SlideShare uma empresa Scribd logo

Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Chấn Việt

Security Bootcamp
Security Bootcamp
Tecnologia
1 de 30
Baixar para ler offline
Mitigate DDoS attack with effective cost Nguyễn Chấn Việt
Đơn vị tổ chức: Đơn vị tài trợ:
The Growth of DDoS Attacks • Malware • Exploit 10/29/2013 11:16 AM www.securitybootcamp.vn
Classification • Volume Based Attacks –The attacker tries to saturate the bandwidth of the target’s website by flooding it with a huge quantity of data. This category includes ICMP floods, UDP floods and other spoofed-packet floods. The magnitude of Volume Based Attacks is measured in bits per second (Bps). • Protocol Attacks –The attacker’s goal is to saturate the target’s server resources or those of intermediate communication equipment (e.g., Load balancers) by exploiting network protocol flaws. This category includes SYN floods, Ping of Death, fragmented packet attacks, Smurf DDoS and more. The magnitude of Protocol Attacks is measured in Packets per second. • Application Layer (Layer 7) Attacks – Designed to exhaust the resource limits of Web services, application layer attacks target specific web applications, flooding them with a huge quantity of HTTP requests that saturate a target’s resources. Examples of application layer DDoS attacks include Slowloris, as well as DDoS attacks that target Apache, Windows, or OpenBSD vulnerabilities. The magnitude of application layer attacks is measured in Requests per second. 10/29/2013 11:16 AM www.securitybootcamp.vn
What we care ? • Exhausting resources like: – CPU – Memory/Buffers – I/O operations – Disk space – Network bandwidth 10/29/2013 11:16 AM www.securitybootcamp.vn
Where to start ? • Go through all devices on network, from L2 switches to backend servers and identify possible leaks, bottlenecks, attack vectors, applicable DoS attacks, vulnerabilities ... and mitigate or (rate)limit them 10/29/2013 11:16 AM www.securitybootcamp.vn
Infrastructure • Hosting and VM is not good idea 10/29/2013 11:16 AM www.securitybootcamp.vn
[1] 10/29/2013 11:16 AM www.securitybootcamp.vn
Architecture • Rule: Defence in depth (multi-layer) 10/29/2013 11:16 AM www.securitybootcamp.vn
OS Tuning • *nix is good choice • Rule : If not used, turn off 10/29/2013 11:16 AM www.securitybootcamp.vn
/etc/sysctl.conf tuning • net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 2 net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.tcp_rmem = 4096 87380 1048576 net.ipv4.tcp_wmem = 4096 16384 1048576 net.ipv4.tcp_max_orphans = 2048 10/29/2013 11:16 AM www.securitybootcamp.vn
Layer 3-4 • Stateful Firewall – Iptables – Tuning connections tracking • Rule : Deny all, allow selective 10/29/2013 11:16 AM www.securitybootcamp.vn
Layer 7 • WAF : to filter what firewall missed at IP layer – Mod_security • Why not snort ? 10/29/2013 11:16 AM www.securitybootcamp.vn
Layer 7 • Choosing webserver – Nginx is the best • Tuning webserver – Improve Apache with mod_reqtimeout • Caching is very important – Static cache – memcached 10/29/2013 11:16 AM www.securitybootcamp.vn
Patching • Keep Your System Up-to-date • Example : – Slowloris : based on missing CRLF – Slow Read attack : based on TCP persist timer exploit – Apache Range Header attack 10/29/2013 11:16 AM www.securitybootcamp.vn
Proactive with NSM • Logs is very important • My suggestion : Syslog-ng + Splunk 10/29/2013 11:16 AM www.securitybootcamp.vn
Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
Proactive with NSM • Alternative : Logstash is a free tool for managing events and logs. It has three primary components, an Input module for collecting logs from various sources 10/29/2013 11:16 AM ElasticSearch is this awesome distributable, RESTful, free Lucene powered search engine/server. Unlike SOLR, ES is very simple to use and maintain and similar to SOLR, indexing is near realtime. www.securitybootcamp.vn Kibana is a presentation layer that sits on top of Elasticsearch to analyze and make sense of logs that logstash throws into Elastic search; Kibana is a highly scalable interface for Logstash and ElasticSearch that allows you to efficiently search, graph, analyze and otherwise make sense of a mountain of logs.
Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
[2] Case Study 10/29/2013 11:16 AM www.securitybootcamp.vn
Our suggestion • Diagram 10/29/2013 11:16 AM www.securitybootcamp.vn
Our suggestion • Router with high throughput • reverse proxy servers : – 32Gb RAM, 10Gb NIC, Quad Core I7, SSD disk (for internal I/O better) – Linux OS, running IPTables + apache (worker MPM) + mod_security 10/29/2013 11:16 AM www.securitybootcamp.vn
Our suggestion • cache servers : – Using SSD Disk – Application cache (ex : xcache/APC for PHP, …) – Generic cache : Apache Traffic Server 10/29/2013 11:16 AM www.securitybootcamp.vn
Cloud-based Solutions • For large DDoS attack (e.g Spamhaus was DDoS by 300Gb/s of traffic), we need a third-party : – Incapsula – CloudFlare 10/29/2013 11:16 AM www.securitybootcamp.vn
Cloud-based Solutions 10/29/2013 11:16 AM www.securitybootcamp.vn
Simple but effective • If you can determine C&C servers, just null route them 10/29/2013 11:16 AM www.securitybootcamp.vn
Testing • Test your network and devices by simulating real DoS attack (LOIC/HOIC, hping, slowhttptest, thc-ssl-dos, pktgen, ... ) 10/29/2013 11:16 AM www.securitybootcamp.vn
Conclusion • This approach is not “silver bullet” for preventing DDoS attacks • There isn’t “a technique” for mitigrating DDoS – DDoS Mitigation = Hardened System + Money 10/29/2013 11:16 AM www.securitybootcamp.vn
Thank you ! 10/29/2013 11:16 AM www.securitybootcamp.vn

Recomendados

Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp
 
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
Security Bootcamp
 
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat Security Conference
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
Security Bootcamp
 
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Security Bootcamp
 
Масштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google ChromeМасштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google Chrome
Positive Hack Days
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Tamas K Lengyel
 

Recomendados

Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp
 
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
Security Bootcamp
 
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat Security Conference
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
Security Bootcamp
 
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Security Bootcamp
 
Масштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google ChromeМасштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google Chrome
Positive Hack Days
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Tamas K Lengyel
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
Jason Choi
 
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Igor Korkin
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng Dương
Security Bootcamp
 
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue AgainKernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Igor Korkin
 
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat Security Conference
 
Linux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningLinux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardening
Mender.io
 
Catching fileless attacks
Catching fileless attacksCatching fileless attacks
Catching fileless attacks
Balaji Rajasekaran
 
Egress-Assess and Owning Data Exfiltration
Egress-Assess and Owning Data ExfiltrationEgress-Assess and Owning Data Exfiltration
Egress-Assess and Owning Data Exfiltration
CTruncer
 
Password cracking
Password crackingPassword cracking
Password cracking
Ilan Mindel
 
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Igor Korkin
 
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware AnalysisIstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
BGA Cyber Security
 
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
RootedCON
 
Cloud Service Provider (Csp) internal threats
Cloud Service Provider (Csp) internal threats Cloud Service Provider (Csp) internal threats
Cloud Service Provider (Csp) internal threats
Ahmed EL-KOSAIRY
 
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
OWASP Russia
 
Fosdem10
Fosdem10Fosdem10
Fosdem10
wremes
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
wremes
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
CODE BLUE
 
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGiUsers
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
Positive Hack Days
 
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat Security Conference
 
Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp
 
Basic Security Training day 2
Basic Security Training day 2Basic Security Training day 2
Basic Security Training day 2
Tu Khiem
 

Mais conteúdo relacionado

Mais procurados

Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue AgainKernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Igor Korkin
 
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat Security Conference
 
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Igor Korkin
 
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
RootedCON
 
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
OWASP Russia
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
CODE BLUE
 
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGiUsers
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
Positive Hack Days
 
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat Security Conference
 

Mais procurados (20)

Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
 
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng Dương
 
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue AgainKernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
 
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
 
Linux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningLinux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardening
 
Catching fileless attacks
Catching fileless attacksCatching fileless attacks
Catching fileless attacks
 
Egress-Assess and Owning Data Exfiltration
Egress-Assess and Owning Data ExfiltrationEgress-Assess and Owning Data Exfiltration
Egress-Assess and Owning Data Exfiltration
 
Password cracking
Password crackingPassword cracking
Password cracking
 
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
 
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware AnalysisIstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
 
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
 
Cloud Service Provider (Csp) internal threats
Cloud Service Provider (Csp) internal threats Cloud Service Provider (Csp) internal threats
Cloud Service Provider (Csp) internal threats
 
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
 
Fosdem10
Fosdem10Fosdem10
Fosdem10
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
 
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and well
 

Destaque

Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp
 
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
Giang Văn
 
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
Security Bootcamp
 

Destaque (12)

Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013
 
Basic Security Training day 2
Basic Security Training day 2Basic Security Training day 2
Basic Security Training day 2
 
Slide 06
Slide 06Slide 06
Slide 06
 
Ch16
Ch16Ch16
Ch16
 
Isas semina
Isas seminaIsas semina
Isas semina
 
Slide 00 gioi thieu
Slide 00 gioi thieuSlide 00 gioi thieu
Slide 00 gioi thieu
 
Lương Trung Thành - Cloud Control Matrix
Lương Trung Thành - Cloud Control MatrixLương Trung Thành - Cloud Control Matrix
Lương Trung Thành - Cloud Control Matrix
 
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
 
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
 
Bài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPT
Bài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPTBài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPT
Bài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPT
 
Chương 6 Bảo mật - Giáo trình FPT
Chương 6 Bảo mật - Giáo trình FPTChương 6 Bảo mật - Giáo trình FPT
Chương 6 Bảo mật - Giáo trình FPT
 
Lập trình sáng tạo creative computing textbook mastercode.vn
Lập trình sáng tạo creative computing textbook mastercode.vnLập trình sáng tạo creative computing textbook mastercode.vn
Lập trình sáng tạo creative computing textbook mastercode.vn
 

Semelhante a Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Chấn Việt

Security Bootcamp 2013 mitigate d do-s attack with effective cost
Security Bootcamp 2013 mitigate d do-s attack with effective costSecurity Bootcamp 2013 mitigate d do-s attack with effective cost
Security Bootcamp 2013 mitigate d do-s attack with effective cost
Security Bootcamp
 
PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services.
yeung2000
 
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
Ian Choi
 
Run MongoDB with Confidence: Backing up and Monitoring with MMS
Run MongoDB with Confidence: Backing up and Monitoring with MMSRun MongoDB with Confidence: Backing up and Monitoring with MMS
Run MongoDB with Confidence: Backing up and Monitoring with MMS
MongoDB
 

Semelhante a Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Chấn Việt (20)

Security Bootcamp 2013 mitigate d do-s attack with effective cost
Security Bootcamp 2013 mitigate d do-s attack with effective costSecurity Bootcamp 2013 mitigate d do-s attack with effective cost
Security Bootcamp 2013 mitigate d do-s attack with effective cost
 
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
 
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
 
6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
 
IJCSE Paper
IJCSE PaperIJCSE Paper
IJCSE Paper
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.ppt
 
Defensive information warfare on open platforms
Defensive information warfare on open platformsDefensive information warfare on open platforms
Defensive information warfare on open platforms
 
DDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptxDDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptx
 
PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services.
 
Deploy secure, scalable, and highly available web apps with Azure Front Door ...
Deploy secure, scalable, and highly available web apps with Azure Front Door ...Deploy secure, scalable, and highly available web apps with Azure Front Door ...
Deploy secure, scalable, and highly available web apps with Azure Front Door ...
 
Codefest2015
Codefest2015Codefest2015
Codefest2015
 
2013 april-screen
2013 april-screen2013 april-screen
2013 april-screen
 
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
QA: Базовое тестирование защищенности веб-приложений в рамках QA
QA: Базовое тестирование защищенности веб-приложений в рамках QAQA: Базовое тестирование защищенности веб-приложений в рамках QA
QA: Базовое тестирование защищенности веб-приложений в рамках QA
 
Run MongoDB with Confidence: Backing up and Monitoring with MMS
Run MongoDB with Confidence: Backing up and Monitoring with MMSRun MongoDB with Confidence: Backing up and Monitoring with MMS
Run MongoDB with Confidence: Backing up and Monitoring with MMS
 
D108636GC10_les01.pptx
D108636GC10_les01.pptxD108636GC10_les01.pptx
D108636GC10_les01.pptx
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
 

Mais de Security Bootcamp

GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
Security Bootcamp
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
Security Bootcamp
 

Mais de Security Bootcamp (20)

Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurity
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
 
Deception change-the-game
Deception change-the-gameDeception change-the-game
Deception change-the-game
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdr
 
Sbc2019 luong-cyber startup
Sbc2019 luong-cyber startupSbc2019 luong-cyber startup
Sbc2019 luong-cyber startup
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-want
 
Macro malware common techniques - public
Macro malware common techniques - publicMacro malware common techniques - public
Macro malware common techniques - public
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Tim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuTim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cu
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 cost
 
Build SOC
Build SOC Build SOC
Build SOC
 
AD red vs blue
AD red vs blueAD red vs blue
AD red vs blue
 
Securitybox
SecurityboxSecuritybox
Securitybox
 
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
 
Api security-present
Api security-presentApi security-present
Api security-present
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
 
Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 

Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Chấn Việt

  • 1. Mitigate DDoS attack with effective cost Nguyễn Chấn Việt
  • 2. Đơn vị tổ chức: Đơn vị tài trợ:
  • 3. The Growth of DDoS Attacks • Malware • Exploit 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 4. Classification • Volume Based Attacks –The attacker tries to saturate the bandwidth of the target’s website by flooding it with a huge quantity of data. This category includes ICMP floods, UDP floods and other spoofed-packet floods. The magnitude of Volume Based Attacks is measured in bits per second (Bps). • Protocol Attacks –The attacker’s goal is to saturate the target’s server resources or those of intermediate communication equipment (e.g., Load balancers) by exploiting network protocol flaws. This category includes SYN floods, Ping of Death, fragmented packet attacks, Smurf DDoS and more. The magnitude of Protocol Attacks is measured in Packets per second. • Application Layer (Layer 7) Attacks – Designed to exhaust the resource limits of Web services, application layer attacks target specific web applications, flooding them with a huge quantity of HTTP requests that saturate a target’s resources. Examples of application layer DDoS attacks include Slowloris, as well as DDoS attacks that target Apache, Windows, or OpenBSD vulnerabilities. The magnitude of application layer attacks is measured in Requests per second. 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 5. What we care ? • Exhausting resources like: – CPU – Memory/Buffers – I/O operations – Disk space – Network bandwidth 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 6. Where to start ? • Go through all devices on network, from L2 switches to backend servers and identify possible leaks, bottlenecks, attack vectors, applicable DoS attacks, vulnerabilities ... and mitigate or (rate)limit them 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 7. Infrastructure • Hosting and VM is not good idea 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 9. Architecture • Rule: Defence in depth (multi-layer) 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 10. OS Tuning • *nix is good choice • Rule : If not used, turn off 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 11. /etc/sysctl.conf tuning • net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 2 net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.tcp_rmem = 4096 87380 1048576 net.ipv4.tcp_wmem = 4096 16384 1048576 net.ipv4.tcp_max_orphans = 2048 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 12. Layer 3-4 • Stateful Firewall – Iptables – Tuning connections tracking • Rule : Deny all, allow selective 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 13. Layer 7 • WAF : to filter what firewall missed at IP layer – Mod_security • Why not snort ? 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 14. Layer 7 • Choosing webserver – Nginx is the best • Tuning webserver – Improve Apache with mod_reqtimeout • Caching is very important – Static cache – memcached 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 15. Patching • Keep Your System Up-to-date • Example : – Slowloris : based on missing CRLF – Slow Read attack : based on TCP persist timer exploit – Apache Range Header attack 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 16. Proactive with NSM • Logs is very important • My suggestion : Syslog-ng + Splunk 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 17. Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 18. Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 19. Proactive with NSM • Alternative : Logstash is a free tool for managing events and logs. It has three primary components, an Input module for collecting logs from various sources 10/29/2013 11:16 AM ElasticSearch is this awesome distributable, RESTful, free Lucene powered search engine/server. Unlike SOLR, ES is very simple to use and maintain and similar to SOLR, indexing is near realtime. www.securitybootcamp.vn Kibana is a presentation layer that sits on top of Elasticsearch to analyze and make sense of logs that logstash throws into Elastic search; Kibana is a highly scalable interface for Logstash and ElasticSearch that allows you to efficiently search, graph, analyze and otherwise make sense of a mountain of logs.
  • 20. Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 21. [2] Case Study 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 22. Our suggestion • Diagram 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 23. Our suggestion • Router with high throughput • reverse proxy servers : – 32Gb RAM, 10Gb NIC, Quad Core I7, SSD disk (for internal I/O better) – Linux OS, running IPTables + apache (worker MPM) + mod_security 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 24. Our suggestion • cache servers : – Using SSD Disk – Application cache (ex : xcache/APC for PHP, …) – Generic cache : Apache Traffic Server 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 25. Cloud-based Solutions • For large DDoS attack (e.g Spamhaus was DDoS by 300Gb/s of traffic), we need a third-party : – Incapsula – CloudFlare 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 26. Cloud-based Solutions 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 27. Simple but effective • If you can determine C&C servers, just null route them 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 28. Testing • Test your network and devices by simulating real DoS attack (LOIC/HOIC, hping, slowhttptest, thc-ssl-dos, pktgen, ... ) 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 29. Conclusion • This approach is not “silver bullet” for preventing DDoS attacks • There isn’t “a technique” for mitigrating DDoS – DDoS Mitigation = Hardened System + Money 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 30. Thank you ! 10/29/2013 11:16 AM www.securitybootcamp.vn