Internet2 DDoS Mitigation Update

Similar documents
A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Silverline DDoS Protection. Filip Verlaeckt

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager

Practical Guide to Choosing a DDoS Mitigation Service WHITEPAPER

Introduction to DDoS Attacks

CLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS

DDoS Mitigation & Case Study Ministry of Finance

Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.

Imma Chargin Mah Lazer

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

Downtime by DDoS: Taking an Integrated Multi-Layered Approach. Arbor Solution Brief

Multi-vector DDOS Attacks

DDoS Detection&Mitigation: Radware Solution

Cloudflare Advanced DDoS Protection

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Analisi degli attacchi DDOS e delle contromisure

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

AKAMAI CLOUD SECURITY SOLUTIONS

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

Imperva Incapsula Product Overview

Enterprise D/DoS Mitigation Solution offering

Cisco Firepower with Radware DDoS Mitigation

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

2020: Time to Shutdown DDoS?

Arbor WISR XII The Stakes Have Changed. Julio Arruda V1.0

SOTI SUMMER [state of the internet] / security ATTACK SPOTLIGHT

Comprehensive datacenter protection

Growing DDoS attacks what have we learned (29. June 2015)

F5 Warsaw SOC. Kamil Woniak. Security Operations Manager, F5 Networks

DDoS Protection in Backbone Networks

Arbor Solution Brief Arbor Cloud for Enterprises

WHITE PAPER Hybrid Approach to DDoS Mitigation

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

Arbor White Paper. DDoS: THE STAKES HAVE CHANGED. HAVE YOU? REVEALED: 3 dangerous myths about DDoS attacks

Security Whitepaper. DNS Resource Exhaustion

Incapsula Guide to Selecting a DDoS Solution WHITE PAPER

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

How Cloudflare s Architecture can Scale to Stop the Largest Attacks

ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks

Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER

Cyber War Chronicles Stories from the Virtual Trenches

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

A Survey of Defense Mechanisms Against DDoS Flooding A

IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense

OSSIR. 8 Novembre 2005

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

A GUIDE TO DDoS PROTECTION

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Trends in IoT DDoSbotnets

Attack Fingerprint Sharing: The Need for Automation of Inter-Domain Information Sharing

Routing Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

A10 DDOS PROTECTION CLOUD

August 14th, 2018 PRESENTED BY:

TESTING DDOS DEFENSE EFFECTIVENESS AT 300 GBPS SCALE AND BEYOND

NINE MYTHS ABOUT. DDo S PROTECTION

Anycast for DDoS. Master s Thesis. Jan Harm Kuipers (s )

DDoS Introduction. We see things others can t. Pablo Grande.

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY

DDoS Managed Security Services Playbook

NETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING

Neustar forms partnership with Limelight for turbocharged DDoS mitigation

F5 DDoS Hybrid Defender : Setup. Version

Cyber Security Guidelines Distributed Denial of Service (DDoS) Attacks

Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See

Mitigating DDoS Attacks in Zero Seconds with Proactive Mitigation Controls

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

DNS SECURITY BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER

DDoS Beasts and How to Fight Them. Artyom Gavrichenkov

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

FortiDDoS Deployment Guide for Cloud Signaling with Verisign OpenHybrid

DDoS Defense Mechanisms for IXP Infrastructures

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

( ) 2016 NSFOCUS

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure

Guide to DDoS Attacks November 2017

Memcached amplification: lessons learned. Artyom Gavrichenkov

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

SECURE HOME GATEWAY PROJECT

Global DDoS Threat Landscape

Advanced Attack Response and Mitigation

SECURE HOME GATEWAY PROJECT

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

DDoS MITIGATION BEST PRACTICES

Distributed Denial of Service (DDoS)

How DDoS Mitigation is about Corporate Social Responsibility

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Transcription:

Internet2 DDoS Mitigation Update Nick Lewis, Program Manager - Security and Identity, Internet2 Karl Newell, Cyberinfrastructure Security Engineer, Internet2 2016 Internet2

Let s start with questions! How many campuses have experienced a DDoS attack? What kind of attack? Volume? How long did it last and what was the impact? How did you remediate the attack? How did you engage your transit provider? When you get asked about what your DDoS strategy, what do you respond with? [ 2 ]

Background on DDoS Attacks What is a DDoS attack? A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. Why perform a DDoS attack? There isn't just one way to deal with DDoS attacks and there isn't just one provider that can effectively defend our members. Rather it takes a variety of solutions engaged through different providers to thwart large-scale attacks. [ 3 ]

DDoS Attack Basics Volumetric attacks clog the circuits, delivering information by sending more packets than the circuit can process, thereby saturating the circuit and making services unavailable. Application layer attacks are focused on rendering applications such as web servers unavailable by exhausting web server resources. These attacks do not have to consume all of the network bandwidth to be effective. Rather they place an operational strain on the application server in such a way that the server becomes unavailable. Multi-vector attacks tend to run over an extended period of time and engage different attack methods intended to evade detection and mitigation efforts while maximizing the damage to the victim. [ 4 ]

DDoS Attacks In 2000, DoS attacks made big news when major websites like CNN, Yahoo and Ebay went offline because of DoS attacks. The DDoS threat history is chronicled in a Fortinet blog post. Early 2000 s - Emerging awareness 2005 - monetization of DDoS 2010 - Hacktivism 2012 and beyond - Application level attacks emerging [ 5 ]

Trends in DDoS Past Attacks 2013-120Gbps Spamhaus attack 2014 400Gbps NTP amplification attack on a web server Reflection, using spoofed IP addresses and vulnerable recusors to point DNS, NTP, or other traffic to a target, has been a common attack vector. Cloudflare has been fighting historic DDoS attacks for over 5 years. Back in 2013, the 120Gbs on Spamhaus was a big attack, and we were able to keep their website online. DDoS attacks take all shapes and forms. In this 400Gbps amplification attack, an attacker used 4,529 NTP servers to amplify an attack from a mere 87Mbps source server. Source: CloudFlare presentation to Security Working Group [ 6 ]

Current DDoS Attacks Brian Kreb DDoS and investigation https://krebsonsecurity.com/2017/01/who-isanna-senpai-the-mirai-worm-author/ Dyn DDoS http://dyn.com/blog/dyn-analysis-summary-offriday-october-21-attack/ Mirai botnet Source: CloudFlare presentation to Security Working Group [ 7 ]

DDoS Mitigation Options On-prem systems Arbor, Radware, F5, and many others Filtering sources Router ACLs, firewalls, IPS, other network devices Blackhole routing Cloud services CDN Cloud scrubbing AWS Shield - https://aws.amazon.com/shield/ BCP38 - https://tools.ietf.org/pdf/bcp38.pdf [ 8 ]

https://www.us-cert.gov/sites/default/files/publications/ddos%20quick%20guide.pdf continued... [ 9 ]

https://www.us-cert.gov/sites/default/files/publications/ddos%20quick%20guide.pdf [ 10 ]

Deepfield Categorized DDoS [ 11 ]

Internet2 DDoS Mitigation Strategy Multi-faceted approach Mitigation of volumetric attacks Network filtering - blackholing, flowspec Cloud scrubbing On-prem appliances Mitigation of application layer attacks On-prem appliances Cloud based protection [ 12 ]

Internet2 Mitigation Currently BGP blackhole Drops traffic destined for a host Completes the attack Cloud-based DDoS scrubbing service [ 13 ]

Security Working Group engagement Presentations from DDoS mitigation vendors A10, Akamai, Arbor, Cloudflare, Deepfield, Imperva Developed technical requirements for RFP Scored RFP responses [ 14 ]

Internet2 DDoS Mitigation Service Partner with Zenedge Currently in pilot General availability July 1, 2017 Direct traffic to scrubbing center - more specific BGP announcement Return clean traffic via VLAN on Internet2 backbone Shared 10G clean traffic (40G of physical capacity) Subscriber gets 1G commit and can burst to 10G+ Unlimited IPv4/IPv6 assets Unlimited mitigations Access to portal and SOC [ 15 ]

Protecting commodity traffic Diverted attack traffic Commodity traffic Clean traffic return path Commodity Internet Scrubbing Center Internet2 Network Subscriber Tenant

Protecting Research and Education traffic Scrubbing Center Diverted attack traffic Research and Education traffic Clean traffic return path Internet2 Network [ 17 ] Regional/Member Network Subscriber Tenan t

Future Internet2 DDoS Mitigation Strategy Deepfield Defender - network attack detection BGP Flowspec BGP signaled ACLs Granular packet matching Can block sources Web based portal NET+ service(s) for application protection IoT Systems Risk Management Task Force https://er.educause.edu/~/media/files/articles/2016/6/erm1649.pdf Suggestions? [ 18 ]

NET+ DDoS Mitigation Closely internally coordinating Talked with several DDoS mitigation providers Akamai, BlackLotus (Acquired by Level3), Cloudflare, Zenedge Baylor suggested working with CloudFlare and is closest to potential service Akamai has engaged with us several times and has several higher ed customers [ 19 ]

CloudFlare NET+ discussions as part of new cloud discovery service They are helping us developed the business processes around new cloud discovery service Starting slow and as campuses sign-up, develop more integrations Engaged on technical aspects InCommon, Network, Security [ 20 ]

Cloudflare DDoS Protection for Web Applications WAF, Rate Limiting, CDN, DNS (optional) In Use by Baylor University and 8 other universities in the U.S. Baylor.edu hit by DDoS attack in May 2016 Cloudflare onboarded baylor.edu in several hours and stopped attacks Cloudflare attack prevention is always on-line, no need for manual monitoring Baylor team is happy with Cloudflare s effectiveness and ease of management Today Cloudflare protects 11 Baylor public facing websites Cloudflare stopped 72k threats against baylor.edu last month [ 21 ] 2016 Internet2

How CloudFlare DDoS Mitigation works Each Cloudflare customer IP address is announced, using anycast, from each data center in our network. BGP routes incoming traffic to the closest data center. This prevents DDoS attackers from targeting a specific data center, and distributes attack traffic. Attacks across DNS, L3/L4, and L7 targeting DNS and web applications are detected directly from our routers, and automatically mitigated. This lets us act quickly against even huge attacks. 10 Tbps capacity stops the largest attacks. Our Global Anycast Network

Let s Finish With Questions! Any questions? Any suggestions? What s your interest in the Internet2 DDoS Mitigation Service? Potential NET+ service with CloudFlare? Do you have DDoS mitigation documentation? (Plan, policy, procedure, etc) If you don t have one, would it be helpful if we drafted an outline to go with what we are developing? Where do you see Internet2 fitting into your DDoS strategy? How do you see an Internet2 DDoS mitigation strategy fitting in with the community? [ 23 ]

Contact Information Nick Lewis <nlewis@internet2.edu> Karl Newell <knewell@internet2.edu> References Link to blog posts http://www.internet2.edu/blogs/detail/12234 http://www.internet2.edu/blogs/detail/13507 https://www.us-cert.gov/sites/default/files/publications/ddos%20quick%20guide.pdf CloudFlare presentation to Security Working Group https://spaces.internet2.edu/pages/viewpage.action?pageid=93651521&preview=/93651521/1103330 77/Cloudflare%20-%20Internet%202%20DDoS%20Presentation%20v4%5B1%5D.pptx [ 24 ]

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback