This document summarizes a virtual event about preventing DDoS attacks against credit unions. The event covers 5 types of DDoS attacks and discusses practical steps credit unions can take to prepare for and prevent attacks. Presenters from RedZone Technologies discuss reviewing a credit union's security portfolio, identifying gaps, and developing a long-term investment roadmap to strengthen defenses against DDoS and other cyber threats. The event provides an overview of vendor solutions that can help protect against different attack types and questions attendees should consider.
2024: Domino Containers - The Next Step. News from the Domino Container commu...
5 Ways To Fight A DDoS Attack
1. Credit Union - DDoS
(Distributed Denial of Service) Attacks?
Virtual Education Session
May 2nd | 4 – 4:45pm
Moderator:KristineWilson
Presenters:BillMurphyandJamesCrifasi
Live Tweet from the event!
@TheRedZoneCIO
3. President and Founder
• RedZone Technologies
• ThunderDG
• MA DR Solutions
• Beyond Limits Magazine
Keep In Touch With Bill:
@TheRedZoneCIO
CIO Executive Series Group
billm@redzonetech.net
About Bill Murphy
Live Tweet from the event!
@TheRedZoneCIO
4. About James Crifasi
Live Tweet from the event!
@TheRedZoneCIO
• CTO of RedZone Technologies
• Co-Founder ThunderDG
• Co-Founder MA DR
• University of Maryland Graduate | B.A. Criminology &
Criminal Justice | B.S. Computer Science – Algorithmic
Theory & AI | M.S. Interdisciplinary Management
• Keep In Touch With James: jcrifasi@redzonetech.net
5. Assessment: IT Architecture and Design
Integration: Security| Disaster Recovery|
Infrastructure
Managed Service Programs
Cloud Brokerage
Live Tweet from the event!
@TheRedZoneCIO
6. Agenda – Types of attacks To Be Reviewed
1. Pure network attack against the credit union
2. Pure network attack against the ISP router
3. Content DDoS
4. DNS DDoS
5. Random Botnet attack
Live Tweet from the event!
@TheRedZoneCIO
7. Agenda – Questions To Be Answered
• What does it mean?
• What are your zero-day protection options?
• What to check on your security products?
• How to enable global IP protection?
• How do I address potential fraud communication in
advance?
• What are some vendor solutions?
Live Tweet from the event!
@TheRedZoneCIO
13. What Do They Want?
Live Tweet from the event!
@TheRedZoneCIO
“Their tactics have been succeeding. They will be back for
more because they are getting what they want.”
- Avivah Litan, a Gartner analyst who tracks DDoS.
CU Times
1. Primary objective appears to be to create uncertainties
about the reliability and dependability of the United
States’ financial system and knock many big banks off line
– mission accomplished.
2. Headlines
14. What Do They Want?
.
Live Tweet from the event!
@TheRedZoneCIO
Source: RSA
15. What Does It Mean?
• Being down
• Unable to update members on situation
• Greater risk of attacks on members (Phishing)
Live Tweet from the event!
@TheRedZoneCIO
Source: Tosh.ComedyCentral.com
16. Our Philosophy – Be Proactive
.
Live Tweet from the event!
@TheRedZoneCIOSource: Google Images
18. Security When Under The Gun
.
Live Tweet from the event!
@TheRedZoneCIOSource: Google Images
19. Our Approach When Time Is Of the Essence
.
Live Tweet from the event!
@TheRedZoneCIO
• Review critical network components
• Communication with members
• Let board know there are no guarantees
20. How Can a Credit Union prepare and respond
during an attack?
An attack can be from hours to days…
Three Phases Are Needed
1. Pre-Attack Phase –
• Readying for an attack
• Securing mitigation solutions, deploying appropriate security
systems, etc.
2. During the Attack Phase
• Assemble the required manpower and expertise
• Considering that you may only experience a few attacks per year
3. Post-Attack Phase
• Conducting forensics, drawing conclusions and improving for the next
attack
• Search for additional competencies externally - from security experts,
vertical alliances, or government services.
• On-demand service Live Tweet from the event!
@TheRedZoneCIO
21. Our Approach When Not Under Gun
Logic | Assessment | Portfolio Investment
Live Tweet from the event!
@TheRedZoneCIO
• Review Security Portfolio
• Develop 24 month investment roadmap
• Identify Gaps
• Remediate Gaps
• Let Board know there are no guarantees
**Don’t make it easy for them (attackers)
23. Client Integrity
Intelligent Perimeters
Identity Access
Control
Enterprise Single
Sign On
Provisioning/
Deprovisioning
Authentication
Authorization & Roles
Directory - Foundation
Multi-year Security, Identity and Privacy Strategy
(SIP)
Compliance
Requirements
PC firewalls
USB Mgmt
Laptop Mgmt
Email Encryption
Firewalls
UTM devices
IDP/IDS
SPAM Filters
VPNs
SSL/VPN
Web Mail
Two factor
Authentication
Biometrics
Key fob (two factor)
Secure Password
Management and
Building access Mgmt
through anAppliance or
Application rewriting
Single Directory with
process and system ‘tie-
ins’
Federation
Strategic Creation of
Roles based on job
function, not
individualized on a per
user basis.
Microsoft AD, Novell,
Open LDAP, etc
M
O
N
I
T
O
R
L
O
G
G
N
G
R
E
P
O
R
T
I
N
G
Live Tweet from the event!
@TheRedZoneCIOSource: RedZone Technologies
24. PURE POWER IS BIG ENABLER
Live Tweet from the event!
@TheRedZoneCIO
• Attacks reach 40+ gigabits/second
• Attacker only needs 2,000+ servers
• Targets have to invest substantial resources to defend
• Reflective DNS attacks still major “weapon”
• Tactics have adapted to counter measures
• Attacks are more intelligent and deadly
Source: RSA
25. Pure Network Attack Against the Credit Union
Live Tweet from the event!
@TheRedZoneCIO
THE CU
Server (Any)
Source: RSA
26. Pure Network Attack Against the ISP Router
Live Tweet from the event!
@TheRedZoneCIO
The droidguy.com
ISP Router
CU Security Gear
Source: RSA
27. Content DDoS
Live Tweet from the event!
@TheRedZoneCIO
Normal: ask for one file and wait for answer
DDoS: ask for hundreds of files and ignore answer
EXAMPLE 1
EXAMPLE 2
Source: RSA
28. Content DDoS
Live Tweet from the event!
@TheRedZoneCIO
One example of content DDoS is using the servers SSL certificate against it.
Source: Radware
30. Live Tweet from the event!
@TheRedZoneCIO
Random Botnet
Credit Union
Source: RSA
31. What To Check
• Firewall – Basic DDoS Network Protection
• Load Balancers – Network DDoS Protection
• ISP Router – does it answer to the internet? (do you let
people ping?)
• Where is your DNS hosted? i.e. On a single server, with
the ISP, self hosted behind security (best), secure
cloud hosted (best)
• IDS/IPS and Security Services at the edge of your
network
Live Tweet from the event!
@TheRedZoneCIO
32. What To Check
Live Tweet from the event!
@TheRedZoneCIOUlrich RSA
Defense
• Block DNS responses from
servers that don’t need to
see them
• Only answer queries for
which server is authoritative
• Limit access to recursive
name servers to internal
users
Offense
• Attacker uses queries for
which server is authoritative
• Attacker compromises
servers with substantial
bandwidth
• Use of “ANY” queries
• Use of EDN0
36. Live Tweet from the event!
@TheRedZoneCIO
The Dell SonicWALL Threats Research Team
discovered a new Trojan spreading through
drive-by downloads from malicious links.
The Neglemir Trojan was found reporting to a
Botnet infrastructure and performing DDOS
(Distributed Denial of Service) attacks on
selected targets in China.
During our analysis, we found it targeting
various servers belonging to China Telecom as
well as websites selling tools for The Legend of
Mir, an online multiplayer roleplaying game.
• Web Application Firewalling – Content DDoS
• NSA UTM protection – Network DDoS
• Spam Filtering – Phishing Relevance
Source: Dell
37. Live Tweet from the event!
@TheRedZoneCIO
A new malware threat for the Mac, called “Pintsized,” attempts to set up a
secure connection for a remote hacker to connect through and grab private
information.
This backdoor Trojan can be used to conduct distributed denial of service
(DDoS) attacks, or it can be used to install additional Trojans or other forms of
malicious software. The Trojan stays hidden by disguising itself as a file that is
used for networked printers in Mac OS X.
This tactic conceals the Trojan and makes a monitor think that a printer is
seeking access to the network, thus evading traditional signature-based
detection systems. http://alrt.co/15ekmXW
Takeaway: Distributed denial-of-service attacks (DDOS) can be minimized or
even completely mitigated by a properly planned Web security infrastructure
consisting of global DNS as well as Web application firewalls.
• Web Security Monitor
• Threat Manager
Source: AlertLogic
38. In Summary - Plan
Live Tweet from the event!
@TheRedZoneCIO
Source: Google Images
39. Upcoming Events
Live Tweet from the event!
@TheRedZoneCIO
BYOD | MDM | Mobile Policy Management | Compliance | Advanced Threats
(APTs) | Security Portfolio Investment Risk
In this symposium learning event, Credit Union IT Chiefs will learn to Go
Hunting for Malware & Crimeware. We will cover 15 major areas of an IT
Security and Infrastructure Best Practices program. Some highlights of the
learning and education will be:
• Centralized deployment of applications and data
• BYOD, MDM and Mobility
• Perform Compliance functions with ease.
• Increase Security effectiveness, management, and auditing on a tight
budget
• Advanced Threat Education on APTs
Wednesday, June 12th from 11:30am to 5:00pm
Eggspectations in Columbia
41. Live Tweet from the event!
@TheRedZoneCIO
Pyramid of Networking Success –
Assessment Foundation
BONES
IPAddressing, Routers, and Switches
MUSCLES
NOS Services (DHCP, WINS, and DNS)
BRAIN
The Windows Domain
Active Directory
Security Edge to Core
NOS
Networking
And
Name Resolution
Foundation Network
Services
Desktop and Server
Management
Compliance, Risk Mgmt,
Monitoring, WAN QoS,
Reporting
Data Protection,
Backup and Recovery
Source: RedZone Technologies
42. RZ Assessment
• RedZone will assess your risk
• Examine a number of factors
• Score you based on those factors (RZ Scoreboard)
• Better to be proactive and assess now to find potential
weaknesses than to be reactive after you’ve already
been hacked
Live Tweet from the event!
@TheRedZoneCIO
44. Summary
• Review zero-day protection options? Check your
current vendors or vendors on following page
• What are your BotNet IP options? Check your current
vendors or vendors on following page
• How to enable Global IP Filter protection? Check your
current vendors or vendors on following page
• How do I alert fraud communication in advance?
• What are some vendor product options for advanced
content security?
Live Tweet from the event!
@TheRedZoneCIO