Radware DefensePro DDoS Mitigation Release Notes Software Version Last Updated: December, 2017

Similar documents
DefensePro. Release Notes

Security Advisory. Network Time Protocol Vulnerabilities

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

SNMP Monitoring. Hardware Monitoring OIDs DefensePro Version 8.x

Mobile LOIC Counter Measures

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Check Point DDoS Protector Introduction

DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action

DDoS Detection&Mitigation: Radware Solution

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

How to Configure DNS Sinkholing in the Firewall

Cisco Firepower with Radware DDoS Mitigation

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Imperva Incapsula Product Overview

What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1

Securing Online Businesses Against SSL-based DDoS Attacks. Whitepaper

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

Check Point DDoS Protector Simple and Easy Mitigation

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Cisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 4.1.x

Security Gap Analysis: Aggregrated Results

Corrigendum 3. Tender Number: 10/ dated

Additional Security Services on AWS

Systrome Next Gen Firewalls

Cisco IOS Classic Firewall/IPS: Configuring Context Based Access Control (CBAC) for Denial of Service Protection

F5 DDoS Hybrid Defender : Setup. Version

TOLLY. Radware, Inc. Radware, Inc. commissioned. DefensePro Test Summary. Throughput Benchmark and Attack Mitigation Evaluation.

Connection Logging. Introduction to Connection Logging

Venusense UTM Introduction

Cloudflare Advanced DDoS Protection

Security Configuration Guide: Denial of Service Attack Prevention, Cisco IOS Release 15M&T

Connection Logging. About Connection Logging

Introduction to Security. Computer Networks Term A15

Technical White Paper June 2016

Yuri Gushin & Alex Behar

IPv6 Firewall Support for Prevention of Distributed Denial of Service Attacks and Resource Management

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager

Chapter 7. Denial of Service Attacks

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

AAD - ASSET AND ANOMALY DETECTION DATASHEET

IPS-1 Robust and accurate intrusion prevention

DNS SECURITY BEST PRACTICES

Encrypted Traffic Security (ETS) White Paper

Comprehensive datacenter protection

Security Configuration Guide: Denial of Service Attack Prevention, Cisco IOS Release 12.2SX

Fregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G

Release Notes. Alteon Application Switch. Version August 2, 2012

Configuring DDoS Prevention

DPtech IPS2000 Series Intrusion Prevention System User Configuration Guide v1.0

haltdos - Web Application Firewall

Pass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS

A Firewall Architecture to Enhance Performance of Enterprise Network

This release of the product includes these new features that have been added since NGFW 5.5.

Protection Against Distributed Denial of Service Attacks

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

A10 DDOS PROTECTION CLOUD

Distributed Denial of Service

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

F5 Networks Configuring BIG-IP AFM v13: Advanced Firewall Manager

TESTING DDOS DEFENSE EFFECTIVENESS AT 300 GBPS SCALE AND BEYOND

DDoS Protection in Backbone Networks

Legal and notice information

DDOS RESILIENCY SCORE (DRS) "An open standard for quantifying an Organization's resiliency to withstand DDoS attacks" Version July

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Cisco IOS Inline Intrusion Prevention System (IPS)

Prolexic Attack Report Q4 2011

* Knowledge of Adaptive Security Appliance (ASA) firewall, Adaptive Security Device Manager (ASDM).

vol.15 August 1, 2017 JSOC Analysis Team

Forescout. Configuration Guide. Version 3.5

CSE 565 Computer Security Fall 2018

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Office 365 Buyers Guide: Best Practices for Securing Office 365

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Basic Concepts in Intrusion Detection

Data Sheet. DPtech IPS2000 Series Intrusion Prevention System. Overview. Series IPS2000-MC-N. Features

Securing the Next Generation Data Center

Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF

Introduction to Network. Topics

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See

Security Bulletin Relating to Worldwide Botnet Dialing H.323-Capable Systems

Forescout. Configuration Guide. Version 8.1

This release of the product includes these new features that have been added since NGFW 5.5.

Figure 1: Attempts for /ws/v1/cluster/apps/new-application

Unit 4: Firewalls (I)

2 ZyWALL UTM Application Note

Arbor WISR XII The Stakes Have Changed. Julio Arruda V1.0

Security in the Privileged Remote Access Appliance

Paloalto Networks PCNSA EXAM

This release of the product includes these new features that have been added since NGFW 5.5.

Port Mirroring in CounterACT. CounterACT Technical Note

Transcription:

Radware DefensePro DDoS Mitigation Release Notes Software Version 8.13.01 Last Updated: December, 2017 2017 Cisco Radware. All rights reserved. This document is Cisco Public. Page 1 of 9

TABLE OF CONTENTS CONTENT... 3 RELEASE SUMMARY... 3 SUPPORTED PLATFORMS AND MODULES... 3 DEVICE MANAGEMENT... 3 UPDATING THE ONLINE HELP ON THE APSOLUTE VISION SERVER... 3 WHAT S NEW... 3 NEXT GENERATION DNS PROTECTION... 3 Positive Protection Model... 5 Enhanced Real-Time Signature... 5 DNS Configuration... 5 New DNS Reports... 5 SIGNATURE PROTECTION APPLICATION SECURITY... 7 CONNECTION LIMIT PROTECTION... 7 PASSIVE CHALLENGE FOR DNS FLOOD PROTECTION... 7 DIAGNOSTICS PACKET CAPTURE ENHANCEMENTS... 8 DNS BASELINE LEARNING SUPPRESSION... 8 TLS VERSION 1.1 OR LATER REQUIRED FOR MANAGEMENT INTERFACE... 8 COMPRESSION OF THE TECHNICAL SUPPORT FILE... 8 FIX FOR THE NTP VULNERABILITY EXPOSED BY CVE-2015-5300... 8 2017 Cisco Radware. All rights reserved. This document is Cisco Public. Page 2 of 9

Content Radware announces the release of Radware DefensePro DDoS Mitigation version 8.13.01. These release notes document describes new capabilities and maintenance fixes since the previous released version of DefensePro for Cisco Firepower 9300 version 8.10.01. Release Summary This release introduces Next Generation DNS Flood Protection, which greatly enhances the DNS protection capabilities of DefensePro DDoS Mitigation, as well as a number of other enhancements, as described in this release notes document. Release date: October 2017 Build number: 9 Supported Platforms and Modules This version is supported by the following platforms: Product Platform SME DME Radware DefensePro DDoS Mitigation Virtual Software-based No Device Management This Radware DefensePro DDoS Mitigation version is supported by APSolute Vision version 3.90.00 and later. If you are using a previous version of APSolute Vision, it is recommended to upgrade to version 3.90.00. Updating the Online Help on the APSolute Vision Server To upgrade the online help on the APSolute Vision server and include the content of this version, upload the onlinehelp upgrade package from the following location https://portals.radware.com/getattachment/c6c88ad3-8a68-4a2b- 9f35-4f9109f1c3dd/Help-Upgrade-File-for-APSolute-Vision-Version-3-90 to the APSolute Vision server. Installation instructions are in the appendix Managing the Online-Help Package on the Server of the APSolute Vision User Guide, located at https://portals.radware.com/customer/home/downloads/management- Monitoring/?Product=APSolute-Vision. What s New This section describes what s new in version 8.13.01. Next Generation DNS Protection 2017 Cisco Radware. All rights reserved. This document is Cisco Public. Page 3 of 9

Version 8.13 introduces the Next Generation DNS (NG DNS) Flood Protection, designed for the next generation of sophisticated DNS attacks. The NG DNS Flood Protection is based on an innovative behavioral mechanism designed to protect your environment from all types of query floods, including zero-day floods, such as the Mirai botnet DNS Water Torture. NG DNS Flood Protection is able to automatically and accurately detect and mitigate all types of DNS query floods, from a basic flood to a sophisticated random-subdomains flood. In the random-subdomains flood scenario, both legitimate ( good ) queries and attack ( bad ) queries appear legitimate to the DNS server. NG DNS Flood Protection is able to distinguish, automatically and accurately, between good and the bad queries, allowing only the good queries to pass to the DNS server. NG DNS is purely stateless. To achieve accurate detection of DNS query floods, Radware DefensePro DDoS Mitigation does not store any state of the DNS session. NG DNS Flood Protection is designed for use in ingress-only environments, relying solely on incoming DNS queries for detection and mitigation. This is a key advantage that ensures early protection, especially in case of recursive random-subdomains flood, which is often revealed only after NXDomain responses are received. Radware DefensePro DDoS Mitigation can accurately and automatically detect and mitigate a recursive random-subdomains flood based solely on the incoming queries, without the need to wait for the NXDomain responses. NG DNS Flood Protection maintains the query-type granularity, and is able to accurately detect and mitigate a query flood on a specific query type, such as A, AAAA, and so on. 2017 Cisco Radware. All rights reserved. This document is Cisco Public. Page 4 of 9

Positive Protection Model Version 8.13.01 introduces a novel behavioral mechanism, based on a positive protection model for DNS queries. NG DNS Flood Protection collects rate and rate-invariant statistics on query type, query rate, and Fully Qualified Domain Names (FQDNs) during peacetime. The NG DNS Flood Protection engine analyzes and correlates all the statistics, for accurate attack detection and mitigation. Enhanced Real-Time Signature To complement the positive protection model, NG DNS Flood Protection adds enhancements to the Real-Time Signature algorithm. In version 8.13.01, the Real-Time Signature algorithm is able to accurately isolate the target domain name within the FQDN. This enhancement provides high granularity in attack characterization, and therefore, accurate and surgical mitigation of random-subdomains floods. DNS Configuration The new positive protection model and Real-Time Signature enhancements operate automatically after attaching a DNS profile to an active Network Protection policy. As such, there are no new settings required, apart from the existing DNS profile settings. The main changes in DNS configuration screens are as follows: Learning Suppression Threshold is now available through APSolute Vision. (APSolute Vision Configuration perspective, Setup > Security Settings > DNS Flood Protection > Learning Suppression Threshold.) Learning suppression is essential to ensure accurate DNS detection. Learning suppression helps maintain a normal baseline that is sufficiently high for flood detection when the DNS query rate drops significantly below the baseline. In the configuration of a DNS Protection profile (APSolute Vision Configuration perspective, Network Protection > DNS Protection Profiles > DNS Profile): New Rate Settings tab consolidates all rate-related settings for the behavioral engine configuration, which contains the following parameters: o o Expected DNS Query Rate moved from Query Protections and Quotas tab Max Allowed QPS and Signature Rate-Limit Target moved from Action tab. New Subdomains Whitelist tab The Subdomains Whitelist is an aggregated list of the top-n FQDNs (by occurrences) seen in the traffic. A single Radware DefensePro DDoS Mitigation device is able to process and analyze tens of millions of FQDNs, which are aggregated for visibility and management purposes into the Subdomains Whitelist. You can import and export the Subdomains Whitelist and add manual entries. New DNS Reports Version 8.13.01 introduces a brand-new report that displays the top 10 FQDNs in the environment. The report shows the top 10 FQDNs, by number of occurrences, within the selected period. The available periods are 10 minutes, 1 hour, 12 hours, and 24 hours. You can examine the trend of occurrences for each FQDN by double-clicking on a specific FQDN in the list. 2017 Cisco Radware. All rights reserved. This document is Cisco Public. Page 5 of 9

The new report, named Top Queried Domain Names Report, is in the Security Monitoring perspective, under Traffic Monitoring. Figure 1: Top Queried Domain Names Report For Radware DefensePro DDoS Mitigation version 8.13.01, the Last Sample Statistics tab under Protection Monitoring has been redesigned. Now, the Last Sample Statistics tab graphically displays, per query type, the degree of attack along with the DNS rate-based and rate-variant statistics. 2017 Cisco Radware. All rights reserved. This document is Cisco Public. Page 6 of 9

Figure 2: Last Sample Statistics Tab Signature Protection Application Security The Signature Protection module protects against server-based vulnerabilities, such as Web, mail, FTP, worms and viruses, Trojans and backdoors, bots, spyware, and so on. The Signature Protection module includes DoS Shield protection (which was already available in previous Radware DefensePro DDoS Mitigation 8.x versions) and the newly added Application Security module. Both the DoS Shield and the Application Security protections use signatures from the Radware Signatures database. This database is continuously updated by Radware s Vulnerability Research Team (VRT), and protects against all known threats. Additionally, you can create user-defined signatures. Application Security protection uses a powerful software-based string-matching engine (SME). In this release, Application Security supports the following: Low complexity filters The Track All tracking type The Drop and Report Only actions The Text and Regular Expression content types The Destination Reset signature action Packet tracking options: o By Source Count o By Destination Count o By Source and Destination Count More Signature Protection capabilities are planned for future Radware DefensePro DDoS Mitigation releases. Connection Limit Protection Connection Limit protection protects against session-based attacks, such as half-open SYN attacks, request attacks, and connection attacks, by limiting the number of new TCP or UDP connections per second allowed for specific source, or destination, or source and destination pair. Passive Challenge for DNS Flood Protection When using the DNS Flood Protection Passive Challenge, Radware DefensePro DDoS Mitigation mitigates DNS Flood attacks by dropping A and AAAA DNS queries originating from a client that has not yet been authenticated. When the same client retransmits a query within the specified period, Radware DefensePro DDoS Mitigation considers the client legitimate. 2017 Cisco Radware. All rights reserved. This document is Cisco Public. Page 7 of 9

Diagnostics Packet Capture Enhancements Radware DefensePro DDoS Mitigation version 8.13.01 enhances the capability to perform packet capture of data traffic, for diagnostic purposes, by adding the following capabilities: Configurable option to select whether traffic capture is performed on data ports only, on management ports only, or on both management and data ports. Configurable option to decide the packet capture rate, which applies per Radware DefensePro DDoS Mitigation core (DPE). Capture files stored on the device are now compressed before download through APSolute Vision. DNS Baseline Learning Suppression The DNS Baseline Learning Suppression feature enables preserving a good DNS-baseline value in scenarios where, at certain times, Radware DefensePro DDoS Mitigation handles very little DNS traffic. A CLI-only option was added in this release, which allows the configuration of a threshold, specified as a percentage of the Expected DNS Query Rate, below which Radware DefensePro DDoS Mitigation suppresses DNS-baseline learning. TLS version 1.1 or Later Required for Management Interface In this release, HTTPS connectivity to the management interface of Radware DefensePro DDoS Mitigation requires TLS version 1.1 or later, no longer accepting TLS version 1.0. Compression of the Technical Support File In this release, the Radware DefensePro DDoS Mitigation technical-support file is compressed before download through APSolute Vision. The compression greatly reduces the size of the technical-support file, thus enabling shorter download time. Fix for the NTP Vulnerability Exposed by CVE-2015-5300 This release includes a fix to address the NTP panic threshold bypass vulnerability, as exposed by CVE-2015-5300. 2017 Cisco Radware. All rights reserved. This document is Cisco Public. Page 8 of 9

North America Radware Inc. International Radware Ltd. 575 Corporate Drive 22 Raoul Wallenberg St. Mahwah, NJ 07430 Tel Aviv 69710, Israel Tel: +1-888-234-5763 Tel: 972 3 766 8666 2017 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective owners. Printed in the U.S.A. 2017 Cisco Radware. All rights reserved. This document is Cisco Public. Page 9 of 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback