the Breakdown of Perimeter Defenses
|
|
- Maurice Long
- 6 years ago
- Views:
Transcription
1 WikiLeak s Operation Payback and the Breakdown of Perimeter Defenses Carl W. Herberger Radware Session ID:SPO2-304 Session Classification: Sponsor Case Studies
2 Agenda DDoS/DoS Attacks Have Matured Recap Operation Payback Timeline Perimeter Defense Breakdowns New Learned Lessons 2
3 Main Presentation Take-Aways Denial of Service Attack Category A Preferred Weapon IsBroad RepresentingNearly Every Layer in Network Stack Is Deep Representing Nearly Every Protocol & Service Is Generally Misunderstood and Understudied Have Seen a Dramatic Rise in Hacktivism Operation Payback Establish Numerous Lessons Perimeter Security Next Generation Open Air Market Model which requires the following: More Alerting Coverage More Deployed Perimeter Platforms Tighter Integration Instantly Normalize & Correlated Data Prioritization of Threats for Mitigation 3
4 DoS / DDoS Attacks Have Matured WikiLeak s Operation Payback and the Breakdown of Perimeter Defenses 4
5 Perimeter Security Attack Roundup Source: ISC2 Common Body Of Knowledge & OWASP 5
6 DoS / DDoS Attack Roundup Examples Source: ISC2 Common Body Of Knowledge & OWASP 6 TCP SYN TCP SYN+ACK Malware / Botnets TCP FIN TCP RESET TCP ACK TCP ACK+PSH TCP Fragment UDP ICMP IGMP HTTP Flood Brute Force Connection Floods
7 Notable DoS / DDoS Attacks July Low & Slow Attacks - Slowloris July 2009 MyDoom Over 50,000 Zombies August 2009 Twitter/Cyxymu DDoS Sept 2010 IMDDOS Commercial Botnet Sept 2010 Operation Payback (Nearly All DoS / DDoS Was Tried) Source: ISC2 Common Body Of Knowledge & OWASP 7 TCP SYN TCP SYN+ACK Malware / Botnets TCP FIN TCP RESET TCP ACK TCP ACK+PSH TCP Fragment UDP ICMP IGMP HTTP Flood Brute Force Connection Floods
8 Attacker s Change in Motivation & Techniques Vandalism and publicity Hacktivism Financially motivated Dec 2010 Operation Payback Attack Risk CodeRed (Defacing IIS web servers) Blaster 2001 (Attacking Microsoft web site) Nimda 2003 (Installed Trojan) 2001 Agobot Slammer (DoS Botnet) (Attacking SQL websites) 2003 Republican website DoS 2004 Storm (Botnet) 2007 Srizbi (Botnet) Rustock 2007 (Botnet) 2007 Estonia s Web Sites DoS 2007 Kracken (Botnet) IMDDOS (Botnet) July 2009 Cyber Attacks US & Korea Google / Twitter Attacks2009 Georgia Web sites DoS Time
9 Attacker s Change in Motivation & Techniques Vandalism and publicity Hacktivism Financially motivated Dec 2010 Operation Payback Attack Risk CodeRed (Defacing IIS web servers) Blaster 2001 (Attacking Microsoft web site) Nimda 2003 (Installed Trojan) 2001 Agobot Slammer (DoS Botnet) (Attacking SQL websites) 2003 Republican website DoS 2004 Storm (Botnet) 2007 Srizbi (Botnet) Rustock 2007 (Botnet) 2007 Estonia s Web Sites DoS 2007 Kracken (Botnet) IMDDOS (Botnet) July 2009 Cyber Attacks US & Korea Google / Twitter Attacks2009 Georgia Web sites DoS Time
10 Recap Operation Payback Timeline WikiLeak s Operation Payback and the Breakdown of Perimeter Defenses 10
11 Background In December 2010, WikiLeaks came under intense pressure to stop publishing secret United States t diplomatic cables. Corporations such as Amazon, PostFinance, MasterCard and Visa either stopped working with or froze donations to Wikileaks, apparently bowing to political pressure. 11
12 November 30 th (ish)2010: The Jester (th3jest3r) vs. Wikileaks New Release Arrest WikiLeaks Attacked Source: 12
13 Early December (1 st 5 th ) 2010: Amazon and DNS providers drop Wikileaks.org New Service Release Providers Arrest WikiLeaks Cutoffs Attacked 13
14 December 4 th 6 th 2010: Payment Firms Prevent Financial Donations New Service Release Providers Financial Arrest WikiLeaks Cutoffs Firms Attacked Stonewall WikiLeaks 14
15 December 7 th, 2010: Anonymous launched Operation Payback Operation New Service Payback Release Providers Financial Launched Arrest WikiLeaks Cutoffs Firms Attacked Stonewall Via WikiLeaks Twitter & Facebook 15
16 Original Distributed Tool LOIC V Dist by Praetox Tech for Stress Testing 16
17 Updated Version on Dec. 9 th No Download Distributed Attack Tool JS LOIC 17
18 December 11 th, 2010: Payback Reached Peak Participation ~7,000 New Service Operation Payback Release Providers Financial Launched Arrest WikiLeaks Cutoffs Firms Attacked Stonewall Via WikiLeaksTwitter & Facebook 7,000 LOIC Tool Users Source: 18
19 Targets Were Defined & Coordinated Source: 19
20 Operation Payback Initial Target Set Source: 20
21 From the news 21
22 Throughout December, 2010: The Jester Attacks LOIC Nodes, Thwarts Attack by December 14th Operation New Service Payback Release Providers Financial Launched Arrest WikiLeaks Cutoffs Firms Attacked Stonewall Via WikiLeaksTwitter k & Facebook 7,000 LOIC Tool Users The Jester Attacks LOIC Users 22
23 New Anonymous Targets: The Jester Source: 23
24 February, 2011: WikiLeaks Remains Up, Anonymous Promises More Attacks Coming.. 24
25 Breakdown Of Perimeter Defenses WikiLeak s Operation Payback and the Breakdown of Perimeter Defenses 25
26 Introducing AMS 26
27 Radware Operation Payback ERT Post-Mortem Analysis Operation Payback Network DDoS attacks: High PPS attacks: extremely high SYN flood and UDP flood attack rates (up to 8M packets per second) hit victim sites. Oversized UDP frames in an intent to consume bandwidth Fragmented and corrupted UDP frames in an intent to consume more resources on application i delivery equipment Connection flood attacks: target the TCP stack resources; TCP raw data transmission (long stream of ASCII data) to ports 443 (HTTPS) and 80 (HTTP) Operation Payback Application DDoS attacks: HTTP page request floods targeting crafted URLs (GETs/PUTs) Crafted Layer7 TCP attacks such as SlowLoris HTTP data floods 27
28 Operation Payback: Major Perimeter Defense Breakdowns High rate attacks Security tools themselves crashed under the load and improper placement Low and slow DoS/DDoS attacks Easily go under the radar of traditional security solution (if you define low rate thresholds you raise the false positive ratio and the opposite) Today s application DDoS attacks are well integrated into legitimate forms of business delivery models wreaking havoc with distinguishing the difference between legitimate and illegitimate traffic 28
29 Why were Operation Payback attacks so challenging? Attacks High PPS attacks Oversized UDP frames Fragmented and corrupted UDP frames Connection flood attacks HTTP page flood attacks Slowloris 29 Impacts Equipment Bottlenecks Consume network bandwidth Consume resources Memory / Processing Consume TCP stack resources - Processing Consume server resources Memory / Processing
30 Protection from Attack Campaigns (Multi-Vulnerability) Is Difficult Attack Types High PPS attacks Oversized UDP frames Fragmented and corrupted UDP frames Connection flood attacks HTTP page flood attacks Slowloris 30 Protection Needed Network-Level anti-dos Anti-DoS / DDoS Anti-DoS / DDoS IPS In front of Firewall NBA In front of Firewall IPS In front of Firewall
31 Modern Security Data Center Architecture Is Inadequate For Perimeter Protection Public Internet 1st The rising tide of distributed denial of service attacks (DDoS) is being made much worse by a tendency to mis-deploy firewalls and intrusion prevention systems (IPS) in front of servers During Private 2010, nearly 1st half of all respondents had experienced a failure Internet of their firewall or IPS due to DDoS, something that t could have been avoided Arbor Networks Survey of 111 Global Service Providers, Comments Published by John E. Dunn, Feb 01, 2010 Tech World 31
32 Current Architecture Has Lead to Inadequate Security Solutions Current Deployment Problems Include 32
33 Attack Campaigns Require Alerts, Correlation, Prioritization in All Perimeter Regimes!!! Network & DoS/DDoS flood attacks Application Based Attacks Zero-Day Malware propagation & scans Intrusion Activities Clean Environment NBA - Network-Based Behavioral Protections NBA - Application-Based Behavioral Protections NBA Source -Based Behavioral Protections IPS - Signature-Based Protections Reputation Engine 33
34 New Lessons Learned WikiLeak s Operation Payback and the Breakdown of Perimeter Defenses 34
35 New Lessons From Operation Payback: Cyber retaliation: DDoS has become a new tool for angry mobs or overzealous activists Use of social media networks for quick distribution of malicious tools Previously unqualified attackers/profiles (no signature profiles available) volunteer in an attack campaign Bundled, multi layered DDoS attack structure (UDP, TCP, HTTP, Slow, Fast, Connection Oriented, Malformed Packets, etc) Multi Vector: Unquantifiable scalability (any attacker from anywhere) 35
36 In addition, Multi-Vector Attacks Are On the Rise...Protection is Not Attack Vector Solution Bot malware spread Scanning or Single IP Vulnerability Attacks Social Engineering Attacks (Fraud, Phishing, Bot Command, Control messages, etc) IPS or Network Behavior Analysis IPS or Reputational Engine No single protection tool can handle today s multi-vector t threats t Application flooding - HTTP page flood attack Network Behavior Analysis Network flooding - SYN/UDP/ICMP flood attack DoS Protection 36
37 How to Improve Perimeter Security? Next Generation Defense: Deploy a series of perimeter security alerting and mitigating technologies designed to handle multivulnerability and multi origin threats (e.g. attack campaigns) in real time. The idea is to accomplish the following: Increase overall quality of coverage of attack categories with of best in breed perimeter alerting technologies (IPS, NBA, DoS, WAF, Anti Fraud) at the Perimeter s edge Unify and normalize alerting data for improved correlation Engineer agile solutions. E.g. limit human interactions and required decisions to only extreme situations. 37
38 Recap - Main Presentation Take-Aways Denial of Service Attack Category IsBroad RepresentingNearly Every Layer in Network Stack Is Deep Representing Nearly Every Protocol & Service Is Generally Misunderstood and Understudied Have Seen a Dramatic Rise in Hacktivism Operation Payback Establish Numerous Lessons Perimeter Security an Open Air Market Model which requires the following: More Alerting Coverage More Deployed Perimeter Platforms Tighter Integration Instantly Normalize & Correlated Data Prioritization of Threats for Mitigation 38
39 Thank You Carl W. Herberger V.P., Security Solutions
DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH
DDoS Protector Block Denial of Service attacks within seconds Simon Yu Senior Security Consultant CISSP-ISSAP, MBCS, CEH 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationInformation Security Adaption: Survival In An Evolving Threat Landscape. Carl Herberger VP, Security Solutions, Radware
Information Security Adaption: Survival In An Evolving Threat Landscape Carl Herberger VP, Security Solutions, Radware The Evolving Threat Landscape Anatomy of an Attack Securing Tomorrow s Perimeter The
More informationSam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF
Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF Who am I? Sam Pickles Senior Engineer for F5 Networks WAF Specialist and general security type Why am I here? We get to see the pointy end of a lot of
More informationSecuring Online Businesses Against SSL-based DDoS Attacks. Whitepaper
Securing Online Businesses Against SSL-based DDoS Attacks Whitepaper Table of Contents Introduction......3 Encrypted DoS Attacks...3 Out-of-path Deployment ( Private Scrubbing Centers)...4 In-line Deployment...6
More informationDoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors
DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors 1 Table of Content Preamble...3 About Radware s DefensePro... 3 About Radware s Emergency Response Team
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More informationCisco Firepower with Radware DDoS Mitigation
Cisco Firepower with Radware DDoS Mitigation Business Decision Maker Presentation Eric Grubel VP Business development, Radware February 2017 DDoS in the news French hosting firm flooded with 1 Tbps traffic
More informationA Survey of Defense Mechanisms Against DDoS Flooding A
DDoS Defense: Scope And A Survey of Defense Mechanisms Against DDoS Flooding Attacks IIT Kanpur IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 15, NO. 4, FOURTH QUARTER 2013 DDoS Defense: Scope And Outline
More informationDoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action
DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action 1 Table of Content Preamble...3 About Radware s DefensePro... 3 About Radware s Emergency Response
More informationRadware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
SHARE THIS WHITEPAPER Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Understanding the Threat
More informationhaltdos - Web Application Firewall
haltdos - DATASHEET Delivering best-in-class protection for modern enterprise Protect your website against OWASP top-10 & Zero-day vulnerabilities, DDoS attacks, and more... Complete Attack Protection
More informationYuri Gushin & Alex Behar
Yuri Gushin & Alex Behar Ø Introduction Ø DoS Attacks overview & evolution Ø DoS Protection Technology Ø Operational mode Ø Detection Ø Mitigation Ø Performance Ø Wikileaks (LOIC) attack tool analysis
More informationCyber War Chronicles Stories from the Virtual Trenches
Cyber War Chronicles Stories from the Virtual Trenches Ron Winward Security Evangelist Radware, Inc. March 17, 2016 Background on the Radware Report Key Cyber Attack Trends for 2015-2016 Case Study: Look
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationFighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See
Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See Louis Scialabba Carrier Solutions Marketing Nov 2015 November 16, 2015 Topics What s New in Cybersecurity
More informationHerding Cats. Carl Brothers, F5 Field Systems Engineer
Herding Cats Carl Brothers, F5 Field Systems Engineer Agenda Introductions Security is easy, right Trivia Protecting your apps, one layer at a time How to survive an Attack Time permitting F5 Networks,
More informationEnterprise D/DoS Mitigation Solution offering
Enterprise D/DoS Mitigation Solution offering About the Domain TCS Enterprise Security and Risk Management (ESRM) offers full services play in security with integrated security solutions. ESRM s solution
More informationF5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe
F5 comprehensive protection against application attacks Jakub Sumpich Territory Manager Eastern Europe j.sumpich@f5.com Evolving Security Threat Landscape cookie tampering Identity Extraction DNS Cache
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationInternational Journal of Scientific & Engineering Research, Volume 7, Issue 12, December ISSN
International Journal of Scientific & Engineering Research, Volume 7, Issue 12, December-2016 360 A Review: Denial of Service and Distributed Denial of Service attack Sandeep Kaur Department of Computer
More informationMulti-vector DDOS Attacks
Multi-vector DDOS Attacks Detection and Mitigation Paul Mazzucco Chief Security Officer August 2015 Key Reasons for Cyber Attacks Money and more money Large number of groups From unskilled to advanced
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationCyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA
Cyber Attacks and Application - Motivation, Methods and Mitigation Alfredo Vistola a.vistola@f5.com Solution Architect Security, EMEA Attacks are Moving Up the Stack Network Threats Application Threats
More informationDDoS MITIGATION BEST PRACTICES
DDoS MITIGATION BEST PRACTICES DDoS ATTACKS ARE INCREASING EXPONENTIALLY Organizations are becoming increasingly aware of the threat that Distributed Denial of Service (DDoS) attacks can pose. According
More informationChapter 10: Denial-of-Services
Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 3 3RD QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q3 2017 4 DDoS
More informationINTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
INTRODUCTION: DDOS ATTACKS 1 DDOS ATTACKS Though Denial of Service (DoS) and Distributed Denial of Service (DDoS) have been common attack techniques used by malicious actors for some time now, organizations
More informationResources and Credits. Definition. Symptoms. Denial of Service 3/3/2010 COMP Information on Denial of Service attacks can
Resources and Credits Denial of Service COMP620 Information on Denial of Service attacks can be found on Wikipedia. Graphics and some text in these slides was taken from the Wikipedia site The textbook
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationWhy IPS Devices and Firewalls Fail to Stop DDoS Threats
Arbor White Paper Why IPS Devices and Firewalls Fail to Stop DDoS Threats How to Protect Your Data Center s Availability About Arbor Networks Arbor Networks, Inc. is a leading provider of network security
More informationIt s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security
It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security Pavel Minařík, Chief Technology Officer Neutral Peering Days 2018, The Hague Your customers depend on your
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationDenial of Service. Denial of Service. A metaphor: Denial-of-Dinner Attack. DDoS over the years. Ozalp Babaoglu
Denial of Service Denial of Service Ozalp Babaoglu Availability refers to the ability to use a desired information resource or service A Denial of Service attack is an attempt to make that information
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationCybersecurity. Anna Chan, Marketing Director, Akamai Technologies
Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile Business devices and Continuity data collection. & Cybersecurity Anna Chan, Marketing Director,
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationChapter 7. Denial of Service Attacks
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU),
More informationIoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense
IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense DDoS Attacks Increasing in Size, Frequency & Complexity Arbor Networks WISR XII Largest attack
More informationIxLoad-Attack TM : Network Security Testing
IxLoad-Attack TM : Network Security Testing IxLoad-Attack tests network security appliances to validate that they effectively and accurately block attacks while delivering high end-user quality of experience
More informationWHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks
WHITE PAPER 2017 DDoS of Things SURVIVAL GUIDE Proven DDoS Defense in the New Era of 1 Tbps Attacks Table of Contents Cyclical Threat Trends...3 Where Threat Actors Target Your Business...4 Network Layer
More informationIntegrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution
Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution (Layer 3/4 and Layer 7) Delivering best-in-class network and web application security to the modern enterprise
More informationJPCERT/CC Incident Handling Report [January 1, March 31, 2018]
JPCERT-IR-2018-01 Issued: 2018-04-12 JPCERT/CC Incident Handling Report [January 1, 2018 - March 31, 2018] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationThe Barracuda Web Application Firewall Versus Anonymous. Best Practices for Planning and Defending Against Attacks by Anonymous.
The Barracuda Web Application Firewall Versus Anonymous Best Practices for Planning and Defending Against Attacks by Anonymous White Paper The security analysts at Barracuda Central have been continuously
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationCheck Point DDoS Protector Simple and Easy Mitigation
Check Point DDoS Protector Simple and Easy Mitigation Jani Ekman janie@checkpoint.com Sales Engineer DDoS Protector 1 (D)DoS Attacks 2 3 4 DDoS Protector Behavioral DoS Protection Summary 2 What is an
More informationDenial of Service. Denial of Service. A metaphor: Denial-of-Dinner Attack. DDoS over the years. Ozalp Babaoglu
Denial of Service Denial of Service Ozalp Babaoglu Availability refers to the ability to use a desired information resource or service A Denial of Service attack is an attempt to make that information
More informationExit from Hell? Reducing the Impact of Amplification DDoS Attacks Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz
Exit from Hell? Reducing the Impact of Amplification DDoS Attacks Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz Presented By : Richie Noble Distributed Denial-of-Service (DDoS) Attacks
More informationA custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74
Analysis of the Global Distributed Denial of Service (DDoS) Mitigation Market Abridged Version Rise of the DDoS Attack Spurs Demand for Comprehensive Solutions A custom excerpt from Frost & Sullivan s
More informationWe b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)
We b Ap p A t ac ks U ser / Iden tity 33% 53% Apps And Identities Initial Targets In 86% Of Breaches P hysi ca l 11% Other (VPN, PoS,infra.) 3% Fix vulnerabilities Stop web attacks Risk & compliance What
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationNISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks
NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks Background This NISCC technical note is intended to provide information to enable organisations in the UK s Critical
More information2011 Global Application
20 11 Global Application & Network Security Report 2011 Global Application & Network Security Report Smart Network. Smart Business. Table of Contents 01 02 03 Executive Summary» Most important findings
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationWEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING
WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING A STRONG PARTNER COMPANY Link11 - longstanding security experience Link11 is a European IT security provider, headquartered in Frankfurt, Germany
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationDDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT
DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT SEPTEMBER 2014 COMMISSIONED BY: Contents Contents... 2 Introduction... 3 About the Survey and Respondents... 3 The Current State
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More informationSilverline DDoS Protection. Filip Verlaeckt
Silverline DDoS Protection Filip Verlaeckt f.verlaeckt@f5.com The evolution of attackers September 1996 First high profile DDoS attack. NY ISP Panix.com that was nearly put out of business. January 2008
More information2015 DDoS Attack Trends and 2016 Outlook
CDNetworks 2015 DDoS Attack Trends and 2016 Outlook 2016, January CDNetworks Security Service Team Table of Contents 1. Introduction... 3 2. Outline... 3 3. DDoS attack trends... 4 4. DDoS attack outlook
More informationThe Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering
The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationDDoS Detection&Mitigation: Radware Solution
DDoS Detection&Mitigation: Radware Solution Igor Urosevic Head of Technical Department SEE CCIE #26391 Ingram Micro Inc. 1 Agenda DDoS attack overview Main point of failures Key challenges today DDoS protection
More informationAnti-DDoS. FAQs. Issue 11 Date HUAWEI TECHNOLOGIES CO., LTD.
Issue 11 Date 2018-05-28 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2019. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any
More informationThe Barracuda Web Application Firewall Versus Anonymous. Best Practices for Planning and Defending Against Attacks by Anonymous.
The Barracuda Web Application Firewall Versus Anonymous Best Practices for Planning and Defending Against Attacks by Anonymous White Paper The security analysts at Barracuda Central have been continuously
More informationComprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline
Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline PRESENTED BY: RICH BIBLE, EMEA SILVERLINE SA November 22, 2018 1 2018 F5 NETWORKS DDoS and Application Attack
More informationArbor Solution Brief Arbor Cloud for Enterprises
Arbor Solution Brief Arbor Cloud for Enterprises Integrated DDoS Protection from the Enterprise to the Cloud About Arbor Networks Arbor Networks Inc., the cyber security division of NETSCOUT, helps secure
More informationImma Chargin Mah Lazer
Imma Chargin Mah Lazer How to protect against (D)DoS attacks Oliver Matula omatula@ernw.de #2 Denial of Service (DoS) Outline Why is (D)DoS protection important? Infamous attacks of the past What types
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationRethinking Perimeter Security: New Threats Require Real-Time Protection A DefensePro Technology Paper By Avi Chesla - VP, Security & Management
Rethinking Perimeter Security: New Threats Require Real-Time Protection A DefensePro Technology Paper By Avi Chesla - VP, Security & Management Products Table of Content Introduction... 3 Market History...
More informationProtecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution
Protecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution Today's security threats increasingly involve application-layer DDoS attacks mounted by organized groups of attackers
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 18: Network Attacks Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Network attacks denial-of-service (DoS) attacks SYN
More informationThe Protocols that run the Internet
The Protocols that run the Internet Attack types in the Internet Seminarvortrag Sommersemester 2003 Jens Gerken Content Internet Attacks Introduction Network Service Attacks Distributed Denial of Service
More informationDDoS: Coordinated Attacks Analysis
DDoS: Coordinated Attacks Analysis This article will cover some concepts about a well-known attack named DDoS (Distributed Denial-of-Service) with some lab demonstrations as a Proof of Concept with countermeasures.
More informationSecure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect
Secure your Web Applications with AWS WAF & AWS Shield James Chiang ( 蔣宗恩 ) AWS Solution Architect www.cloudsec.com What to expect from this session Types of Threats AWS Shield AWS WAF DEMO Real World
More informationSHARE THIS WHITEPAPER. Attack Mitigation Service Fully Managed Hybrid (Premise & Cloud) Cyber-Attack Mitigation Solution - Whitepaper
SHARE THIS WHITEPAPER Attack Mitigation Service Fully Managed Hybrid (Premise & Cloud) Cyber-Attack Mitigation Solution - Whitepaper Tamle of Contents Abstract... 3 Recent Worldwide Regulatory Efforts...
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 1 1ST QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2017 4 DDoS
More informationFundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code
Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code Learning Objective Explain the importance of network principles and architecture
More informationHOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK
From the Security Experts at Corero Network Security HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK Be Proactive, Not Reactive STEP-BY-STEP GUIDE The Rise of Ransom-Driven DDoS Attacks Ransom-related Denial
More informationMultidimensional Investigation of Source Port 0 Probing
DIGITAL FORENSIC RESEARCH CONFERENCE Multidimensional Investigation of Source Port 0 Probing By Elias Bou-Harb, Nour-Eddine Lakhdari, Hamad Binsalleeh and Mourad Debbabi Presented At The Digital Forensic
More informationConfiguring Flood Protection
Configuring Flood Protection NOTE: Control Plane flood protection is located on the Firewall Settings > Advanced Settings page. TIP: You must click Accept to activate any settings you select. The Firewall
More informationCloudflare Advanced DDoS Protection
Cloudflare Advanced DDoS Protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationTechnical White Paper June 2016
TLP:WHITE! Technical White Paper June 2016 GuidetoDDoSAttacks! Authored)by:) Lee)Myers,)Senior)Manager)of)Security)Operations) Christopher)Cooley,)Cyber)Intelligence)Analyst) This MultiCState Information
More informationAKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.
CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE. Threat > The number and size of cyberattacks are increasing rapidly Website availability and rapid performance are critical factors in determining the success
More informationFregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G
Fregata DDoS Mitigation Solution Technical Specifications & Datasheet 1G-5G Amidst fierce competition, your business cannot afford to slow down With HaltDos, you don t have to sacrifice productivity and
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationNIP6000 Next-Generation Intrusion Prevention System
NIP6000 Next-Generation Intrusion Prevention System Thanks to the development of the cloud and mobile computing technologies, many enterprises currently allow their employees to use smart devices, such
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationTrends in Denial of Service Attack Technology -or Oh, please, they aren t smart enough to do that
Trends in Denial of Service Attack Technology -or Oh, please, they aren t smart enough to do that Presentation to CERT-Polska November 2001 Rob Thomas, robt@cymru.com Credit Where Credit is Due! Presentation
More informationDDoS Introduction. We see things others can t. Pablo Grande.
DDoS Introduction We see things others can t Pablo Grande pgrande@arbor.net DoS & DDoS. Unavailability! Interruption! Denial of Service (DoS) attack is an attempt to make a machine or network resource
More informationI D C T E C H N O L O G Y S P O T L I G H T
I D C T E C H N O L O G Y S P O T L I G H T Optimizing DDoS Mitigation Using H yb r i d Ap p r o a c h e s March 2015 Adapted from Worldwide DDoS Prevention Products and Services 2013 2017 Forecast by
More information