SlideShare a Scribd company logo

Colt IP Guardian Protects Against DDoS Attacks

Download as PPT, PDF
A
acaiani
TechnologyNews & Politics
1 of 19
Colt IP Guardian © 2010 Colt Technology Services Group Limited. All rights reserved.
Agenda • DoS and DDoS Attacks • Colt Proposition: IP Guardian • Technical View 2
DoS attack: definition • A Denial of Service (DoS) attack is an explicit attempt by attackers to prevent legitimate users from using that service. Examples include: – Attempts to flood a network, thereby preventing legitimate network traffic – Attempts to use all available processing power on the end system to prevent regular users access – Attempts to disrupt connections between two machines, preventing access to a service – Attempts to prevent a particular individual from accessing a service – Attempts to disrupt service to a specific system or person 3
What is a Distributed Denial of Service Attack? (1/2) • A DDoS attack is the most prominent form of DoS attack – The attacker scans millions of computers on the Internet to identify unsecured hosts to be used as launch pads – Then secretly installs software on a master computer and a collection of compromised zombie computers – The attacker hides their true identity and location by using these zombie machines to launch the attacks – The attack results in denial of service to legitimate users because their infrastructure is overwhelmed with illegitimate requests, thereby choking off the site's available bandwidth 4
What is a Distributed Denial of Service Attack? (2/2) Areas vulnerable to attack include: Zombies on Zombies on innocent computers innocent computers • Routers A A S S • Firewalls ISP Backbone • Web servers • DNS servers Infrastructure level attacks • Mail Servers • VoIP gateways Indirect victims, elements that share the A victims’ network (for example, otherS Zombies on servers in a server farm) innocent computers Bandwidth level attacks Enterprise Server level attacks 5
Real world proposals … • Someone offers a DDoS service -----Original Message----- From: Martyn Clapham [mailto:DDoS1033er@caulf.freeserve.co.uk] Sent: Friday, 16 May 2003 2:45 PM To: ******************** Subject: Offer from irc.mad.pp.ru 2787! Do you want to get rid of your competitors? Or blackmail your boss because he didn't pay you? We can help! Ddos attack on any internet server. We pay admins of irc.icq.com for hosting so our bandwidth is huge and our knowledge of such attacks allows us to fulfill any requirement. If you are in need of Ddos attacks, or simply looking for specific content for your web site (like child porn or anything weird) - tell us and will give you what you need! Our contacts are: irc.mad.pp.ru 2787 • Someone else offers protection you can’t refuse (if you don’t pay, you will be attacked) • So-called “cyber mafia” mainly based in Russia and Eastern Europe 6
Typical Targets of a DDoS Attack • Typical Targets of a DDoS attacks are: – eCommerce – On line banking – On line trading – iGaming – iGambling – Content Providers – Governmental organizations – ISPs In general, all those companies that make business providing online/Internet services 7
Agenda • DoS and DDoS Attacks • Colt Proposition: IP Guardian • Technical View 8
Colt Proposition: IP Guardian • Proposal – Colt will protect the customer bandwidth by detecting attacks whilst still within the Colt network – Customer traffic is diverted only in case an attack is detected  no impact for customers during normal operations • How? – By expanding the existing state of the art platform built using Arbor Peakflow monitors and Arbor TMS (Threat Management System) and locating them throughout Colt’s Tier1 pan-European network 9
Service Variants • Continuous – Automatic redirection/mitigation if anomaly detected – Reports via customer portal • On-Demand – Customer control via portal – alerts via email/SMS, – customer reviews anomaly on Colt portal – triggers mitigation if it is deemed to be an attack • Emergency Implementation – Set up temporary IPG service in midst of attack – No baselining, default profile – Can migrate to full service (Continuous or On-Demand) 10
Benefits of the IP Guardian Service • “In the cloud” DDoS protection – DDoS protection on site can be useless – attacks can flood the pipe however good the mitigation devices are. IP Guardian stops the attack before it can reach you • Anomaly monitoring – Constant monitoring of Netflow telemetry data to ensure rapid detection of any abnormal activity • Resiliency – Protection deployed at multiple strategic locations throughout Colt global network to ensure near continuous uptime of the IP Guardian service and the best possible round trip time (RTT) in case traffic needs to be diverted • Productivity – Avoid downtime – you can carry on working as normal if the attack is successfully mitigated • Flexibility – New ‘On Demand’ Variant provides more customer control to avoid false positives 11
IP Guardian: how it works (1/3) – IP Guardian is a dedicated service in Arbor TMS which the customer traffic is Arbor Peakflow SP continuously monitored ensuring that the customer is continually prepared to react against DDoS attacks – The traffic to the customer is constantly Public Colt monitored while it follows its path in the Internet Backbone network. The Arbor Peakflow SP Collectors gather traffic statistics (network telemetry data) from all peering and transit routers, which it Arbor SP constantly constantly analyzes to construct a monitors traffic destined network-wide view of possible traffic to the customer and network anomalies Customer Network 12
IP Guardian: how it works (2/3) – An alert is generated if the behaviour is Arbor TMS TMS is found to be abnormal. triggered Arbor Peakflow – When an attack is detected by Arbor SP Peakflow SP, traffic is automatically diverted to Arbor TMS, which mitigates Public BGP the attack based on traffic patterns Internet Announcement learnt by Arbor Peakflow SP Arbor SP constantly monitor traffice detined to the customer Customer Network Malicious Traffic Cleaned Traffic 13
IP Guardian: how it works (3/3) – The customer never feels the full Arbor TMS impact of an attack as their circuit is being continually Arbor Peakflow SP monitored and protection triggered automatically by the Public Colt platform Internet Backbone – Only the cleaned traffic flows toward the customer, which will be provided with high levels of protection Whenever an attack occurs, traffic is reqdirected to Arbor TMS, the attack mitigated and cleaned traffic only flows to the customer Customer Network Malicious Traffic Cleaned Traffic 14
IP Guardian: Proactive eMail Alerting • In case an attack is detected, an email is sent to the customer • Another email is sent once the attack is mitigated • The structure of such emails is provided below as an example. – From: "Peakflow SP" traffic@peakflow.oss.colt.net – Date: date/time – To: Customer’s Address (this address shall be reachable in case of attacks) – Subject: [Peakflow SP] Bandwidth attack #[Attack ID] Incoming to [Customer] Done – Type: (Bandwidth, Protocol) – ID: a number identifying the attack – Resource: Customer’s name – Severity: high – Started: date/time (UTC) referred to the attack beginning – Ended: date/time (UTC) referred to the attack mitigation – Link rate: traffic (in Mbps) related to the attack – Router: Colt peering router and interfaces involved – Input If: Input Interface – Output If: Output Interface – URL: www.colt.net 15
Customer Portal • View traffic profiles • View anomalies • Trigger mitigation (On-Demand Only) 16
Agenda • DoS and DDoS Attacks • Colt Proposition: IP Guardian • Technical View 17
IP Guardian: Platform Deployment Controller 8x CPH STO BHX Collector DUB AMS CGN DUS HAM LON HAJ BRU TMS PAR FRK STR FRK BER BAS NYC ZUR GEN PARTUR MIL LIS MAD BCN VIE MUN ROM MIL MAD 18
Technicalities • The service is available to customers with a service bandwidth of at least 10Mbps and 30/40% of spare bandwidth (recommended) • Traffic content is not monitored or stored: IP Guardian is not what is known as “Deep Packet Inspection” • The maximum number of packets that can be dealt with is 1 Million packets per second • Maximum bandwidth up to 2Gbps per TMS – this means a maximum of 2Gbps in case of a DoS attack managed by one TMS or Nx2Gbps DDoS attack through multiple entry points (N=6, the number of TMS installed) • Simultaneous TCP connections during a SYN attack per device: 100,000 • Source and destination HTTP host pairs per device: 1 Million • Zombies per device: 20,000 19

Recommended

Go beyond EM pipe and cable locators with LMX200 GPR
Go beyond EM pipe and cable locators with LMX200 GPRGo beyond EM pipe and cable locators with LMX200 GPR
Go beyond EM pipe and cable locators with LMX200 GPRSensors & Software Inc.
 
BTRisk X86 Tersine Mühendislik Eğitim Sunumu - Bölüm-1
BTRisk X86 Tersine Mühendislik Eğitim Sunumu - Bölüm-1BTRisk X86 Tersine Mühendislik Eğitim Sunumu - Bölüm-1
BTRisk X86 Tersine Mühendislik Eğitim Sunumu - Bölüm-1BTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
Network security
Network securityNetwork security
Network securityVenkat Karanam
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 

Recommended

Go beyond EM pipe and cable locators with LMX200 GPR
Go beyond EM pipe and cable locators with LMX200 GPRGo beyond EM pipe and cable locators with LMX200 GPR
Go beyond EM pipe and cable locators with LMX200 GPRSensors & Software Inc.
 
BTRisk X86 Tersine Mühendislik Eğitim Sunumu - Bölüm-1
BTRisk X86 Tersine Mühendislik Eğitim Sunumu - Bölüm-1BTRisk X86 Tersine Mühendislik Eğitim Sunumu - Bölüm-1
BTRisk X86 Tersine Mühendislik Eğitim Sunumu - Bölüm-1BTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
Network security
Network securityNetwork security
Network securityVenkat Karanam
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
Isys20261 lecture 07
Isys20261 lecture 07Isys20261 lecture 07
Isys20261 lecture 07Wiliam Ferraciolli
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKSShaurya Gogia
 
20320140501016
2032014050101620320140501016
20320140501016IAEME Publication
 
Internets Manage Communication Procedure and Protection that Crash on Servers
Internets Manage Communication Procedure and Protection that Crash on ServersInternets Manage Communication Procedure and Protection that Crash on Servers
Internets Manage Communication Procedure and Protection that Crash on ServersIRJET Journal
 
Threats to Mobile Computing
Threats to Mobile ComputingThreats to Mobile Computing
Threats to Mobile Computingmadhurbyheart
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallAruba, a Hewlett Packard Enterprise company
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
 
Internet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInternet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInformation Technology
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014Raleigh ISSA
 
Defining Cyber Crime
Defining Cyber CrimeDefining Cyber Crime
Defining Cyber CrimeShenick Network Systems
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.RAVI RAJ
 
Cyberscout Presentation
Cyberscout PresentationCyberscout Presentation
Cyberscout PresentationFiroze Hussain
 
An approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxAn approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxamalouwarda1
 
Information security advanced
Information security advancedInformation security advanced
Information security advancedJamil S. Alagha
 
ids.ppt
ids.pptids.ppt
ids.pptAgostinho9
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptxdawitTerefe5
 
Global city reach customer presentation
Global city reach customer presentationGlobal city reach customer presentation
Global city reach customer presentationacaiani
 
Colt wholesale vpn customer presentation
Colt wholesale vpn customer presentationColt wholesale vpn customer presentation
Colt wholesale vpn customer presentationacaiani
 

More Related Content

Similar to Colt IP Guardian Protects Against DDoS Attacks

640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
Internets Manage Communication Procedure and Protection that Crash on Servers
Internets Manage Communication Procedure and Protection that Crash on ServersInternets Manage Communication Procedure and Protection that Crash on Servers
Internets Manage Communication Procedure and Protection that Crash on ServersIRJET Journal
 
Threats to Mobile Computing
Threats to Mobile ComputingThreats to Mobile Computing
Threats to Mobile Computingmadhurbyheart
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
 
Internet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInternet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInformation Technology
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014Raleigh ISSA
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.RAVI RAJ
 
Cyberscout Presentation
Cyberscout PresentationCyberscout Presentation
Cyberscout PresentationFiroze Hussain
 
An approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxAn approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxamalouwarda1
 
Information security advanced
Information security advancedInformation security advanced
Information security advancedJamil S. Alagha
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptxdawitTerefe5
 

Similar to Colt IP Guardian Protects Against DDoS Attacks (20)

640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
Isys20261 lecture 07
Isys20261 lecture 07Isys20261 lecture 07
Isys20261 lecture 07
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKS
 
20320140501016
2032014050101620320140501016
20320140501016
 
Internets Manage Communication Procedure and Protection that Crash on Servers
Internets Manage Communication Procedure and Protection that Crash on ServersInternets Manage Communication Procedure and Protection that Crash on Servers
Internets Manage Communication Procedure and Protection that Crash on Servers
 
Threats to Mobile Computing
Threats to Mobile ComputingThreats to Mobile Computing
Threats to Mobile Computing
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement Firewall
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
 
Internet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInternet Traffic Monitoring and Analysis
Internet Traffic Monitoring and Analysis
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014
 
Defining Cyber Crime
Defining Cyber CrimeDefining Cyber Crime
Defining Cyber Crime
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.
 
Cyberscout Presentation
Cyberscout PresentationCyberscout Presentation
Cyberscout Presentation
 
An approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxAn approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptx
 
Information security advanced
Information security advancedInformation security advanced
Information security advanced
 
ids.ppt
ids.pptids.ppt
ids.ppt
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptx
 

More from acaiani

Global city reach customer presentation
Global city reach customer presentationGlobal city reach customer presentation
Global city reach customer presentationacaiani
 
Colt wholesale vpn customer presentation
Colt wholesale vpn customer presentationColt wholesale vpn customer presentation
Colt wholesale vpn customer presentationacaiani
 
Ccs Customer Presentation July 2011
Ccs Customer Presentation July 2011Ccs Customer Presentation July 2011
Ccs Customer Presentation July 2011acaiani
 
Colt Backbone Solution Presentation External 12 07 2011
Colt Backbone Solution Presentation External 12 07 2011Colt Backbone Solution Presentation External 12 07 2011
Colt Backbone Solution Presentation External 12 07 2011acaiani
 
Colt Access Solution Presentation External 12 07 2011
Colt Access Solution Presentation External 12 07 2011Colt Access Solution Presentation External 12 07 2011
Colt Access Solution Presentation External 12 07 2011acaiani
 
A&B Solutions Data Product Portfolio External 12 07 2011
A&B Solutions Data Product Portfolio External 12 07 2011A&B Solutions Data Product Portfolio External 12 07 2011
A&B Solutions Data Product Portfolio External 12 07 2011acaiani
 

More from acaiani (6)

Global city reach customer presentation
Global city reach customer presentationGlobal city reach customer presentation
Global city reach customer presentation
 
Colt wholesale vpn customer presentation
Colt wholesale vpn customer presentationColt wholesale vpn customer presentation
Colt wholesale vpn customer presentation
 
Ccs Customer Presentation July 2011
Ccs Customer Presentation July 2011Ccs Customer Presentation July 2011
Ccs Customer Presentation July 2011
 
Colt Backbone Solution Presentation External 12 07 2011
Colt Backbone Solution Presentation External 12 07 2011Colt Backbone Solution Presentation External 12 07 2011
Colt Backbone Solution Presentation External 12 07 2011
 
Colt Access Solution Presentation External 12 07 2011
Colt Access Solution Presentation External 12 07 2011Colt Access Solution Presentation External 12 07 2011
Colt Access Solution Presentation External 12 07 2011
 
A&B Solutions Data Product Portfolio External 12 07 2011
A&B Solutions Data Product Portfolio External 12 07 2011A&B Solutions Data Product Portfolio External 12 07 2011
A&B Solutions Data Product Portfolio External 12 07 2011
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Colt IP Guardian Protects Against DDoS Attacks

  • 1. Colt IP Guardian © 2010 Colt Technology Services Group Limited. All rights reserved.
  • 2. Agenda • DoS and DDoS Attacks • Colt Proposition: IP Guardian • Technical View 2
  • 3. DoS attack: definition • A Denial of Service (DoS) attack is an explicit attempt by attackers to prevent legitimate users from using that service. Examples include: – Attempts to flood a network, thereby preventing legitimate network traffic – Attempts to use all available processing power on the end system to prevent regular users access – Attempts to disrupt connections between two machines, preventing access to a service – Attempts to prevent a particular individual from accessing a service – Attempts to disrupt service to a specific system or person 3
  • 4. What is a Distributed Denial of Service Attack? (1/2) • A DDoS attack is the most prominent form of DoS attack – The attacker scans millions of computers on the Internet to identify unsecured hosts to be used as launch pads – Then secretly installs software on a master computer and a collection of compromised zombie computers – The attacker hides their true identity and location by using these zombie machines to launch the attacks – The attack results in denial of service to legitimate users because their infrastructure is overwhelmed with illegitimate requests, thereby choking off the site's available bandwidth 4
  • 5. What is a Distributed Denial of Service Attack? (2/2) Areas vulnerable to attack include: Zombies on Zombies on innocent computers innocent computers • Routers A A S S • Firewalls ISP Backbone • Web servers • DNS servers Infrastructure level attacks • Mail Servers • VoIP gateways Indirect victims, elements that share the A victims’ network (for example, otherS Zombies on servers in a server farm) innocent computers Bandwidth level attacks Enterprise Server level attacks 5
  • 6. Real world proposals … • Someone offers a DDoS service -----Original Message----- From: Martyn Clapham [mailto:DDoS1033er@caulf.freeserve.co.uk] Sent: Friday, 16 May 2003 2:45 PM To: ******************** Subject: Offer from irc.mad.pp.ru 2787! Do you want to get rid of your competitors? Or blackmail your boss because he didn't pay you? We can help! Ddos attack on any internet server. We pay admins of irc.icq.com for hosting so our bandwidth is huge and our knowledge of such attacks allows us to fulfill any requirement. If you are in need of Ddos attacks, or simply looking for specific content for your web site (like child porn or anything weird) - tell us and will give you what you need! Our contacts are: irc.mad.pp.ru 2787 • Someone else offers protection you can’t refuse (if you don’t pay, you will be attacked) • So-called “cyber mafia” mainly based in Russia and Eastern Europe 6
  • 7. Typical Targets of a DDoS Attack • Typical Targets of a DDoS attacks are: – eCommerce – On line banking – On line trading – iGaming – iGambling – Content Providers – Governmental organizations – ISPs In general, all those companies that make business providing online/Internet services 7
  • 8. Agenda • DoS and DDoS Attacks • Colt Proposition: IP Guardian • Technical View 8
  • 9. Colt Proposition: IP Guardian • Proposal – Colt will protect the customer bandwidth by detecting attacks whilst still within the Colt network – Customer traffic is diverted only in case an attack is detected  no impact for customers during normal operations • How? – By expanding the existing state of the art platform built using Arbor Peakflow monitors and Arbor TMS (Threat Management System) and locating them throughout Colt’s Tier1 pan-European network 9
  • 10. Service Variants • Continuous – Automatic redirection/mitigation if anomaly detected – Reports via customer portal • On-Demand – Customer control via portal – alerts via email/SMS, – customer reviews anomaly on Colt portal – triggers mitigation if it is deemed to be an attack • Emergency Implementation – Set up temporary IPG service in midst of attack – No baselining, default profile – Can migrate to full service (Continuous or On-Demand) 10
  • 11. Benefits of the IP Guardian Service • “In the cloud” DDoS protection – DDoS protection on site can be useless – attacks can flood the pipe however good the mitigation devices are. IP Guardian stops the attack before it can reach you • Anomaly monitoring – Constant monitoring of Netflow telemetry data to ensure rapid detection of any abnormal activity • Resiliency – Protection deployed at multiple strategic locations throughout Colt global network to ensure near continuous uptime of the IP Guardian service and the best possible round trip time (RTT) in case traffic needs to be diverted • Productivity – Avoid downtime – you can carry on working as normal if the attack is successfully mitigated • Flexibility – New ‘On Demand’ Variant provides more customer control to avoid false positives 11
  • 12. IP Guardian: how it works (1/3) – IP Guardian is a dedicated service in Arbor TMS which the customer traffic is Arbor Peakflow SP continuously monitored ensuring that the customer is continually prepared to react against DDoS attacks – The traffic to the customer is constantly Public Colt monitored while it follows its path in the Internet Backbone network. The Arbor Peakflow SP Collectors gather traffic statistics (network telemetry data) from all peering and transit routers, which it Arbor SP constantly constantly analyzes to construct a monitors traffic destined network-wide view of possible traffic to the customer and network anomalies Customer Network 12
  • 13. IP Guardian: how it works (2/3) – An alert is generated if the behaviour is Arbor TMS TMS is found to be abnormal. triggered Arbor Peakflow – When an attack is detected by Arbor SP Peakflow SP, traffic is automatically diverted to Arbor TMS, which mitigates Public BGP the attack based on traffic patterns Internet Announcement learnt by Arbor Peakflow SP Arbor SP constantly monitor traffice detined to the customer Customer Network Malicious Traffic Cleaned Traffic 13
  • 14. IP Guardian: how it works (3/3) – The customer never feels the full Arbor TMS impact of an attack as their circuit is being continually Arbor Peakflow SP monitored and protection triggered automatically by the Public Colt platform Internet Backbone – Only the cleaned traffic flows toward the customer, which will be provided with high levels of protection Whenever an attack occurs, traffic is reqdirected to Arbor TMS, the attack mitigated and cleaned traffic only flows to the customer Customer Network Malicious Traffic Cleaned Traffic 14
  • 15. IP Guardian: Proactive eMail Alerting • In case an attack is detected, an email is sent to the customer • Another email is sent once the attack is mitigated • The structure of such emails is provided below as an example. – From: "Peakflow SP" traffic@peakflow.oss.colt.net – Date: date/time – To: Customer’s Address (this address shall be reachable in case of attacks) – Subject: [Peakflow SP] Bandwidth attack #[Attack ID] Incoming to [Customer] Done – Type: (Bandwidth, Protocol) – ID: a number identifying the attack – Resource: Customer’s name – Severity: high – Started: date/time (UTC) referred to the attack beginning – Ended: date/time (UTC) referred to the attack mitigation – Link rate: traffic (in Mbps) related to the attack – Router: Colt peering router and interfaces involved – Input If: Input Interface – Output If: Output Interface – URL: www.colt.net 15
  • 16. Customer Portal • View traffic profiles • View anomalies • Trigger mitigation (On-Demand Only) 16
  • 17. Agenda • DoS and DDoS Attacks • Colt Proposition: IP Guardian • Technical View 17
  • 18. IP Guardian: Platform Deployment Controller 8x CPH STO BHX Collector DUB AMS CGN DUS HAM LON HAJ BRU TMS PAR FRK STR FRK BER BAS NYC ZUR GEN PARTUR MIL LIS MAD BCN VIE MUN ROM MIL MAD 18
  • 19. Technicalities • The service is available to customers with a service bandwidth of at least 10Mbps and 30/40% of spare bandwidth (recommended) • Traffic content is not monitored or stored: IP Guardian is not what is known as “Deep Packet Inspection” • The maximum number of packets that can be dealt with is 1 Million packets per second • Maximum bandwidth up to 2Gbps per TMS – this means a maximum of 2Gbps in case of a DoS attack managed by one TMS or Nx2Gbps DDoS attack through multiple entry points (N=6, the number of TMS installed) • Simultaneous TCP connections during a SYN attack per device: 100,000 • Source and destination HTTP host pairs per device: 1 Million • Zombies per device: 20,000 19