Phone 1 (2%) Unknown 13 (28%) password, default Camera / DVR 36.8% Router 6.3% NAS 0.2% Firewall 0.1% Other 0.2% Unknown 56.4% 17
18 Who ran Mirai? 18
19 Divergent Evolution 48 unique password dictionaries Source code release 19
20 Divergent Evolution 48 unique password dictionaries Source code release 20
21 Divergent Evolution 48 unique password dictionaries Source code release Binary Packing DGA 21
22 How was Mirai used? 22
23 KrebsOnSecurity 23
24 Largest Reported DDoS 24
25 Dyn Attacker Motives It is possible, investigators say, that the attack on Dyn was conducted by a criminal group that wanted to extort the company. Or it could have been done by hacktivists. Or a foreign power that wanted to remind the United States of its vulnerability. 25
26 Dyn Attacker Motives It is possible, investigators say, that the attack on Dyn was conducted by a criminal group that wanted to extort the company. Or it could have been done by hacktivists. Or a foreign power that wanted to remind the United States of its vulnerability. Targeted IP rdns Passive DNS ns1.p05.dynect.net ns00.playstation.net Top targets are linked to Sony PlayStation ns2.p05.dynect.net ns01.playstation.net ns3.p05.dynect.net ns02.playstation.net ns4.p05.dynect.net ns03.playstation.net service.playstation.net ns05.playstation.net service.playstation.net ns06.playstation.net Attacks on Dyn interspersed among attacks on other game services 26
27 Booter-like Targets Games: Minecraft, Runescape, game commerce site Politics: Chinese political dissidents, regional Italian politician Anti-DDoS: DDoS protection service Misc: Russian cooking blog 27
28 Unconventional DDoS Behavior Arbor Networks global DDoS report 65% volumetric, 18% TCP state, 18% application attacks Mirai 33% volumetric, 32% TCP state, 34% application attacks Valve Source Engine game server attack Limited reflection/amplification 2.8% reflection attacks, compared to 74% for booters 28
29 Overview 200, ,000 globally distributed IoT devices compromised by default Telnet credentials Evidence of multiple operators releasing new strains of Mirai Mirai follows a booter-like pattern of behavior that is capable of launching some of the largest attacks on record 29
30 New Dog, Old Tricks 30
31 Security Hardening Username Password xc3511 vizxv admin admin admin xmhdipc default juantech support support (none) admin password user user admin (none) pass admin admin admin smcadmin Username Password admin password 1234 klv123 Administrator admin service service supervisor supervisor guest guest guest guest admin1 password administrator ubnt ubnt klv1234 Zte521 hi3518 jvbzd anko Username Password zlxx. 7ujMko0vizxv 7ujMko0admin system ikwb dreambox user realtek 0 admin admin 1234 admin admin admin admin 7ujMko0admin admin 1234 admin pass admin tech mother meinsm tech fucker 31
32 Automatic Updates # network telescope scans 700, , , , , , ,000 0 CWMP TCP/ /01/16 09/01/16 10/01/16 11/01/16 12/01/16 01/01/17 02/01/17 Date 600K peak CWMP TCP/7547 ~1 month = 6.7K Total Mirai Scans TCP/
33 Device Attribution 55.4M Scanning IP addresses 1.8M Protocol Banners 587K Identifying Labels 33
34 End-of-life Billion 2020 ~30 Billion 34
35 Understanding the Mirai Botnet Manos Antonakakis, Tim April, Michael Bailey, Matthew Bernhard, Elie Bursztein Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi Michalis Kallitsis!, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou Akamai Technologies, Cloudflare, Georgia Institute of Technology, Google, Merit Network University of Illinois Urbana-Champaign, University of Michigan 35
18-642: Security Vulnerabilities
18-642: Security Vulnerabilities 11/20/2017 Security Vulnerabilities Anti-Patterns for vulnerabilities Ignoring vulnerabilities until attacked Assuming vulnerabilities won t be exploited: Unsecure embedded
More informationDID WE LOSE THE BATTLE FOR A SECURE WEB?
DID WE LOSE THE BATTLE FOR A SECURE WEB? Philippe De Ryck Guest lecture Capita Selecta, UCLL, December 14 th 2016 https://www.websec.be ABOUT ME PHILIPPE DE RYCK My goal is to help you build secure web
More informationState of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager
State of the Internet Security Q2 2017 Mihnea-Costin Grigore Security Technical Project Manager Topics 1. Introduction 2. DDoS Attack Trends 3. Web Application Attack Trends 4. Spotlights 5. Resources
More informationArbor WISR XII The Stakes Have Changed. Julio Arruda V1.0
Arbor WISR XII The Stakes Have Changed Julio Arruda V1.0 Overview This presentation provides a quick view of the ATLAS collected information for the year of 2016, then focus in Latin America targeted DDoS,
More informationFixing the average internet user s IoT Vulnerabilities Calvin Hendriks University of Twente P.O. Box 217, 7500AE Enschede The Netherlands
Fixing the average internet user s IoT Vulnerabilities Calvin Hendriks University of Twente P.O. Box 217, 7500AE Enschede The Netherlands c.hendriks@student.utwente.nl ABSTRACT For the last couple of years,
More informationAnalisi degli attacchi DDOS e delle contromisure
Attacchi informatici: Strategie e tecniche per capire, prevenire e proteggersi dagli attacchi della rete Analisi degli attacchi DDOS e delle contromisure Alessandro Tagliarino 0 WHO IS ARBOR NETWORKS?
More informationIoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense
IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense DDoS Attacks Increasing in Size, Frequency & Complexity Arbor Networks WISR XII Largest attack
More informationThe Security Impact of HTTPS Interception
The Security Impact of HTTPS Interception Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, Vern Paxson University of Michigan,
More informationThe Evolution of Bashlite and Mirai IoT Botnets
The Evolution of Bashlite and Mirai IoT Botnets Artur Marzano, David Alexander, Osvaldo Fonseca, Elverton Fazzion, Cristine Hoepers, Klaus Steding-Jessen, Marcelo H. P. C. Chaves, Ítalo Cunha, Dorgival
More informationPOČÍTAČOVÁ OBRANA A ÚTOK - POU JIŘÍ ZNOJ
Fakulta elektrotechniky a informatiky Vysoká škola báňská - Technická univerzita Ostrava IoT security POČÍTAČOVÁ OBRANA A ÚTOK - POU JIŘÍ ZNOJ Internet a vast computer network linking smaller computer
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationAFRL-RI-RS-TR
AFRL-RI-RS-TR-2018-008 A NEXT GENERATION REPOSITORY FOR SHARING SENSITIVE NETWORK AND SECURITY DATA UNIVERSITY OF MICHIGAN JANUARY 2018 FINAL TECHNICAL REPORT APPROVED FOR PUBLIC RELEASE; DISTRIBUTION
More informationNetwork Infra Security
Network Infra Security NetSec Tutorial NZNOG2018 - Queenstown 24 Jan 2018 1 Securing the device (Hardening) 2 Think of ALL devices 21 Sept 2016 600Gbps+ attack on Brian Krebs site (hosted by Akamai) https://krebsonsecurity.com
More informationModelling Correct Operation of Webcams for Security Purposes
College of Charleston Charleston, South Carolina billingsbt@g.cofc.edu ABSTRACT In October of 2016, the world saw a Denial of Service (DoS) attack, the Mirai botnet, which made use of machines on a global
More informationInternet2 DDoS Mitigation Update
Internet2 DDoS Mitigation Update Nick Lewis, Program Manager - Security and Identity, Internet2 Karl Newell, Cyberinfrastructure Security Engineer, Internet2 2016 Internet2 Let s start with questions!
More informationddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks
ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks 2 WHAT IS A DDOS-ATTACK AND WHY ARE THEY DANGEROUS? Today's global network is a dynamically developing
More informationMulti-vector DDOS Attacks
Multi-vector DDOS Attacks Detection and Mitigation Paul Mazzucco Chief Security Officer August 2015 Key Reasons for Cyber Attacks Money and more money Large number of groups From unskilled to advanced
More informationCOPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1
COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1 Worldwide Infrastructure Security Report Highlights Volume XIII C F Chui, Principal Security Technologist COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 2 Overview This presentation
More informationA Characterization of IPv6 Network Security Policy
Don t Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy Jakub (Jake) Czyz, University of Michigan & QuadMetrics, Inc. Matthew Luckie, University of Waikato Mark Allman, International
More informationDetect & Respond to IoT Botnets AS AN ISP. Christoph Giese Telekom Security; Cyber DefenSe Center
Detect & Respond to IoT Botnets AS AN ISP Christoph Giese Telekom Security; Cyber DefenSe Center Management Summary Mirai hit us hard; IoT Botnets are on the rise and rapidly evolving We developed a three-stage
More informationFTP: The Forgotten Cloud. Drew Springall, Zakir Durumeric, and J. Alex Halderman University of Michigan
FTP: The Forgotten Cloud Drew Springall, Zakir Durumeric, and J. Alex Halderman University of Michigan 1 FTP File Transfer Protocol u Simple text-based protocol u View and traverse directory structure
More informationA custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74
Analysis of the Global Distributed Denial of Service (DDoS) Mitigation Market Abridged Version Rise of the DDoS Attack Spurs Demand for Comprehensive Solutions A custom excerpt from Frost & Sullivan s
More informationAllot IoT Defense Solutions for Enterprises to Ensure IoT Service Continuity. Solution Brief
Allot IoT Defense Solutions for Enterprises to Ensure IoT Service Continuity Solution Brief Contents 1 Allot IoT Defense Solutions for Enterprises to Ensure IoT Service Continuity... 1 2 IoT Service Protection...
More information( ) 2016 NSFOCUS
NSFOCUS 2016 Q3 Report on DDoS Situation and Trends (2016-10-20) 2016 NSFOCUS Copyright 2016 NSFOCUS Technologies, Inc. All rights reserved. Unless otherwise stated, NSFOCUS Technologies, Inc. holds the
More informationApplication Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks
Application Security Rafal Chrusciel Senior Security Operations Analyst, F5 Networks r.chrusciel@f5.com Agenda Who are we? Anti-Fraud F5 Silverline DDOS protection WAFaaS Threat intelligence & malware
More informationSecurity Testing of an OBD-II Connected IoT Device
Security Testing of an OBD-II Connected IoT Device Gustav Marstorp and Hannes Lindström Abstract The Internet of Things (IoT) is a rapidly growing network. As society begins to trust the devices in the
More informationAKAMAI THREAT ADVISORY. Satori Mirai Variant Alert
AKAMAI THREAT ADVISORY Satori Mirai Variant Alert Version: V002 Date: December 6, 2017 1.0 / Summary / Akamai, along with industry peers, has identified an updated variant of Mirai (Satori) that has activated
More informationWhy IPS Devices and Firewalls Fail to Stop DDoS Threats
Arbor White Paper Why IPS Devices and Firewalls Fail to Stop DDoS Threats How to Protect Your Data Center s Availability About Arbor Networks Arbor Networks, Inc. is a leading provider of network security
More informationCisco Firepower with Radware DDoS Mitigation
Cisco Firepower with Radware DDoS Mitigation Business Decision Maker Presentation Eric Grubel VP Business development, Radware February 2017 DDoS in the news French hosting firm flooded with 1 Tbps traffic
More informationIN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF ALASKA. No. ) ) ) ) ) ) ) ) ) ) ) INFORMATION
BRYAN D. SCHRODER United States Attorney ADAM ALEXANDER Assistant U.S. Attorney Federal Building & U.S. Courthouse 222 West 7th Ave., #9, Rm. 253 Anchorage, AK 99513-7567 Phone: 907-271-5071 Email: adam.alexander@usdoj.gov
More informationLecture 3 - Passwords and Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor
More informationWar Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy
War Stories from the Cloud: Rise of the Machines Matt Mosher Director Security Sales Strategy The Akamai Intelligent Platform The Platform 175,000+ Servers 2,300+ Locations 750+ Cities 92 Countries 1,227+
More informationADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE
ADVANCED, UNKNOWN MALWARE IN THE HEART OF EUROPE AGENDA Network Traffic Analysis: What, Why, Results Malware in the Heart of Europe Bonus Round 2 WHAT: NETWORK TRAFFIC ANALYSIS = Statistical analysis,
More informationA proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure
A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure Cristian Hesselman 1, Jeroen van der Ham 2, Roland van Rijswijk 3, Jair Santanna 2, Aiko Pras 2 1) SIDN Labs,
More informationIntroduction to DDoS Attacks
Introduction to DDoS Attacks Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter 2015 MCNC General Use v1.0 DDoS in the News July 2015 2015 MCNC General Use v1.0 DDoS
More informationHow Cloudflare s Architecture can Scale to Stop the Largest Attacks
How Cloudflare s Architecture can Scale to Stop the Largest Attacks 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com Executive Summary New Mirai-based IoT botnets are used to stage the largest
More informationINTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
INTRODUCTION: DDOS ATTACKS 1 DDOS ATTACKS Though Denial of Service (DoS) and Distributed Denial of Service (DDoS) have been common attack techniques used by malicious actors for some time now, organizations
More informationJPCERT/CC Internet Threat Monitoring Report [July 1, September 30, 2016]
JPCERT-IA-2016-03 Issued: 2016-11-16 JPCERT/CC Internet Threat Monitoring Report [July 1, 2016 - September 30, 2016] 1 Overview JPCERT/CC has placed multiple sensors across the Internet for monitoring
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationTrends in IoT DDoSbotnets
Trends in IoT DDoSbotnets Netnod Meeting, 14-15 March2018 Steinthor Bjarnason ASERT Network Security Research Engineer sbjarnason@arbor.net 2018 ARBOR PUBLIC 7,7 MillionDuring this presentation, approx.
More informationFIREWALL BEST PRACTICES TO BLOCK
Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting
More informationIdentifying and Disrupting Mirai Botnets. Chuck McAuley
Identifying and Disrupting Mirai Botnets Chuck McAuley Who me? Chuck McAuley Principal Threat Researcher at Ixia s Application Threat Intelligence team Talks to all the people Goes to all the places Does
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationThe Security Impact of HTTPS Interception
The Security Impact of HTTPS Interception NDSS 17 Z. Durumeric, Z. Ma, D. Springall, R. Barnes, N. Sullivan, E. Bursztein, M. Bailey, J. Alex Halderman, V. Paxson! G R Presented by: Sanjeev Reddy go NS
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 1 1ST QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2017 4 DDoS
More informationDDoS Introduction. We see things others can t. Pablo Grande.
DDoS Introduction We see things others can t Pablo Grande pgrande@arbor.net DoS & DDoS. Unavailability! Interruption! Denial of Service (DoS) attack is an attempt to make a machine or network resource
More informationCybersecurity. Anna Chan, Marketing Director, Akamai Technologies
Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile Business devices and Continuity data collection. & Cybersecurity Anna Chan, Marketing Director,
More informationArbor White Paper. DDoS: THE STAKES HAVE CHANGED. HAVE YOU? REVEALED: 3 dangerous myths about DDoS attacks
Arbor White Paper DDoS: THE STAKES HAVE CHANGED. HAVE YOU? REVEALED: 3 dangerous myths about DDoS attacks The findings of the latest annual Worldwide Infrastructure Security Report (WISR) by Arbor Networks
More informationIRL: Live Hacking Demos!
SESSION ID: SBX2-R3 IRL: Live Hacking Demos! Omer Farooq Senior Software Engineer Independent Security Evaluators Rick Ramgattie Security Analyst Independent Security Evaluators What is the Internet of
More informationRussian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall
Russian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall 1 U.S. and U.K. authorities last week alerted the public to an on-going effort to exploit network infrastructure devices including
More informationDetecting Dynamic IP Addresses Using the Sequential Characteristics of PTR Records Tomofumi Nakamori, Daiki Chiba, Mitsuaki Akiyama, and Shigeki Goto.
Proceedings of the APAN Research Workshop 2018 ISBN 978-4-9905448-8-1 Detecting Dynamic IP Addresses Using the Sequential Characteristics of PTR Records Tomofumi Nakamori, Daiki Chiba, Mitsuaki Akiyama,
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationAutomating Security Response based on Internet Reputation
Add Your Logo here Do not use master Automating Security Response based on Internet Reputation IP and DNS Reputation for the IPS Platform Anthony Supinski Senior Systems Engineer www.h3cnetworks.com www.3com.com
More informationSolutions to prevent IoT devices to be used for DDOS attacks. WISeKey General Business Use
Solutions to prevent IoT devices to be used for DDOS attacks WISeKey General Business Use Solutions to prevent IoT devices to be used for DDOS attacks WISeKey General Business Use Contents 3 Which protections
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationSynchronized Security
Synchronized Security 2 Endpoint Firewall Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations
More informationCloudflare Advanced DDoS Protection
Cloudflare Advanced DDoS Protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationCABLE MSO AND TELCO USE CASE HANDBOOK
CALE MSO AND TELCO USE CASE HANDOOK ackground Service providers, including cable multiple-system operators, or MSOs, telecom network operators and other broadband providers, manage and secure multiple
More informationEndpoint Protection : Last line of defense?
Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development
More informationCorero & GTT DDoS Trends Report Q2 Q3 2017
Corero & GTT DDoS Trends Report Q2 Q3 2017 Executive Summary KEY TRENDS KEY INSIGHTS RECOMMENDATIONS SUMMARY 3 6 7 9 Organizations around the globe have become increasingly dependent on the Internet as
More informationFeasibility study of scenario based self training material for incident response
24th Annual FIRST Conference Feasibility study of scenario based self training material for incident response June 21, 2012 Hitachi Incident Response Team Chief Technology and Coordination Designer Masato
More informationPerspectives on Cybersecurity
Perspectives on Cybersecurity Beau Woods Cyber Safety Innovation Fellow, Atlantic Council Leader, I Am The Cavalry (.org) 2019 Winter Conference February 2, 2019 What s at stake Mirai took out large parts
More informationChapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.
Chapter Three test Name: Period: CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it. 1. What protocol does IPv6 use for hardware address resolution? A. ARP
More informationIBM Cloud Internet Services: Optimizing security to protect your web applications
WHITE PAPER IBM Cloud Internet Services: Optimizing security to protect your web applications Secure Internet applications and APIs against denialof-service attacks, customer data compromise, and abusive
More informationValidating the Security of the Borderless Infrastructure
SESSION ID: CDS-R01 Validating the Security of the Borderless Infrastructure David DeSanto Director, Product Management Spirent Communications, Inc. @david_desanto Agenda 2 The Adversary The Adversary
More informationLecture 3 - Passwords and Authentication
Lecture 3 - Passwords and Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 What is authentication? Reliably verifying
More informationAttacks from Within: Windows Spreads Mirai to Enterprise IoT - Draft
Attacks from Within: Windows Spreads Mirai to Enterprise IoT - Draft Steinthor Bjarnason Arbor Networks, ASERT sbjarnason@arbor.net Jason Jones Arbor Networks, ASERT jasonjones@arbor.net Abstract When
More informationLooking Forward: Challenges in Mobile Security. John Mitchell Stanford University
Looking Forward: Challenges in Mobile Security John Mitchell Stanford University Outline Mobile platform security SessionJuggler Using phone as authentication token SelectiveAuth Protecting resources on
More informationThe Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering
The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationCybersecurity with Automated Certificate and Password Management for Surveillance
Cybersecurity with Automated Certificate and Password Management for Surveillance October 2017 ABSTRACT This reference architecture guide describes the reference architecture of a validated solution to
More information2015 DDoS Attack Trends and 2016 Outlook
CDNetworks 2015 DDoS Attack Trends and 2016 Outlook 2016, January CDNetworks Security Service Team Table of Contents 1. Introduction... 3 2. Outline... 3 3. DDoS attack trends... 4 4. DDoS attack outlook
More informationFigure 1: Attempts for /ws/v1/cluster/apps/new-application
ERT Threat Alert DemonBot October 26, 2018 Abstract Radware s Threat Research Center is monitoring and tracking a malicious agent that is leveraging a Hadoop YARN unauthenticated remote command execution
More informationMay the (IBM) X-Force Be With You
Ann Arbor, Michigan July 23-25 May the (IBM) X-Force Be With You A QUICK PEEK INTO ONE OF THE MOST RENOWNED SECURITY TEAMS IN THE WORLD Marlon Machado Worldwide Standardization Leader, Application Security
More informationA Survey of Defense Mechanisms Against DDoS Flooding A
DDoS Defense: Scope And A Survey of Defense Mechanisms Against DDoS Flooding Attacks IIT Kanpur IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 15, NO. 4, FOURTH QUARTER 2013 DDoS Defense: Scope And Outline
More informationIs the Best Defense a Good Offense? Christopher T. Pierson, CIPP/US, CIPP/G James T. Shreve, CIPP/US, CIPP/IT
Is the Best Defense a Good Offense? Christopher T. Pierson, CIPP/US, CIPP/G James T. Shreve, CIPP/US, CIPP/IT Agenda & Disclaimer 1. Scenarios 2. Issues - Status of Cybersecurity and Hacking 3. Capabilities
More informationHoneynet Weekly Report Canadian Institute for Cybersecurity (CIC)
Report (11) Captured from 04-05-2018 to 18-05-2018 1-Introduction The first honeypot studies released by Clifford Stoll in 1990, and from April 2008 the Canadian Honeynet chapter was founded at the University
More informationPRESENTED BY:
PRESENTED BY: scheff@f5.com APPLICATIONS ARE The reason people use the Internet The business the target The gateway to DATA 765 Average # of Apps in use per enterprise 6 min before its scanned 1/3 If vulnerable,
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More informationBehavioral Anomaly Detection of Malware on Home Routers
Behavioral Anomaly Detection of Malware on Home Routers Ni An, Alex Duff, Gaurav Naik, Michalis Faloutsos, Steven Weber, Spiros Mancoridis CAE Tech Talk 10/19/2017 Our team Ni An Alex Duff Gaurav Naik
More informationPhishing Activity Trends Report August, 2005
Phishing Activity Trends Report August, 25 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial
More informationExam Questions SY0-501
Exam Questions SY0-501 CompTIA Security+ https://www.2passeasy.com/dumps/sy0-501/ 1.. An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware
More informationWe b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)
We b Ap p A t ac ks U ser / Iden tity 33% 53% Apps And Identities Initial Targets In 86% Of Breaches P hysi ca l 11% Other (VPN, PoS,infra.) 3% Fix vulnerabilities Stop web attacks Risk & compliance What
More informationPaloalto Networks PCNSA EXAM
Page No 1 m/ Paloalto Networks PCNSA EXAM Palo Alto Networks Certified Network Security Administrator Product: Full File For More Information: /PCNSA-dumps 2 Product Questions: 50 Version: 8.0 Question:
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 3 3RD QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q3 2017 4 DDoS
More informationSY0-501 Exam Questions Demo CompTIA. Exam Questions SY CompTIA Security+ Version:Demo
CompTIA Exam Questions SY0-501 CompTIA Security+ Version:Demo 1.. An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware infection. Which
More informationDDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH
DDoS Protector Block Denial of Service attacks within seconds Simon Yu Senior Security Consultant CISSP-ISSAP, MBCS, CEH 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012
More informationTerm 2 Grade 12 -Project Task 2 Teachers Guidelines Ethical Hacking Picture 1 Picture 2
Term 2 Grade 12 -Project Task 2 Teachers Guidelines Ethical Hacking Picture 1 PRESENTATION Picture 2 Page 1 of 11 PROJECT TASK 2 INTRODUCTION The educational system has databases full of personal information
More informationPlayStation Setup Guide. PlayStation Setup Overview. NF18ACV NC2 FAQs. Prerequisite
PlayStation Setup Guide NF18ACV NC2 FAQs PlayStation Setup Overview There are two ways of allowing your PlayStation to communicate with the internet. One is through port forwarding and the other is through
More informationA 10,000 Foot View of Internet Security in Zakir Durumeric
A 10,000 Foot View of Internet Security in 2017 Zakir Durumeric Who am I? I am joining the Stanford CS Department in Fall 2018 My research primarily focuses on empirical security, particularly improving
More informationNANOG 69: Security Track
Embedded devices (aka IoT) as a community problem Moderator: Krassimir Tzvetanov Disclaimer In order to foster an open discussion all of the presenters are going to share their personal opinion which may
More informationAugust 14th, 2018 PRESENTED BY:
August 14th, 2018 PRESENTED BY: APPLICATION LAYER ATTACKS 100% 80% 60% 40% 20% 0% DNS is the second most targeted protocol after HTTP. DNS DoS techniques range from: Flooding requests to a given host.
More informationTracking Global Threats with the Internet Motion Sensor
Tracking Global Threats with the Internet Motion Sensor Michael Bailey & Evan Cooke University of Michigan Timothy Battles AT&T Danny McPherson Arbor Networks NANOG 32 September 7th, 2004 Introduction
More informationHoneypots observations and their usefulness
Honeypots observations and their usefulness Gerard Wagener - TLP:WHITE CIRCL March 15, 2017 The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationTable of contents Contacts 18
ASSESSMENT OF CYBER SECURITY IN 2016 AND PROSPECTS FOR 2017 Table of contents 1. Introduction 3 2. Overall estimate of DDoS attacks size 3. The true face of the bot: then and now 4. Analysis of the victims
More informationComprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline
Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline PRESENTED BY: RICH BIBLE, EMEA SILVERLINE SA November 22, 2018 1 2018 F5 NETWORKS DDoS and Application Attack
More informationCybersecurity Intelligence Gathering, Sharing and Reacting
Cybersecurity Intelligence Gathering, Sharing and Reacting SAC-PA2 Shane Filus Security Engineer SDAIA ScienceDMZ Actionable Intelligence Appliance SDAIA: NSF Award CICI: Secure Data Architecture: Shared
More information