O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Economical Denial of Sustainability in the Cloud (EDOS)

14 visualizações

Publicada em

Raluca Stanciu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.

The videos and other presentations can be found on https://def.camp/archive

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Economical Denial of Sustainability in the Cloud (EDOS)

  1. 1. EDoS in the Cloud(Economical Denial of Service) Raluca Stanciu - BullGuard
  2. 2. So… 11 hours 1.2Tbps Losses???
  3. 3. EDoS?
  4. 4. DDoS – a serious threat. Why? 2016: 1,5 million hijacked wireless cameras  1-Tbps DDoS attack In 2017: the first Android botnet (WireX) = 150.000 infected devices BOTNETS
  5. 5. Attack numbers? 20,000 daily attacks source: DDoSMon (2017) $2.5 million DDoS costs per company source: Neustar (2016-2017)
  6. 6. Examples: Victim company When Attack peak size Attack duration Other details Undisclosed customer of a U.S.- based service provider March 2018 1.7Tbps _ • Largest attack known until now • Amplification attack. GitHub February 2018 1.35Tbps 10 minutes • Memcached-Servers amplification attack Microsoft’s and Sony’s online gaming services (PSN and Xbox) Christmas 2014 _ 2 days for Microsoft 3 days for Sony • The attack took down entirely Microsoft’s and Sony’s online gaming services. • Millions of users were unable to play online games or access entertainment channels Runescape, a gaming platform 2014 _ _ • Spent £6 million trying to defend against the DDOS attack. Rackspace, a Cloud service provider 2014 _ 11 hours
  7. 7. http://www.digitalattackmap.com
  8. 8. Ok. DDoS. Methods? Log-in attacks Egress data attacks
  9. 9. Reflection attacks 2018 : GitHub attack - 1.35 Tbps Unprecendented amplication factor  51,000x
  10. 10. DDoS attack strategy *source: DDOSMON
  11. 11. DDoS protection in Cloud. How? 1h of downtime = How much revenue loss ? NO ACCESS to the physical network infrastructure DDoS Protection as a Service
  12. 12. What’s the best you can do with DDoSPaaS? 1.Reduce attack surface 2.Be ready to scale 3.Architect for resilience. 4. Register for live support service Time-to-mitigation = MONEY
  13. 13. 1. Reduce attack surface Expose ONLY if necessary If exposed, protect, protect, PROTECT!Cloud storage resources  Access Control Lists Ports  Firewall rules Anti-spoofing protection VPC network configuration VPC Administrative Console  Identity Access Management Internal traffic  Isolated: • Public IP only if needed • NAT Gateway • Internal Load Balancing: for your internal client instances accessing internally deployed services thereby avoiding exposure to the external world. You have API Frontend exposed to the public  The API frontend is can be DDoS attacked and expose resources also => use the Cloud provider’s API Gateway as a “front door”
  14. 14. 2. Be ready to scale Elastic Load Balancing  scales automatically at need => can manage larger volumes 1. Application Load Balancer  routes traffic based on its content and accepts only well-formed web requests => it blocks SYN floods, UDP reflection attacks and others 2. Network Load Balancer  For TCP-based applications, you can use NLB to route traffic to Amazon EC2 instances at ultralow latency Elastic IP Addresses  Static IPv4 address designed for dynamic cloud computing. If the assigned instance fails, it is remapped to another instance Proper Elastic Computer type (resources-wise)  ex: 25Gb NIC & Enhanced Networking Choose a SLA with automatic scaling  horizontally: add instances; vertically: use larger instances
  15. 15. 3. Architect for resiliance
  16. 16. Limit, limit, limit!!! per-IP request count per-IP connection count count of users who can make requests to your application Choose a product which can properly protect detect both bad AND GOOD traffic (what if your web service has a legit spike of clients?) Costs!!!! Hidden or not!!! In the Cloud, even a sneeze costs! Cloud-provided regions  performance, data sovereignty, optimal latency Shared Responsibility Model !!! Differences between the DDoS protection products DDoSPaaS – Other MUSTS
  17. 17. • Understand the differences between Cloud DDoS protection services
  18. 18. *Third party DDoSPaaS Akamai  helped protect against the 2018 1.35 TB attack against GitHub Blockchain DDoS mitigation
  19. 19. Conclusion? Anything which has an IP address CAN and WILL be used against you!