Advanced Attack Response and Mitigation
|
|
- Gervais Woods
- 6 years ago
- Views:
Transcription
1 Advanced Attack Response and Mitigation
2 Agenda Overview of cloud DDoS detection and mitigation which features geographically diverse scrubbing and high velocity auto-mitigation capabilities. - Overview - Architecture & Deployment - Trends - Auto-mitigation Approach
3 Overview
4 CRS-8 CRS-1 CRS-8 CRS-1 CRS-1 CRS-8 CRS- 8 CRS-1 CRS-8 CRS-1 CRS-1 CRS-8 CRS-8 CRS-1 CRS-8 CRS-8 CRS-8 CRS-8 CRS-1 CRS-8 CRS-1 CRS-8 9 Total CRANs INTERNET CRAN Seattle L HFC CONTENT PROVIDERS TELCOs Portland L Eugene L San Jose L 4 Reith L Tionesta Sacramento L Bakersfield Los Angles L 4 Boise L Edison Odgen L Denver QWEST Tucson Stratford L Omaha L Centerview L St. Louis L Chicago L Omaha L Denver L Indianapolis L Rocky Ford Louisville Nashville L Little Rock Detroit L Cleveland L Pittsburg L Raleigh 5 4 Atlanta L Charlotte Toronto L Montreal L Philadelphia L CRAN McLean L New York L Boston L NODE HFC Commercial CRS-8 Dallas L MSOs Santa Teresa L CRAN 1 Orlando Miami L NODE HFC MDUs HFC Residential Third Party National / Global Metro Access CP
5 Considerations Do we need this? Are we under attack? Why don t we ask them to stop? More harm than good? Who s responsible? Ambiguity around response Do we have capability to take specific action for impacted customers? What types of actions should be taken (with and without authorization)? How do we strike the balance between risk mitigation and availability? Overall DDoS needs to be evaluated Historically, such events or traffic simply got blocked or shut down Today, such events get detected or escalated; mitigation not easy Slightly easier on the Residential side (tolerance for service outage)
6 Solution Detection Architecture Heavily reliant on Netflow for traffic analysis Leverage flow replication to redistribute Netflow to appropriate tools for analysis Monitor DDoS Host Detection for the entire footprint X-services and beyond (Xfinity) Mitigation Architecture Auto vs. Manual Real-Time Blackhole (RTBH) to drop DDoS by either source or destination Sinkhole - cloud based DDoS solution: BGP off-ramping for surgical mitigation. It also includes packet sniffing and analysis Ability to mitigate DDoS attacks for any customers residing on Comcast networks
7 Architecture
8 Peer Peer CR/PE CR/PE CMC Comcast Backbone AS79 CH Multi-hop ebgp CR/PE CR/PE CR/PE Multi-hop ebgp BHS01 AR AR AR BHS0 Region Sub-AS 65xxx+1 Region Sub-AS 65xxx+n-1 Region Sub-AS 65xxx+n
9 Backbone (55 routers/1156 interfaces) 819 Sampled All IBONE routers Service Delivery (80 routers/40k interfaces) 819 Sampled All AR routers National Data Center (15 routers/k interfaces) 18 Sampled Layer 7 application visibility (flow sensor) Enterprise (471 routers/4k interfaces) 18 Sampled Layer 7 application visibility with (flow sensor)
10 UI Controller Platform HA Scrubbing 18 x Collector Appliances 8 x Flow Sensors 10 Router Capacity 16 of 10 routers 74,050 of 50,000 interfaces 607 of 1000 MOs.M BGP routes of 610M IPv6 capable *PI for High Availability
11 1 1 San Jose, CA Scrubbing NYC, NY Atlanta, GA Chicago, IL CRAN P E Customer Los Angeles, CA Ashburn, VA CRAN Customer P E Threat Center Threat Center Core P E CRAN Customer Core CRAN Threat Center Detection Core Threat Center P E Core Comcast Backbone Core Customer CRAN Threat Center P E Core Threat Center P E CRAN Customer Customer
12 Trends
13 Attack Protocol Distribution Majority is Volumetric or Flood Attacks Large botnets or spoofed IP to generate a lot of traffic bps or pps 99% is UDP-based floods from spoofed IP take advantage of connection less UDP protocol Take out the infrastructure capacity routers, switches, servers, links
14 Common DDoS Attacks Universal Plug and Play (SSDP 1900) Network Time Protocol (NTP 1) Simple Network Management Protocol (SNMP 161) Chargen (19) ICMP Flood (0)
15 Common DDoS Attacks HTTP over UDP (80, 44, 8080, 8081, etc) DNS (5) Xbox (074) UDP Fragmentation Based Attacks (0) TCP Syn Flood (very small)
16 ASN Attack Detail
17 Attack Size Large SSDP (UDP 1900) attacks over 100G observed in May 014 Large DNS attack closed to 00G observed in March 015
18 Typical Month September Attacks: 10,000 or more Attacks >100Gbps: 97, a 746% increase in this reporting period Cases Mitigated: 8,151 - over 0+ Trillion Packets Scrubbed Commericial Cases: 44% of mitigated attacks were for Commercial (BCS) users
19 Global Benchmarks Comcast attack size distribution very different to world-wide Much higher percentage of events over 1Gb/sec o 1.1% v s 48.8% in Q1 o 15.% v s 50.1% in Q Much higher proportions of events over 10Gb/sec o o 1.76% v s 5.56% in Q1 0.9% v s 4.49% in Q World 014 Q Size Break-Out, BPS <500Mbps >500Mbps<1Gbps >1<Gbps ><5Gbps Comcast 014 Q Size Break-Out, BPS <500Mbps >500Mbps<1Gbps >1<Gbps ><5Gbps
20 Auto-Mitigation
21 Anomaly Types Misuse Anomalies Traffic of a certain type directed towards an individual hosts that exceeds what should normally be seen on a network Profiled Anomalies Customized detection event tailored to specific conditions within Fingerprints.0 Fingerprints received via ATF, FSA, or traffic that match a user specified signature
22 Alert Generation 1. Detection Real time discovery of deviant traffic Traffic that deviates from acceptable Internet use (Misuse) Traffic exceeding normal levels for a resource (Profiled) Traffic that matches user specified threat patterns (Fingerprint). Classification Sets a level of importance to detected anomalies Misuse Based on static thresholds Profiled Based on auto classification or administrator configured high severity traffic rates Helps determine what anomalies to give precedence Three classification levels: High severity (Red) Medium Severity (Orange) Low Severity (Green) Once an alert has been detected and classified, its severity can only go up
23 Looking Ahead Looking at VRF as an option for onramp/reinjection the traffic IPv4/IPv6 transparent routing and mitigation Using VRF where you can, avoid GRE if you could Ease the pain of the high maintenance in GRE Possible leverage BGP dynamic route leaking feature or MPLS VPN to import routes from global/default (dirty) VRF routing table to non-default (clean) VRF routing table
24 Lessons Learned Know your monitoring Trust your tools and telemetry Test often Not all vendors are created equal Track everything and kill what you need to
Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER
Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER Overview DDoS Evolution Typical Reactive/Proactive Mitigation Challenges and Obstacles BGP Flowspec Automated Flowspec Mitigation 2 DDoS Evolution
More informationsnoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection
Snoc DDoS Protection Fast Secure Cost effective sales@.co.th www..co.th securenoc Introduction Snoc 3.0 Snoc DDoS Protection provides organizations with comprehensive protection against the most challenging
More informationDDoS Protection in Backbone Networks
DDoS Protection in Backbone Networks The Czech Way Pavel Minarik, Chief Technology Officer Holland Strikes Back, 3 rd Oct 2017 Backbone DDoS protection Backbone protection is specific High number of up-links,
More informationClean Pipe Solution 2.0
Clean Pipes 2.0 1 Clean Pipe Solution 2.0 Executive Summary...3 Best Current Practices...5 Network Infrastructure BCPs...5 Host Based BCPs...5 Dedicated DDoS BCPs...6 Cisco Clean Pipes Solution Overview...6
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 3 3RD QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q3 2017 4 DDoS
More informationA10 DDOS PROTECTION CLOUD
DATA SHEET A10 DDOS PROTECTION CLOUD A10 Networks provides full spectrum DDoS defenses. This includes multi-vector protection from attacks of any type to ensure the availability of enterprise business
More informationDDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch)
DDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch) Pavel Minarik, Chief Technology Officer SwiNOG meeting, 9 th Nov 2017 Backbone DDoS protection Backbone protection
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 4 4TH QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q4 2017 4 DDoS
More informationFlow-based Traffic Visibility
Flow-based Traffic Visibility Operations, Performance, Security Pavel Minařík, Chief Technology Officer What is Flow Data? Modern method for network monitoring flow measurement Cisco standard NetFlow v5/v9,
More informationDDoS Detection&Mitigation: Radware Solution
DDoS Detection&Mitigation: Radware Solution Igor Urosevic Head of Technical Department SEE CCIE #26391 Ingram Micro Inc. 1 Agenda DDoS attack overview Main point of failures Key challenges today DDoS protection
More informationOne Planet. One Network. Infinite Possibilities.
One Planet. One Network. Infinite Possibilities. IPv6 in the Global Crossing IP Network May 26, 2005 Ed Bursk, Vice President Government Global Crossing Overview Global Crossing was founded seven years
More informationDDoS Mitigation & Case Study Ministry of Finance
DDoS Mitigation Service @Belnet & Case Study Ministry of Finance Julien Dandoy, FODFin Technical Architect Grégory Degueldre, Belnet Network Architect Agenda DDoS : Definition and types DDoS Mitigation
More informationArbor WISR XII The Stakes Have Changed. Julio Arruda V1.0
Arbor WISR XII The Stakes Have Changed Julio Arruda V1.0 Overview This presentation provides a quick view of the ATLAS collected information for the year of 2016, then focus in Latin America targeted DDoS,
More informationState of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager
State of the Internet Security Q2 2017 Mihnea-Costin Grigore Security Technical Project Manager Topics 1. Introduction 2. DDoS Attack Trends 3. Web Application Attack Trends 4. Spotlights 5. Resources
More informationIt s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security
It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security Pavel Minařík, Chief Technology Officer Neutral Peering Days 2018, The Hague Your customers depend on your
More informationLeverage the power of the cloud without the security worry. Private Connectivity to Your Cloud Applications with EarthLink Cloud Express
SOLUTION WHITE PAPER Leverage the power of the cloud without the security worry. Private Connectivity to Your Cloud Applications with EarthLink Cloud Express www.earthlink.com November 2015 Private connections
More informationWhat is SD-WAN? Presented by:
What is SD-WAN? Presented by: Who is IPM? IT Consulting Firm based in NYC Team of professionals with experience in many verticals including legal, healthcare, finance and more Providing IT solutions for
More informationNetwork Security Monitoring with Flow Data
Network Security Monitoring with Flow Data IT Monitoring in Enterprises NPMD (Network Performance Monitoring & Diagnostics) SNMP basics Flow data for advanced analysis and troubleshooting Packet capture
More informationImma Chargin Mah Lazer
Imma Chargin Mah Lazer How to protect against (D)DoS attacks Oliver Matula omatula@ernw.de #2 Denial of Service (DoS) Outline Why is (D)DoS protection important? Infamous attacks of the past What types
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 5, ISSUE 1 1ST QUARTER 2018 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2018 4 DDoS
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More informationArbor s Peakflow Solution
Arbor s Peakflow Solution Eduardo Maffessoni Consulting Engineer - Instructor CURIOSIDADES DE POSSUIR VISIBILIDADE 3 Tráfego na cidade do RJ durante as Olimpiadas, subiu ~50% 4 Tráfego total NETFLIX Brasil,
More informationPROVIDING SECURE INTERNET SERVICES ARBOR TMS INTEGRATION
PROVIDING SECURE INTERNET SERVICES ARBOR TMS INTEGRATION HANNU AHOLA, ALCATEL-LUCENT September 16 th, 2011 AGENDA 1. Introduction 2. Arbor solution overview 3. Integrated threat mitigation 4. Use cases
More informationTDC DoS Protection Service Description and Special Terms
TDC DoS Protection Service Description and Special Terms Table of contents 1 Purpose of this Product-Specific Appendix... 3 2 Service description... 3 2.1 Attack detection... 3 2.1.1 Managed Objects...
More informationINTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
INTRODUCTION: DDOS ATTACKS 1 DDOS ATTACKS Though Denial of Service (DoS) and Distributed Denial of Service (DDoS) have been common attack techniques used by malicious actors for some time now, organizations
More informationCisco ASR 9000 vddos Protection Solution
White Paper Cisco ASR 9000 vddos Protection Solution Last Updated: 5/8/2015 What You Will Learn Cisco and Arbor Networks have collaborated to bring industry-leading distributed denial-of-service mitigation
More informationThe IBM Platform Computing HPC Cloud Service. Solution Overview
The IBM Platform Computing HPC Cloud Service Solution Overview Industry-leading workload management 20 years managing distributed scale-out systems with 2000+ customers in many industries High performance
More informationSecurity by BGP 101 Building distributed, BGP-based security system
Security by BGP 101 Building distributed, BGP-based security system Łukasz Bromirski lukasz@bromirski.net May 2017, CERT EE meeting Roadmap for the session BGP as security mechanism BGP blackholing project
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 5, ISSUE 2 2ND QUARTER 2018 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q2 2018 4 DDoS
More informationInternet2 DDoS Mitigation Update
Internet2 DDoS Mitigation Update Nick Lewis, Program Manager - Security and Identity, Internet2 Karl Newell, Cyberinfrastructure Security Engineer, Internet2 2016 Internet2 Let s start with questions!
More informationWEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING
WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING A STRONG PARTNER COMPANY Link11 - longstanding security experience Link11 is a European IT security provider, headquartered in Frankfurt, Germany
More informationFighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See
Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See Louis Scialabba Carrier Solutions Marketing Nov 2015 November 16, 2015 Topics What s New in Cybersecurity
More informationGlobal DDoS Measurements. Jose Nazario, Ph.D. NSF CyberTrust Workshop
Global DDoS Measurements Jose Nazario, Ph.D. jose@arbor.net NSF CyberTrust Workshop Quick Outline, Conclusions o Measurements - We re screwed o Observations - We know who o The wrong approach: point solutions
More informationCLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS
CLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS A STRONG PARTNER OUR PORTFOLIO COMPANY Expand your own portfolio with an IT security expert that has redefined DDoS protection from the cloud. Link11 is
More informationSilverline DDoS Protection. Filip Verlaeckt
Silverline DDoS Protection Filip Verlaeckt f.verlaeckt@f5.com The evolution of attackers September 1996 First high profile DDoS attack. NY ISP Panix.com that was nearly put out of business. January 2008
More informationGARR customer triggered blackholing
GARR customer triggered blackholing Silvia d Ambrosio, Nino Ciurleo Introduction From discussions with the GARR working group on "contrast to DDoS", we understood the importance of a collaboration between
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationFortiDDoS Deployment Guide for Cloud Signaling with Verisign OpenHybrid
FortiDDoS Deployment Guide for Cloud Signaling with Verisign OpenHybrid FORTINET DOCUMENT LIBRARY http://docs.fortinet.com FORTINET VIDEO GUIDE http://video.fortinet.com FORTINET BLOG https://blog.fortinet.com
More informationAn Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks
An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks abulletti@arbor.net Topics Covered The DDOS cyber threat and impacts Cyprus attacks trend in
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 1 1ST QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2017 4 DDoS
More informationddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks
ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks 2 WHAT IS A DDOS-ATTACK AND WHY ARE THEY DANGEROUS? Today's global network is a dynamically developing
More informationThe Value of Content at the Edge
The Value of Content at the Edge Executive Summary The way we use the Internet has changed, and the result has been exploding traffic growth that is projected to increase at a 30 to 50 percent compound
More informationFree or Reduced Air from Select Gateways for 1st & 2nd guest on reservation
UPDATED AS OF OCTOBER 9, 2018 Free or Reduced Air from Select Gateways for 1st & 2nd guest on reservation Booking Window: 10/3/18-10/31/18 11:59pm EST Offer Valid on Select Sailings & Categories See Terms
More informationEFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE
SOLUTION BRIEF EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE Building effective, affordable and scalable DDoS defense, then monetizing investments with value added scrubbing
More informationIncrease uptime with a faster, more reliable, connection
FIXED WIRELESS SELLING GUIDE Key takeaways It s survivable: you ll see improved uptime and redundancy Increase uptime with a faster, more reliable, connection It s cost-efficient: you can specify, and
More informationAttack Fingerprint Sharing: The Need for Automation of Inter-Domain Information Sharing
Attack Fingerprint Sharing: The Need for Automation of Inter-Domain Information Sharing RIPE 50 Stockholm, Sweden Danny McPherson danny@arbor.net May 3, 2005 Agenda What s a bot and what s it used for?
More informationF5 DDoS Hybrid Defender : Setup. Version
F5 DDoS Hybrid Defender : Setup Version 13.1.0.3 Table of Contents Table of Contents Introducing DDoS Hybrid Defender... 5 Introduction to DDoS Hybrid Defender...5 DDoS deployments... 5 Example DDoS Hybrid
More informationDDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT
DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT 01. EXECUTIVE SUMMARY This report summarizes recent research on distributed denial of service (DDoS) attacks, which looks at data collated recently and
More informationGrow Your Business & Expand Your Service Offerings
Grow Your Business & Expand Your Service Offerings White Label Cloud PRIVATE LABEL HOSTING SOLUTIONS FOR MSP PARTNERS CREATE NEW MONTHLY RECURRING REVENUE Becoming a White Label Cloud Partner allows you
More informationAndrisoft Wanguard. On-premise anti-ddos solution. Carrier-grade DDoS detection and mitigation software. Product Data Sheet Wanguard 6.
Carrier-grade DDoS detection and mitigation software Andrisoft Wanguard On-premise anti-ddos solution Andrisoft Wanguard is enterprise-grade software that delivers to NOC, IT and Security teams the functionality
More informationExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you
ExamTorrent http://www.examtorrent.com Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you Exam : NSE7_EFW Title : NSE7 Enterprise Firewall - FortiOS 5.4 Vendor : Fortinet
More informationQTS IS ABOUT CONNECTING YOU
QTS IS ABOUT CONNECTING YOU Where you need it, When you need it, How you need it. MORE THAN DATA SOLUTIONS. DATA SOLVED. QTS recognizes that robust,you need it, carrier-neutral connectivity is a key component
More informationOSSIR. 8 Novembre 2005
OSSIR 8 Novembre 2005 Arbor Networks: Security Industry Leader Arbor s Peakflow products ensure the security and operational integrity of the world s most critical networks Solid Financial Base Sales have
More informationFloCon Netflow Collection and Analysis at a Tier 1 Internet Peering Point. San Diego, CA. Fred Stringer
10 January 2017 FloCon 2017 San Diego, CA Netflow Collection and Analysis at a Tier 1 Internet Peering Point Fred Stringer AT&T Chief Security Organization Systems Engineer/Network Architect AT&T Intellectual
More informationBrocade Flow Optimizer
DATA SHEET Brocade Flow Optimizer Highlights Helps improve business agility by streamlining network operations via policy-driven visibility and control of network flows Provides distributed attack mitigation
More informationCybersecurity. Anna Chan, Marketing Director, Akamai Technologies
Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile Business devices and Continuity data collection. & Cybersecurity Anna Chan, Marketing Director,
More informationMinimizing Collateral Damage by Proactive Surge Protection
Minimizing Collateral Damage by Proactive Surge Protection Jerry Chou, Bill Lin University of California, San Diego Subhabrata Sen, Oliver Spatscheck AT&T Labs-Research ACM SIGCOMM LSAD Workshop, Kyoto,
More informationAWS Direct Connect Deep Dive
AWS Direct Connect Deep Dive Steve Seymour Principal Specialist Solutions Architect, AWS @sseymour What is AWS Direct Connect? AWS Direct Connect Dedicated, private connection into AWS Create private (VPC)
More informationModeling Internet Application Traffic for Network Planning and Provisioning. Takafumi Chujo Fujistu Laboratories of America, Inc.
Modeling Internet Application Traffic for Network Planning and Provisioning Takafumi Chujo Fujistu Laboratories of America, Inc. Traffic mix on converged IP networks IP TRAFFIC MIX - P2P SCENARIO IP TRAFFIC
More informationComputer Networks: Lab 3 Traceroute and IP Luca Bedogni
Computer Networks: Lab 3 Traceroute and IP Luca Bedogni Department of Computer Science and Engineering University of Bologna A brief introduction We will leverage the traceroute utility It traces the route
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationThunder TPS. Overview. A10 Networks, Inc.
Thunder TPS Overview DDoS in the News Q1 2013 Q3/4 2014 Q1 2015 Q1 2015 Spamhaus A dispute with CyberBunker resulted in 300 Gbpsattack Sony PSN Lizard Squad takes out gaming networks during Xmas break
More informationDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP Infrastructures Tim Dijkhuizen Lennart van Gijtenbeek Supervisor: Stavros Konstantaras (AMS-IX) SNE: Research Project II 03-07-2018 Introduction Distributed Denial of Service
More informationRouting Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security
Routing Security DDoS and Route Hijacks Merike Kaeo CEO, Double Shot Security merike@doubleshotsecurity.com DISCUSSION POINTS Understanding The Growing Complexity DDoS Attack Trends Packet Filters and
More informationData Sheet. DPtech Anti-DDoS Series. Overview. Series
Data Sheet DPtech Anti-DDoS Series DPtech Anti-DDoS Series Overview DoS (Denial of Service) leverage various service requests to exhaust victims system resources, causing the victim to deny service to
More informationEnterprise QoS. Tim Chung Network Architect Google Corporate Network Operations March 3rd, 2010
Enterprise QoS Tim Chung Network Architect Google Corporate Network Operations March 3rd, 2010 Agenda Challenges Solutions Operations Best Practices Note: This talk pertains to Google enterprise network
More informationMunicipal Networks. Don Berryman. Executive Vice President & President, Municipal Networks
Municipal Networks Don Berryman Executive Vice President & President, Municipal Networks 1 Executive Summary EarthLink is the leader in this fast growing market Most feasible last mile technology Product
More information68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery.
PRESENTED BY: Credit Theft 68% DDoS 63% Web Fraud 50% Cross-site Scripting SQL Injection Clickjack Cross-site Request Forgery 25% 24% 20% 17% Other 2% F5 Ponemon Survey -Me East-West Traffic Flows App
More informationSecuring Online Businesses Against SSL-based DDoS Attacks. Whitepaper
Securing Online Businesses Against SSL-based DDoS Attacks Whitepaper Table of Contents Introduction......3 Encrypted DoS Attacks...3 Out-of-path Deployment ( Private Scrubbing Centers)...4 In-line Deployment...6
More informationOpenFlow: What s it Good for?
OpenFlow: What s it Good for? Apricot 2016 Pete Moyer pmoyer@brocade.com Principal Solutions Architect Agenda SDN & OpenFlow Refresher How we got here SDN/OF Deployment Examples Other practical use cases
More informationDriving Network Visibility
Flowmon Price List EUR Driving Network Visibility Flowmon Hardware Appliances... 2 Flowmon Virtual Appliances... 3 Flowmon Cloud... 3 Flowmon ADS Anomaly Detection System... 4 Flowmon DDoS Defender...
More informationDistributed Denial of Service (DDoS)
Global Leader in DDoS Mitigation Threat Report Distributed Denial of Service (DDoS) Threat Report Q1 2017 456 Montgomery Street, Suite 800 San Francisco, CA 94104 USA +1 415 299 8550 Contents 1. Methodology...................
More information2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015
2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks 9 th November 2015 AKAMAI SOLUTIONS WEB PERFORMANCE SOLUTIONS MEDIA DELIVERY SOLUTIONS CLOUD SECURITY SOLUTIONS CLOUD NETWORKING
More informationDisaster Recovery: Types of Hosting and How they Differ. April 9, 2014
Disaster Recovery: Types of Hosting and How they Differ April 9, 2014 Table of contents 1. Who is Digital Realty? 2. Definitions 3. Types of hosting for Disaster Recovery 4. Wholesale Colocation 5. Retail
More informationInsight Guide into Securing your Connectivity
Insight Guide I Securing your Connectivity Insight Guide into Securing your Connectivity Cyber Security threats are ever present in todays connected world. This guide will enable you to see some of the
More informationProlexic Attack Report Q4 2011
Prolexic Attack Report Q4 2011 Prolexic believes the nature of DDoS attacks are changing: they are becoming more concentrated and damaging. Packet-per-second volume is increasing dramatically, while attack
More informationSDN: Openflow & Internet2. Jon Hudson Global Solutions Architect June 2012
SDN: Openflow & Internet2 Jon Hudson Global Solutions Architect June 2012 Why is This so Difficult to Support Today? EXAMPLE: DATA CENTER NETWORK OFFERING MULTI-TENANT CLOUD VLANs ACLs QoS PVLANs Service
More informationWithstanding the Infinite: DDoS Defense in the Terabit Era
Withstanding the Infinite: DDoS Defense in the Terabit Era NANOG 74 October 2018 Steinthor Bjarnason ASERT Network Security Research Engineer sbjarnason@arbor.net 1 Agenda Global DDoS trends New DDoS attack
More informationIncrease Threat Detection & Incident Response
Martin Rudd Carrier Scale Network Security: Increase Threat Detection & Incident Response www.telesoft-technologies.com copyright 2017 by Telesoft Technologies. All rights reserved. Agenda Brief bio Threat
More informationFrom Zero Touch Provisioning to Secure Business Intent
From Zero Touch Provisioning to Secure Business Intent Flexible Orchestration with Silver Peak s EdgeConnect SD-WAN Solution From Zero Touch Provisioning to Secure Business Intent Flexible Orchestration
More informationplixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels
Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More informationDDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH
DDoS Protector Block Denial of Service attacks within seconds Simon Yu Senior Security Consultant CISSP-ISSAP, MBCS, CEH 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012
More informationDDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT
DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT SEPTEMBER 2014 COMMISSIONED BY: Contents Contents... 2 Introduction... 3 About the Survey and Respondents... 3 The Current State
More informationCheck Point DDoS Protector Simple and Easy Mitigation
Check Point DDoS Protector Simple and Easy Mitigation Jani Ekman janie@checkpoint.com Sales Engineer DDoS Protector 1 (D)DoS Attacks 2 3 4 DDoS Protector Behavioral DoS Protection Summary 2 What is an
More informationModular Policy Framework. Class Maps SECTION 4. Advanced Configuration
[ 59 ] Section 4: We have now covered the basic configuration and delved into AAA services on the ASA. In this section, we cover some of the more advanced features of the ASA that break it away from a
More informationBest Practices in Deploying Skype for Business Voice and Video for Office 365
Best Practices in Deploying Skype for Business Voice and Video for Office 365 Laura Marx Sr. Dir., Microsoft Marketing, Polycom Sherri Pipala Director Field Sales, Polycom Jose Mateo Microsoft Solution
More informationSummary Report. Prepared for: Refresh Date: 28 Oct :02
Prepared for: Selected Test: Test Type: Test Steps: 8 Dynatrace Mobile Demo Refresh Date: 28 Oct 2016 15:02 Time Period: Summary 259 Key Indicators Response Time (sec) Yesterday (27 Oct 2016 00:00 to 28
More informationIBM Proventia Network Anomaly Detection System
Providing enterprise network visibility and internal network protection IBM Proventia Network Anomaly Detection System Enhanced network intelligence and security for enterprise networks IBM Proventia Network
More informationInline DDoS Protection versus Scrubbing Center Solutions. Solution Brief
Inline DDoS Protection versus Scrubbing Center Solutions Solution Brief Contents 1 Scrubbing Center vs. Inline DDoS Inspection and Mitigation... 1 2 Scrubbing Center... 2 2.1 Scrubbing Center Architecture...
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationDDoS attack patterns across the APJ cloud market. Samuel Chen CCIE#9607 Enterprise Security Architect, Manager - APJ
DDoS attack patterns across the APJ cloud market Samuel Chen CCIE#9607 Enterprise Security Architect, Manager - APJ www.cloudsec.com/tw DDoS attacks from Q1 2014 to Q1 2016 Each dot represents an individual
More informationCCNA Security Official Cert Guide First Edition. Copyright 2015 Cisco Systems, Inc. ISBN-10: ISBN-13:
CCNA Security 210-260 Official Cert Guide First Edition Copyright 2015 Cisco Systems, Inc. ISBN-10: 1-58720-566-1 ISBN-13: 978-1-58720-566-8 Warning and Disclaimer Every effort has been made to make this
More informationThe State of Traffic Engineering - an ISP's Perspective
The State of Traffic Engineering - an ISP's Perspective NANOG 73 Andrew Gray Principal Engineer Charter Communications Advanced Engineering Andrew.Gray@charter.com DISCLAIMER This presentation carries
More informationIETF 81 World IPv6 Day Operators Review
IETF 81 World IPv6 Day Operators Review Hurricane Electric IPv6 Native Backbone Massive Peering! Enabled IPv6 Years Ago!! IETF 81 Quebec Canada 26 th July 2011 Martin J. Levy, Director IPv6 Strategy Hurricane
More informationListening to the Network: Leveraging Network Flow Telemetry for Security Applications Darren Anstee EMEA Solutions Architect
Listening to the Network: Leveraging Network Flow Telemetry for Security Applications Darren Anstee EMEA Solutions Architect Introduction Security has an increased focus from ALL businesses, whether they
More informationSBC Investor Update. Merrill Lynch Global Communications Investor Conference March 16, 2004
SBC Investor Update Merrill Lynch Global Communications Investor Conference March 16, 2004 Randall Stephenson Senior Executive Vice President and Chief Financial Officer Cautionary Language Concerning
More informationDDoS Managed Security Services Playbook
FIRST LINE OF DEFENSE DDoS Managed Security Services Playbook INTRODUCTION Distributed Denial of Service (DDoS) attacks are major threats to your network, your customers and your reputation. They can also
More informationCisco Intrusion Prevention Solutions
Cisco Intrusion Prevention Solutions Proactive Integrated, Collaborative, and Adaptive Network Protection Cisco Intrusion Prevention System (IPS) solutions accurately identify, classify, and stop malicious
More informationA peering perspective from a global CDN
A peering perspective from a global CDN Marty Strong GORE15-18th May 2015 - Madrid, Spain Agenda What is CloudFlare? Why do we peer? Where do we peer? Why Madrid? The EspanIX experience What would we like
More information