Herding Cats. Carl Brothers, F5 Field Systems Engineer

Similar documents
Securing and Accelerating the InteropNOC with F5 Networks

Comprehensive datacenter protection

F5 Synthesis Information Session. April, 2014

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics

BIG-IP otse vastu internetti. Kas tulemüüri polegi vaja?

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Estrategias de mitigación de amenazas a las aplicaciones bancarias. Carlos Valencia Sales Engineer - LATAM

KEEPING THE BAD GUYS OUT WHILE LETTING THE GOOD GUYS IN. Paul Deakin Federal Field Systems Engineer

haltdos - Web Application Firewall

RETHINKING DATA CENTER SECURITY. Reed Shipley Field Systems Engineer, CISSP State / Local Government & Education

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

Silverline DDoS Protection. Filip Verlaeckt

Architecture: Consolidated Platform. Eddie Augustine Major Accounts Manager: Federal

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

Imma Chargin Mah Lazer

Cloudflare Advanced DDoS Protection

Chapter 7. Denial of Service Attacks

Mitigating DDoS A acks with F5 Technology

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

THUNDER WEB APPLICATION FIREWALL

DATACENTER SECURITY. Paul Deakin System Engineer, F5 Networks

Advanced Techniques for DDoS Mitigation and Web Application Defense

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

Cyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

Protect your apps and your customers against application layer attacks

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

A10 DDOS PROTECTION CLOUD

Pushed to the Limit! Network and Application Security Threat Landscape Lior Zamir Technical Account Manager

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery.

Intelligent and Secure Network

Key Considerations in Choosing a Web Application Firewall

Introduction Who needs WAF anyway? The Death of WAF? Advanced WAF Why F5?

Corrigendum 3. Tender Number: 10/ dated

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

Imperva Incapsula Product Overview

A GUIDE TO DDoS PROTECTION

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

COMPUTER NETWORK SECURITY

Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF

August 14th, 2018 PRESENTED BY:

Beyond Blind Defense: Gaining Insights from Proactive App Sec

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Enterprise D/DoS Mitigation Solution offering

Configuring attack detection and prevention 1

DDoS Detection&Mitigation: Radware Solution

Configuring attack detection and prevention 1

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Cyber War Chronicles Stories from the Virtual Trenches

Threat Pragmatics. Target 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:

Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See

the Breakdown of Perimeter Defenses

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

DDoS Introduction. We see things others can t. Pablo Grande.

Check Point DDoS Protector Introduction

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

GOING WHERE NO WAFS HAVE GONE BEFORE

Solutions Business Manager Web Application Security Assessment

Curso: Ethical Hacking and Countermeasures

F5 Application Security. Radovan Gibala Field Systems Engineer

Fregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G

2015 DDoS Attack Trends and 2016 Outlook

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

DDoS Hybrid Defender. SSL Orchestrator. Comprehensive DDoS protection, tightly-integrated on-premises and cloud

Anti-DDoS. FAQs. Issue 11 Date HUAWEI TECHNOLOGIES CO., LTD.

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

Cyber Security Guidelines Distributed Denial of Service (DDoS) Attacks

Web Applications Security. Radovan Gibala F5 Networks

sottotitolo System Security Introduction Milano, XX mese 20XX A.A. 2016/17 Federico Reghenzani

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

Arbor Solution Brief Arbor Cloud for Enterprises

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Denial of Service. Eduardo Cardoso Abreu - Federico Matteo Bencic - Pavel Alexeenko -

Additional Security Services on AWS

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Understanding Cisco Cybersecurity Fundamentals

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Cisco Firepower with Radware DDoS Mitigation

Blended Security Threats and Mitigations

Are You Fully Prepared to Withstand DNS Attacks?

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

Large FSI DDoS Protection Reference Architecture

SECURE YOUR APPLICATIONS, SIMPLIFY AUTHENTICATION AND CONSOLIDATE YOUR INFRASTRUCTURE

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Excerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt

DDOS RESILIENCY SCORE (DRS) "An open standard for quantifying an Organization's resiliency to withstand DDoS attacks" Version July

CSE 565 Computer Security Fall 2018

Computer Security: Principles and Practice

Network Security. Thierry Sans

Web Security. Outline

Mario Arriaza - Fundador

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Transcription:

Herding Cats Carl Brothers, F5 Field Systems Engineer

Agenda Introductions Security is easy, right Trivia Protecting your apps, one layer at a time How to survive an Attack Time permitting F5 Networks, Inc 2

Securing applications can be complex Ownership Challenges with security team making the dev team fix vulnerabilities Attack visibility Is often lacking details to truly track and identify attacks and their source, and ensure compliance and forensics Webification Impossible to build safeguards into applications in a timely manner Changing threats increasing in complexity that requires intelligence and on-going learning Scalability and performance Needed to ensure services are available during the onset of aggressive attacks F5 Networks, Inc 3

Common attacks on web applications CSRF Cookie manipulation OWASP top 10 Brute force attacks Forceful browsing Buffer overflows Web scraping Parameter tampering SQL injections Information leakage Field manipulation Session high jacking Cross-site scripting Zero-day attacks Command injection ClickJacking Bots Business logic flaws F5 Networks, Inc 4

F5 Networks, Inc 5

Quick Trivia the Cuckoo s Egg

Trivia Question 1 What do the following have in common? 1. 2600, the Hacker Quarterly 2. Captain Crunch 3. Blue Box F5 Networks, Inc 7

Trivia Question 2 What do these things have in common? Waste of computer time at Harvard One of Homer s greatest works Doggonit, it s hard to compute F5 Networks, Inc 8

Trivia Question 3 Band who sang the song Low Rider? F5 Networks, Inc 9

Protecting your apps, one layer at a time

Attacks by the Layer Increasing difficulty of attack detection OSI stack Physical (1) Data Link (2) Network (3) Transport (4) Session (5) Presentation (6) Application (7) OSI stack Network attacks SYN Flood, Connection Flood, UDP Flood, Push and ACK Floods, Teardrop, ICMP Floods, Ping Floods and Smurf Attacks Session attacks DNS UDP Floods, DNS Query Floods, DNS NXDOMAIN Floods, SSL Floods, SSL Renegotiation Application attacks OWASP Top 10 (SQL Injection, XSS, CSRF, etc.), Slowloris, Slow Post, HashDos, GET Floods F5 Networks, Inc 11

Reference Architecture Next-Generation Firewall Corporate Users Tier 1 Tier 2 Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood Financial Services Legitimate Users DDoS Attacker ISPa/b Cloud Scrubbing Service DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS IPS HTTP attacks: Slowloris, slow POST, recursive POST/GET Application E-Commerce Subscriber Threat Feed Intelligence Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Strategic Point of Control F5 Networks, Inc 12

Reference Architecture Next-Generation Firewall Corporate Users TIER 1 KEY FEATURES Legitimate Users DDoS Attacker Multiple ISP strategy ISPa/b Cloud Scrubbing Service Threat Feed Intelligence Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Tier 1 Network and DNS Tier 2 The first tier at the SSL attacks: perimeter SSL renegotiation, is layer 3 SSL flood and 4 network firewall services Simple load balancing Application to a second tier HTTP attacks: Slowloris, slow POST, recursive POST/GET IP reputation database IPS Mitigates volumetric and DNS DDoS attacks Financial Services E-Commerce Subscriber Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Strategic Point of Control F5 Networks, Inc 13

F5 Networks, Inc 14

Threat Feed intelligence Botnet Restricted region or country IP intelligence service Attacker Custom application Anonymous requests Financial application Anonymous proxies Scanner Geolocation database Internally infected devices and servers F5 Networks, Inc 15

Reference Architecture Next-Generation Firewall Corporate Users TIER 2 KEY FEATURES Legitimate Users DDoS Attacker Multiple ISP strategy ISPa/b Cloud Scrubbing Service Threat Feed Intelligence Tier 1 The second tier is for Network ICMP flood, attacks: application-aware, UDP flood, SYN flood CPU-intensive defense mechanisms SSL termination DNS DNS amplification, attacks: query flood, dictionary attack, DNS poisoning Network and DNS Web application firewall Mitigate asymmetric and SSL-based DDoS attacks IPS SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Tier 2 Application Financial Services E-Commerce Subscriber Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Strategic Point of Control F5 Networks, Inc 16

Using a full-proxy architecture WAF WAF Slowloris attack XSS HTTP HTTP Data leakage SSL renegotiation SYN flood ICMP flood SSL TCP SSL TCP Network Firewall F5 Networks, Inc 17

Layer 7 Attack Examples Attacks Slowloris XerXes DoS LOIC/HOIC Slow POST (RUDY) #RefRef DoS Apache Killer HashDos Active (Since) Jun 2009 Feb 2010 Nov 2010 Nov 2010 Jul 2011 Aug 2011 Dec 2011 Threat /Flaw HTTP Get Request, Partial Header Flood TCP (8 times increase, 48 threads) TCP/UDP/ HTTP Get floods HTTP web form field, Slow 1byte send Exploit SQLi for recursive SQL ops Overlapping HTTP ranges Overwhelms hash tables of all popular web platforms Java, ASP, Apache, Tomcat. Impact Attack can be launched remotely, Denial of Services (DOS), Resource Exhaustion, tools and script publicly available F5 Networks, Inc 18

Which technology to use? CLOUD/HOSTED SERVICE ON-PREMISES DEFENSE Content delivery network Network firewall with SSL inspection Communications service provider Web application firewall Cloud-based DDoS service On-premises DDoS solution Intrusion detection/prevention F5 Networks, Inc 19

The Answer: All of the Above F5 Networks, Inc 20

F5 Networks, Inc 21

How to survive an Attack To the uninitiated, an attack can be a scary, stressful ordeal. Sometimes the first attack can appear randomly. Sometimes a competitor knows exactly the right (or wrong) day to take your high-value service offline. An outage like this can cause panic and force people into making decisions that they normally wouldn t make such as paying a high ransom to stop an attack.

F5 Networks, Inc 23

Prework There are 5 worksheets to complete that will assist in repelling a DDoS attack. If you have not recorded this information prior to your first attack, record it as you collect it. Then you can laminate these worksheets and keep them on the datacenter wall. F5 Networks, Inc 24

Worksheets Contact List fill it out as you initiate contact. Whitelists map your partners, users and services. Application Triage know your own applications Device Map Create a device map. Attack Log Note the attack details F5 Networks, Inc 25

Ten Survival Guidelines 1. Verify the Attack 2. Contact the Team Leads 3. Triage Applications 4. Identify the Attack 5. Protect remote Users and Partners F5 Networks, Inc 26

Ten Survival Guidelines 6. Evaluate Source Address Mitigation Options 7. Mitigate Specific Application Attacks 8. Increase Application-Level Security Posture 9. Constrain Resources 10. Additional Considerations Contact me for the full 15 page source document. F5 Networks, Inc 27

Contact Info: Carl Brothers www.f5.com c.brothers@f5.com F5 Networks, Inc 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback