Denial of Service Protection Standardize Defense or Loose the War
|
|
- Julianna Elliott
- 6 years ago
- Views:
Transcription
1 Denial of Service Protection Standardize Defense or Loose the War ETSI : the threats, risk and opportunities 16th and 17th - Sophia-Antipolis, France By: Emir@cw.net Arslanagic Head of Security Engineering Cable and Wireless 1
2 Vulnerability Lifecycle Risk Admins did not have enough resources to patch everything. Intruders have GUI tools, and self propagating malicious code Vulnerability has been discovered Presented by Emir INFORMATION SOCIETY CONNECTING EUROPE, Ljubjana 2002 Time 2 Administrators panic patch all systems and Change FW and networking rules Intruders are learning about vulnerability Vulnerability is announced. Some critical systems have been patched or protect
3 08 November :36 Subject: 6GB-20GB DDOS attack heading near you!!! 5pps DNS TXT queries size of 48 bytes are sent to a series of 100K+ DNS servers Response packets are between 4059 and 4162 bytes in size POBLEM: miss configured DNS SOLUTION: stop allowing open recursive lookups from external sources US-CERT is working on a product for public release that will hopefully raise awareness on the dangers of DNS servers that permit open recursion This is NOT new. There where a long running dns-smurf attacks in 2000!!! 3
4 What We Need??? No matter how many times you save the Internet it always manages to get back in to jeopardy again 4
5 Agenda What is dos Standardizations efforts to protect from dos Security and dos protection Dos tracking Black-holing Anti-spoofing Real DDoS protection How does it work DOS protection powered by ISP and ASP Where to go from here 5
6 What Is Denial of Service DoS is an incident in which a system is deprived of the resources it would normally have DoS is usually a target of choice risk, and very often related to extortion or racketeering DoS usually targets publicly available services that make money (extortion), or other opinioned portals (political violence) Distributed DoS sometimes involves more then hundred thousands boots It s estimate that close to 10 million networked computers are a potential source of DoS 6
7 Standardization Efforts IETF RFCs (denial of service has become serious consideration) 3704 ingress filtering for Multihomed networks 3882 configuring BGP to block denial-of-service attacks Drafts Internet denial of service considerations (M. Handley, E. Rescorla ) Protecting internet routing infrastructure from outsider dos attacks (Zinin) ITU Recognise spam as a threat to the internet No work has been done on DOS prevention and protection USA Government policy for cyber security relies on voluntary and cooperative action by the private sector and has, until now, explicitly rejected the use of mandate or regulation. (By James Andrew Lewis CSIS, Oct. 2005) Many informal information exchange means are established to facilitate cooperation ETSI Improving regulation related to NGN 7
8 Extraordinarily Complex Security Security is currently where networking was 15 years ago Multiple, complex components Lack of expertise in the industry No common GUIs Lack of standards Attacks are growing Customers require security for business Vulnerability Management is time consuming Source: Dr. Bill Hancock, Cable & Wireless 8
9 DDoS Protection History of DOS protection DOS tracker Black-holing Sinking Customer is impacted Inline protection is not sufficient Only solution is to stop attacks as close as possible to source urpf Sound security practices Traffic cleaning 9
10 Current Issues Multiple groups are involved in extortion From 300 to 1mil.+ devices involved Sophisticated full spectrum attacks TCP connection attack; syn attack URL attack UDP flood ICMP flood TCP flood Malformed packets It is not getting better 10
11 DDoS Traffic Black-holing or Sinking When DOS is detected /32 routes is assign to BGP community that routes to null (black-holing) or to local server (sinking). Benefit: Remote ISPs that are paying high price for link to the upstream provider. Downside: Attacker has succeeded in their intent, victim IP is unreachable. 11
12 DDoS Traffic Black-holing or Sinking Attack Network Attacker Network Service Provider Switch Victim Network Attacker Network IP Network User Network NOC Attack Network Enterprise Network 12
13 DDoS Traffic Black-holing or Sinking Peers Switch /32 Community 1273:100 Victim Network IP Network Peers NOC Customers Customers 13
14 DDOS-tracker DCU Approach When DDOS is detected /32 routes is assign to BGP community with instruction to count packets. Using SNMP or Syslog counts are presented to NOC. On interfaces with highest number of packets ACLs are manually applied to protect victim IP. 14
15 DDOS-tracker DCU Approach Peers Switch Victim Network IP Network Peers NOC Customers Customers 15
16 DDOS-tracker DCU Approach Peers Switch /32 Community 1273:31 Victim Network IP Network Peers NOC Customers Customers 16
17 DDOS-tracker Screen Shot 17
18 Ingress Filtering Strict Reverse Path Forwarding Only symmetrical routing Feasible Path Reverse Path Forwarding alternative paths have been added and they are valid for consideration Loose Reverse Path Forwarding route presence check Why this does not work? Prevent only spoofed packets Not all ISPs are implementing it 18
19 Real DOS Protection Must be scalable Must be available to all customers Must protect backbone infrastructure Must let good packets trough Must detect bad sites Must NOT impact operation Must NOT add additional point of failure in the network Must be implemented globally 19
20 Real DOS Protection Peers Switch Victim Network IP Network Peers NOC Customers Customers 20
21 Real DOS Protection Peers Switch Victim Network IP Network Peers NOC Customers Customers 21
22 Things to Consider Does internet users have a right to expect only benign packets to be send to them??? Road and car analogy At the beginning was primary goal to increase road coverage and car speed. Passenger safety has not been consider seriously until seventies Moor s law is working for us Or Is there another killer application that will eat all available bandwidth? Cleaning function in every switch Standardization will come when technology is ready 22
23 Real DOS Protection Where Is the Value? Education and Education If one customer in data center is target all customers are victims Bandwidth that we need for normal operation is not in any relation with bandwidth that we need for protection Targeted are usually content provider, enterprises and opinionated organizations Victims are all of us if there is no protection Insurance model is the closest, how much insurance you can afford 23
24 NGN VoIP Interconnects SBCs are becoming de-facto standards Should we demand packet inspection and cleaning? Is it to early? Can we be to late? 24
25 Questions 25
Routing Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security
Routing Security DDoS and Route Hijacks Merike Kaeo CEO, Double Shot Security merike@doubleshotsecurity.com DISCUSSION POINTS Understanding The Growing Complexity DDoS Attack Trends Packet Filters and
More informationData Plane Protection. The googles they do nothing.
Data Plane Protection The googles they do nothing. Types of DoS Single Source. Multiple Sources. Reflection attacks, DoS and DDoS. Spoofed addressing. Can be, ICMP (smurf, POD), SYN, Application attacks.
More informationsnoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection
Snoc DDoS Protection Fast Secure Cost effective sales@.co.th www..co.th securenoc Introduction Snoc 3.0 Snoc DDoS Protection provides organizations with comprehensive protection against the most challenging
More informationUnicast Reverse Path Forwarding Loose Mode
The feature creates a new option for Unicast Reverse Path Forwarding (Unicast RPF), providing a scalable anti-spoofing mechanism suitable for use in multihome network scenarios. This mechanism is especially
More informationNetwork Policy Enforcement
CHAPTER 6 Baseline network policy enforcement is primarily concerned with ensuring that traffic entering a network conforms to the network policy, including the IP address range and traffic types. Anomalous
More informationDDoS Protection in Backbone Networks
DDoS Protection in Backbone Networks The Czech Way Pavel Minarik, Chief Technology Officer Holland Strikes Back, 3 rd Oct 2017 Backbone DDoS protection Backbone protection is specific High number of up-links,
More informationImma Chargin Mah Lazer
Imma Chargin Mah Lazer How to protect against (D)DoS attacks Oliver Matula omatula@ernw.de #2 Denial of Service (DoS) Outline Why is (D)DoS protection important? Infamous attacks of the past What types
More informationUnit 4: Firewalls (I)
Unit 4: Firewalls (I) What is a firewall? Types of firewalls Packet Filtering Statefull Application and Circuit Proxy Firewall services and limitations Writing firewall rules Example 1 Example 2 What is
More informationCollective responsibility for security and resilience of the global routing system
Collective responsibility for security and resilience of the global routing system Andrei Robachevsky www.internetsociety.org Let us look at the problem first BGP is based on trust
More informationBackscatter A viable tool for threat of the past and today. Barry Raveendran Greene March 04, 2009
Backscatter A viable tool for threat of the past and today Barry Raveendran Greene March 04, 2009 bgreene@senki.org Agenda Backscatter: What is it? VzB s use with the Backscatter Traceback Technique. Using
More informationCIRT: Requirements and implementation
CIRT: Requirements and implementation By : Muataz Elsadig Sudan CERT Joint ITU-ATU Workshop on Cyber-security Strategy in African Countries Khartoum, Republic of Sudan, 24 26 July 2016 There is no globally
More informationSecurity Baseline Data Model for Network Infrastructure Device draft-xia-sacm-nid-dp-security-baseline-00 draft-dong-sacm-nid-cp-security-baseline-00
Security Baseline Data Model for Network Infrastructure Device draft-xia-sacm-nid-dp-security-baseline-00 draft-dong-sacm-nid-cp-security-baseline-00 Liang Xia Guangying Zheng Yue Dong Huawei Huawei Huawei
More informationDDoS made easy. IP reflection attacks for fun and profit. Gert Döring, SpaceNet AG, München. DECIX/ECO security event,
DDoS made easy IP reflection attacks for fun and profit Gert Döring, SpaceNet AG, München DECIX/ECO security event, 04.12.14, Frankfurt Agenda what are IP reflection attacks? why are they so effective
More informationFirewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.
Firews and NAT 1 Firews By conventional definition, a firew is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. firew isolates organization
More information2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015
2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks 9 th November 2015 AKAMAI SOLUTIONS WEB PERFORMANCE SOLUTIONS MEDIA DELIVERY SOLUTIONS CLOUD SECURITY SOLUTIONS CLOUD NETWORKING
More informationNISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks
NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks Background This NISCC technical note is intended to provide information to enable organisations in the UK s Critical
More informationIntroduction to DDoS Attacks
Introduction to DDoS Attacks Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter 2015 MCNC General Use v1.0 DDoS in the News July 2015 2015 MCNC General Use v1.0 DDoS
More informationDenial of Service. Serguei A. Mokhov SOEN321 - Fall 2004
Denial of Service Serguei A. Mokhov SOEN321 - Fall 2004 Contents DOS overview Distributed DOS Defending against DDOS egress filtering References Goal of an Attacker Reduce of an availability of a system
More informationINTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
INTRODUCTION: DDOS ATTACKS 1 DDOS ATTACKS Though Denial of Service (DoS) and Distributed Denial of Service (DDoS) have been common attack techniques used by malicious actors for some time now, organizations
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 18: Network Attacks Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Network attacks denial-of-service (DoS) attacks SYN
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationIntrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks
Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks So we are proposing a network intrusion detection system (IDS) which uses a Keywords: DDoS (Distributed Denial
More informationData Sheet. DPtech Anti-DDoS Series. Overview. Series
Data Sheet DPtech Anti-DDoS Series DPtech Anti-DDoS Series Overview DoS (Denial of Service) leverage various service requests to exhaust victims system resources, causing the victim to deny service to
More informationSpaceNet AG. Internet Business Produkte für den Mittelstand. Produkt- und Firmenpräsentation. DENOG6, , Darmstadt
SpaceNet AG Internet Business Produkte für den Mittelstand Produkt- und Firmenpräsentation DENOG6, 20.11.14, Darmstadt DDoS made easy IP reflection attacks for fun and profit Gert Döring, SpaceNet AG,
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks
Security+ Guide to Network Security Fundamentals, Fourth Edition Network Attacks Denial of service Attacks Introduction: What is DoS? DoS attack is an attempt (malicious or selfish) by an attacker to cause
More informationIxLoad-Attack TM : Network Security Testing
IxLoad-Attack TM : Network Security Testing IxLoad-Attack tests network security appliances to validate that they effectively and accurately block attacks while delivering high end-user quality of experience
More informationCOMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN
COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationPreventing Traffic with Spoofed Source IP Addresses in MikroTik
Preventing Traffic with Spoofed Source IP Addresses in MikroTik Presented by Md. Abdullah Al Naser Sr. Systems Specialist MetroNet Bangladesh Ltd Founder, mn-lab info@mn-lab.net The routing system of the
More informationRESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises
RESELLER LOGO RADICALLY BETTER DDoS PROTECTION Radically more effective, radically more affordable solutions for small and medium enterprises IT S TIME TO GET SERIOUS ABOUT CYBER CRIME Despite the headline
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationA custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74
Analysis of the Global Distributed Denial of Service (DDoS) Mitigation Market Abridged Version Rise of the DDoS Attack Spurs Demand for Comprehensive Solutions A custom excerpt from Frost & Sullivan s
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationTDC 375 Network Protocols TDC 563 P&T for Data Networks
TDC 375 Network Protocols TDC 563 P&T for Data Networks Routing Threats TDC 375/563 Spring 2013/14 John Kristoff DePaul University 1 One of two critical systems Routing (BGP) and naming (DNS) are by far
More informationDistributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 29. Firewalls Paul Krzyzanowski Rutgers University Fall 2015 2013-2015 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive data & systems not accessible Integrity:
More informationAugust 14th, 2018 PRESENTED BY:
August 14th, 2018 PRESENTED BY: APPLICATION LAYER ATTACKS 100% 80% 60% 40% 20% 0% DNS is the second most targeted protocol after HTTP. DNS DoS techniques range from: Flooding requests to a given host.
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Denial of Service Intentional prevention of access to valued resource CPU,
More informationInternetwork Expert s CCNA Security Bootcamp. Common Security Threats
Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet
More informationCollective responsibility for security and resilience of the global routing system
Collective responsibility for security and resilience of the global routing system Phil Roberts roberts@isoc.org Andrei Robachevsky www.internetsociety.org Let us look at the problem
More informationSecurity Configuration Guide: Unicast Reverse Path Forwarding, Cisco IOS XE Fuji 16.7.x (NCS 4200 Series)
Security Configuration Guide: Unicast Reverse Path Forwarding, Cisco IOS XE Fuji 16.7.x (NCS 4200 Series) First Published: 2017-12-24 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationDDoS Managed Security Services Playbook
FIRST LINE OF DEFENSE DDoS Managed Security Services Playbook INTRODUCTION Distributed Denial of Service (DDoS) attacks are major threats to your network, your customers and your reputation. They can also
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationConfiguring Unicast Reverse Path Forwarding
Configuring Unicast Reverse Path Forwarding This chapter describes the Unicast Reverse Path Forwarding (Unicast RPF) feature. The Unicast RPF feature helps to mitigate problems that are caused by malformed
More informationEXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS
EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS Andry Putra Fajar and Tito Waluyo Purboyo Faculty of Electrical Engineering,
More informationDDoS and Traceback 1
DDoS and Traceback 1 Denial-of-Service (DoS) Attacks (via Resource/bandwidth consumption) malicious server legitimate Tecniche di Sicurezza dei Sistemi 2 TCP Handshake client SYN seq=x server SYN seq=y,
More informationEuropean Internet Situation Awareness The Global View
European Internet Situation Awareness The Global View Prof. Dr. Norbert Pohlmann Institute for Internet Security - if(is) University of Applied Sciences Gelsenkirchen http://www.internet-sicherheit.de
More informationDoS Mitigation Strategies
DoS Mitigation Strategies Chris Morrow - Google NSF Workshop on Unwanted Traffic July 18, 2008, George Mason University (Fairfax, VA) DoS Attack Definition Too many bytes bandwidth exhaustion Too many
More informationDENIAL OF SERVICE ATTACKS
DENIAL OF SERVICE ATTACKS Ezell Frazier EIS 4316 November 6, 2016 Contents 7.1 Denial of Service... 2 7.2 Targets of DoS attacks... 2 7.3 Purpose of flood attacks... 2 7.4 Packets used during flood attacks...
More informationSecurity Configuration Guide: Unicast Reverse Path Forwarding, Cisco IOS XE Everest (Cisco ASR 920)
Security Configuration Guide: Unicast Reverse Path Forwarding, Cisco IOS XE Everest 16.5.1 (Cisco ASR 920) First Published: 2017-05-06 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San
More informationDNS SECURITY BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER
BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER Introduction DDoS attacks are rapidly growing in magnitude and frequency every year. Just in the last year, attack rates have risen 132% (Q2
More informationPrevent DoS using IP source address spoofing
Prevent DoS using IP source address spoofing MATSUZAKI maz Yoshinobu 06-Sep-2006 Copyright (C) 2006 Internet Initiative Japan Inc. 1 ip spoofing creation of IP packets with source addresses
More informationHP High-End Firewalls
HP High-End Firewalls Attack Protection Configuration Guide Part number: 5998-2650 Software version: F1000-A-EI&F1000-S-EI: R3721 F5000: F3210 F1000-E: F3171 Firewall module: F3171 Document version: 6PW101-20120719
More informationEnhanced Feasible-Path Unicast Reverse Path Filtering draft-sriram-opsec-urpf-improvements-01
Enhanced Feasible-Path Unicast Reverse Path Filtering draft-sriram-opsec-urpf-improvements-01 K. Sriram and D. Montgomery OPSEC Working Group Meeting, IETF-99 July 2017 Acknowledgements: The authors are
More informationCloudflare Advanced DDoS Protection
Cloudflare Advanced DDoS Protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationDDoS Detection&Mitigation: Radware Solution
DDoS Detection&Mitigation: Radware Solution Igor Urosevic Head of Technical Department SEE CCIE #26391 Ingram Micro Inc. 1 Agenda DDoS attack overview Main point of failures Key challenges today DDoS protection
More informationCyber Security Guidelines Distributed Denial of Service (DDoS) Attacks
Cyber Security Guidelines Distributed Denial of Service (DDoS) Attacks Version: 1.0 Author: Cyber Security Policy and Standards Document Published Date: March 2018 Table of Contents Version: 1.0 Page 1
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationConfiguring Unicast RPF
20 CHAPTER This chapter describes how to configure Unicast Reverse Path Forwarding (Unicast RPF) on NX-OS devices. This chapter includes the following sections: Information About Unicast RPF, page 20-1
More informationWHITE PAPER Hybrid Approach to DDoS Mitigation
WHITE PAPER Hybrid Approach to DDoS Mitigation FIRST LINE OF DEFENSE Executive Summary As organizations consider options for DDoS mitigation, it is important to realize that the optimal solution is a hybrid
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More informationSecuring Online Businesses Against SSL-based DDoS Attacks. Whitepaper
Securing Online Businesses Against SSL-based DDoS Attacks Whitepaper Table of Contents Introduction......3 Encrypted DoS Attacks...3 Out-of-path Deployment ( Private Scrubbing Centers)...4 In-line Deployment...6
More informationDDoS Protection Service
White Paper DDoS Protection Service Distributed Denial of Service (DDoS) Technical Product Information Effective protection of your infrastructure against attacks off the Internet highly available Internet
More informationhaltdos - Web Application Firewall
haltdos - DATASHEET Delivering best-in-class protection for modern enterprise Protect your website against OWASP top-10 & Zero-day vulnerabilities, DDoS attacks, and more... Complete Attack Protection
More informationOptimizing the Internet Quality of Service and Economics for the Digital Generation. Dr. Lawrence Roberts President and CEO,
Optimizing the Internet Quality of Service and Economics for the Digital Generation Dr. Lawrence Roberts President and CEO, lroberts@anagran.com Original Internet Design File Transfer and Remote Computing
More informationThreat Pragmatics. Target 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:
Threat Pragmatics 25-29 June 2018 PacNOG 22, Honiara, Solomon Islands Supported by: Issue Date: Revision: 1 Target Many sorts of targets: Network infrastructure Network services Application services User
More informationComputer Science 461 Final Exam May 22, :30-3:30pm
NAME: Login name: Computer Science 461 Final Exam May 22, 2012 1:30-3:30pm This test has seven (7) questions, each worth ten points. Put your name on every page, and write out and sign the Honor Code pledge
More informationValidating the Security of the Borderless Infrastructure
SESSION ID: CDS-R01 Validating the Security of the Borderless Infrastructure David DeSanto Director, Product Management Spirent Communications, Inc. @david_desanto Agenda 2 The Adversary The Adversary
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 1 1ST QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2017 4 DDoS
More informationSmartWall Threat Defense System - NTD1100
SmartWall Threat Defense System - NTD1100 Key Benefits Robust, real-time security coverage Real-time Layer 3-7 mitigation against volumetric attacks for both IPv4 and IPv6 traffic. Industry- leading density,
More informationAnti-DDoS. FAQs. Issue 11 Date HUAWEI TECHNOLOGIES CO., LTD.
Issue 11 Date 2018-05-28 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2019. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any
More informationSecurity Issues In Mobile IP
Security Issues In Mobile IP Zhang Chao Tsinghua University Electronic Engineering 1 OUTLINE 1.Introduction 2.Typical threats 3. Mobile IPv6 and new threats 4.Open issues 2 OUTLINE 1.Introduction 2.Typical
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationTrends in Denial of Service Attack Technology -or Oh, please, they aren t smart enough to do that
Trends in Denial of Service Attack Technology -or Oh, please, they aren t smart enough to do that Presentation to CERT-Polska November 2001 Rob Thomas, robt@cymru.com Credit Where Credit is Due! Presentation
More informationDenial of Service. Denial of Service. A metaphor: Denial-of-Dinner Attack. DDoS over the years. Ozalp Babaoglu
Denial of Service Denial of Service Ozalp Babaoglu Availability refers to the ability to use a desired information resource or service A Denial of Service attack is an attempt to make that information
More informationDistributed Denial of Service
Distributed Denial of Service Vimercate 17 Maggio 2005 anegroni@cisco.com DDoS 1 Agenda PREFACE EXAMPLE: TCP EXAMPLE: DDoS CISCO S DDoS SOLUTION COMPONENTS MODES OF PROTECTION DETAILS 2 Distributed Denial
More informationUSG2110 Unified Security Gateways
USG2110 Unified Security Gateways The USG2110 series is Huawei's unified security gateway developed to meet the network security needs of various organizations including the small enterprises, branch offices,
More informationDDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH
DDoS Protector Block Denial of Service attacks within seconds Simon Yu Senior Security Consultant CISSP-ISSAP, MBCS, CEH 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012
More informationInternet Continuous Situation Awareness
Internet Continuous Situation Awareness Prof. Dr. Norbert Pohlmann Institute for Internet Security - if(is) University of Applied Sciences Gelsenkirchen http://www.internet-sicherheit.de Content Structure
More informationChapter 10: Denial-of-Services
Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationNext Generation IPv6 Cyber Security Protection Through Assure6i TM Product Line
Next Generation IPv6 Cyber Security Protection Through Assure6i TM Product Line Designed to Prevent, Detect, and Block Malicious Attacks on Both IPv4 and IPv6 Networks TM Introduction With the exponential
More informationWEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING
WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING A STRONG PARTNER COMPANY Link11 - longstanding security experience Link11 is a European IT security provider, headquartered in Frankfurt, Germany
More informationUniversal Trusted Service Provider Identity to Reduce Vulnerabilities
1.1 Session 3: Cyber-attacks: Are we ready for the battlefield of the 21st Century? 22 May 2008 Palais des Nations, Geneva Universal Trusted Service Provider Identity to Reduce Vulnerabilities Tony Rutkowski
More informationCyber Criminal Methods & Prevention Techniques. By
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation
More informationDDoS Testing with XM-2G. Step by Step Guide
DDoS Testing with XM-G Step by Step Guide DDoS DEFINED Distributed Denial of Service (DDoS) Multiple compromised systems usually infected with a Trojan are used to target a single system causing a Denial
More informationChapter 7. Denial of Service Attacks
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU),
More informationManaging IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services
Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our
More informationCisco DDoS Solution Clean Pipes Architecture
Cisco DDoS Solution Clean Pipes Architecture Dynamic filters to block attack sources Anti-spoofing to block spoofed packets Legitimate traffic Rate limits Dynamic & Static Filters Active Statistical Verification
More information(Distributed) Denial-of-Service. in theory and in practice
(Distributed) Denial-of-Service in theory and in practice About SURFnet National Research and Education Network (NREN) Founded in 1986, incorporated 1988 > 11000km dark-fibre network Shared ICT innovation
More informationGuide to DDoS Attacks November 2017
This Multi-State Information Sharing and Analysis Center (MS-ISAC) document is a guide to aid partners in their remediation efforts of Distributed Denial of Service (DDoS) attacks. This guide is not inclusive
More informationSecurity in inter-domain routing
DD2491 p2 2011 Security in inter-domain routing Olof Hagsand KTH CSC 1 Literature Practical BGP pages Chapter 9 See reading instructions Beware of BGP Attacks (Nordström, Dovrolis) Examples of attacks
More informationConfiguring Unicast Reverse Path Forwarding
Configuring Unicast Reverse Path Forwarding Last Updated: January 20, 2012 This chapter describes the Unicast Reverse Path Forwarding (Unicast RPF) feature. The Unicast RPF feature helps to mitigate problems
More informationGlobal cybersecurity and international standards
World Class Standards Global cybersecurity and international standards Professor Solange Ghernaouti-Hélie sgh@unil.ch Faculty of Business and Economics, University of Lausanne Member of the Hight Level
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More informationMANRS Mutually Agreed Norms for Routing Security
27 March 2018 MANRS Mutually Agreed Norms for Routing Security Kevin Meynell meynell@isoc.org Presentation title Client name Internet Society 1992 2016 1 The Problem A Routing Security Overview 2 The Basics:
More information