DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS
•Transferir como PPTX, PDF•
1 gostou•1,310 visualizações
Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (19)
Semelhante a DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS
Semelhante a DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS (20)
Mais de Andris Soroka
Mais de Andris Soroka (20)
Último
Último (20)
DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS
- 1. Protection against DDoS and WEB attacks Michael Soukonnik Radware Ltd michaels@radware.com
- 2. Landscape
- 3. Ponemon Research 2012: Cyber security threats Cyber security threats according to risk mitigation priority 10 = Highest Priority to 1 = Lowest Priority Denial of service (DoS) Server side injection Distributed denial of service (DDoS) Viruses, worms and trojans Malware Botnets Malicious insiders Cross site scripting Web scrapping Phishing and social engineering 9.0 8.6 8.2 7.9 7.7 6.4 5.4 3.2 3.0 2.8 0.0 2.0 4.0 6.0 8.0 10.0 3
- 4. Attacks Have Become More Complex ERT Cases – Attack Vectors 29% 29% 16% 30% 20% 16% 10% 4% 0% 7% 5-6 7-8 2011 2012 Complexity 9-10 Attacks are more complex: 2013 DoS/DDoS attacks have become more sophisticated, using more complex attack vectors. Note the number of attacks with a complexity level of 7-10. 4
- 5. Botnet Evolution To subdue the enemy without fighting is the acme of skill. Individual Servers Malicious software installed on hosts and servers (mostly located at Russian and east European universities), controlled by a single entity by direct communication. Examples: Trin00, TFN, Trinity 1998 - 2002 5 Botnets Stealthy malicious software installed mostly on personal computers without the owner’s consent; controlled by a single entity through indirect channels (IRC, HTTP) Examples: Agobot, DirtJumper, Zemra 1998 - Present Voluntary Botnets Many users, at times as part of a Hacktivist group, willingly share their personal computers. Using predetermined and publicly available attack tools and methods, with an optional remote control channel. New Server-based Botnets Powerful, well orchestrated attacks, using a geographically spread server infrastructure. Few attacking servers generate the same impact as hundreds of clients. Examples: LOIC, HOIC 2010 - Present 2012
- 6. DDoS from Russia – Just business Slide 6
- 7. It is cheap! Current prices on the Russian underground market: Hacking corporate mailbox: $500 Winlocker ransomware: $10-$20 Unintelligent exploit bundle: $25 Intelligent exploit bundle: $10-$3,000 Basic crypter (for inserting rogue code into benign file): $10-$30 SOCKS bot (to get around firewalls): $100 Hiring a DDoS attack: $30-$70 / day, $1,200 / month Botnet: $200 for 2,000 bots DDoS Botnet: $700 ZeuS source code: $200-$250 Windows rootkit (for installing malicious drivers): $292 Hacking Facebook or Twitter account: $130 Hacking Gmail account: $162 Email spam: $10 per one million emails Email scam (using customer database): $50-$500 per one million emails 7
- 8. • Lithuania – just weeks before becoming a chairman of EU (1.07.2013) – DDoS attack on a news website resulted by harming Internet for the entire country. New waves of the attack are coming every several weeks on governmental and private sites using 7-8 different attack vectors • In July new DDoS protection system from Radware installed and protecting sites with coverage of Emergency Response Team 8
- 9. • Russia – Anonymous Caucasus attacking all major banks (Central Bank, Sberbank, VTB, Alfa, Gazprombank) a month ago • Old fashion systems/services they used before that Russia – Anonymous Caucasus attacking (IPS, IDS, DDoS, NG Firewalls, Kaspersky etc) were all major banks (Central Bank, unable to stop the attacks 9
- 10. • US – Op Ababil – all major banks were attacked in multiple waves by Iranian and Arab fundamentalists since 0912 • 5-6 vectors per attack including TCP, UDP, HTTP, HTTPS floods, DNS amplification attacks etc • Old fashion systems they used before that (IPS, IDS, DDoS, NG Firewalls, etc) were unable to stop the attacks • Radware DDoS protection was installed in march – just before 3rd wave of attack and stopped 3rd and 4th waves 10
- 11. • Attacks become more complex! • Attacks become longer! • More financially motivated attacks, but at the same time more politically motivated attacks on government and private organizations ! You never know if you are on sight of future attack! 11
- 12. Radware Attack Mitigation System (AMS)
- 13. Old fashion systems are volnurable Firewall, IPS (even NG) cannot stop DDoS ! Radware Confidential Jan 2012 13
- 14. Mapping Security Protection Tools In the cloud DDoS protection DoS protection Behavioral analysis SSL protection IPS WAF UDP Garbage flood on ports 80 and 443 ICMP flood attacks To fight back you need: SYN/TCP OOS flood attacks • An integrated solution with all security technologies Server cracking attacks Business • Mitigate attacks beyond the perimeter SSL/TLS negotiation attacks HTTP flood attack HTTPS flood attack Web attacks: XSS, SQL Injection, Brute force 14
- 15. Radware Attack Mitigation System (AMS) 15
- 16. Radware AMS Architecture Volumetric DoS Protection L3 – 7 Anomaly Detection Application Firewall IPS & FRAUD PROTECTION Application Attacks Web Application Protection Behavior protection mechanisms & Reputation Engine Static signatures HW/SW specially developed to fight against all levels of attacks !
- 17. Radware AMS Portfolio DefensePro On demand 200Mbps – 40Gbps of legitimate traffic Anti-DoS, NBA, IPS, Rep. Engine AppWall Appliance & VA Web Application Firewall (WAF) APSolute Vision HW или VA Security Event Management (SEM) 17
- 18. DefensePro Protection Layers Network Server Application DNS Protection HTTP Flood Protection Available Service Anti-Scan Behavioral DoS SYN Protection Server Cracking Signature Protection Connection Limit Connection PPS Limit Out-Of-State BL/WL
- 19. US Banks Under Attack: AMS Deployment • Mitigate all type of DDoS attacks • Mitigate SSL attacks Alteon AppWall DefensePro • Mitigate web application explits Application Infrastructure 19
- 20. Customer Success Leading the DDoS Protection Market
- 21. Top Account Wins in Every Segment Online Businesses Critical Infrastructure Carrier/ISP DDoS Mitigation Service Radware is THE leader in the DDoS Hosting Cloud protection market. Scrubbers Carrier Backbone 21
- 22. Our Customers Select AMS Financial Services Retail Services Government, Healthcare & Education Carrier & Technology Services 22
- 23. We Protect Against the Top Attack Campaigns 23
- 24. Radware AMS Application SLA Assurance Even Under Attack! 24
Notas do Editor
- Now I will review Radware attack mitigation system.
- Now I will review Radware attack mitigation system.
- Now I will review Radware attack mitigation system.
- The application infrastructure is targeted at all layers - with network flood attacks consuming network resources, syn flood attacks and server cracking targeting server resources and TCP/IP stack vulnerabilities; and application vulnerability exploits and application flooding targeting the application resources. All or part of these vectors results with the same impact – service slow down or shut down.To mitigate the multi vector attack campaign you need multiple protection tools:In the cloud dos mitigation – to remove volumetric network floodsDoS protection – to detect and mitigate SYN flood attacks and lower volume network attacksBehavioral Analysis – to detect anomalous traffic patterns such as server cracking and application misuse attacksSSL protection – to detect and mitigate encrypted flood attacksIPS – to block known attack toolsAnd Web application firewall – to prevent web application vulnerability exploitationsBut multiple protection modules also require multiple vendors….
- Except for Radware attack mitigation system, which provides Anti-DoS, network behavioral analysis, SSL defense, IPS, WAF and in the cloud DoS mitigation in one integrated system, supported on dedicated hardware designed to fight multiple attack types in parallel.To mitigate network attacks that threaten to saturate the internet pipe we have launch this year DefensePipe – an in the cloud DDoS scrubbing service that work in sync with the on premse AMS solution.The system is accompanies with central monitoring and reporting system to provide unified situational awareness.In the case of a long lasting attack campaign where the system cannot mitigate all attack vectors out of the box – we provide the support of Radware ERT – a 24 by 7 team of security experts that help customer under attack in real time to fight back and restore operational status.
- Now lets see where does AMS fit – where are your key business opportunities.
- The top retailers, financial service providers, government and telcos have one common need: fight availability-based attacks. All selected Radware for their attack mitigation solution.Why Radware AMS? Because we are the only vendor to offer:Scalable solution that offers the widest security coverageImmediate mitigation response time ERT - Single contact point during an attack
- The top retailers, financialsrvice providers, government and telcos have one common need: fight availability-based attacks. All selected Radware for their attack mitigation solution.Why Radware AMS? Because we are the only vendor to offer:Scalable solution that offers the widest security coverageImmediate mitigation response time ERT - Single contact point during an attack