DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks:...
Transcript of Debunking Myths About DDoS Attacks: Radware 2011 Global ......Debunking Myths About DDoS Attacks:...
Debunking Myths About DDoS
Attacks: Radware 2011 Global
Security Report.
Mick Stephens, General Manager - Australia &
New Zealand, Radware Ltd.
March 2012
AG
END
A
About 2011 Global Security Report
Key Findings:
Debunking a Myth: Does Size Matter?
Hacktivism, the Rise of Anonymous and Attack
Campaigns.
ERT Case Studies: Cyber Attacks against Israeli
websites
2012 Recommendations
2011 Global Application & Network Security Report
3
Information Resources
• Radware Security Survey
– External survey
– 135 participant
organisations
– 80% are not using
Radware DoS mitigation
solution
• ERT Survey
– Internal survey
– Unique visibility into attacks
behaviour
– 40 selected cases
• Customer identity remains
undisclosed
4
Annual revenue of participants
ERT gets to see attacks in
real-time on daily basis
AG
END
A
About 2011 Global Security Report
Key Findings:
Debunking a Myth: Does Size Matter?
Hacktivism, the Rise of Anonymous and Attack
Campaigns.
ERT Case Studies: Cyber Attacks against Israeli
websites
2012 Recommendations
Debunking a Myth: Is Size all that Matters?
• DDoS attacks are portrayed in the media using size
measures
– “a 10Gbps DDoS attack hit site X”
– “an 8 Million packet-per-second DDoS flooded site Y”
• Numbers are easy to understand
• Should one rely on these numbers when planning network
security solutions?
6
Size does not matter!
• Reality:
– Most organization may never experience an intense attack
– Less intensive application attacks can cause more damage than network
attacks
7
76 percent of the
attacks surveyed were
under 1Gbps
The impact of application flood attacks
are much more severe than network
flood attacks
76% of attacks are below 1Gbps
Network Attack and Application Attack Coexist
• Radware Security Survey: Attack count by type and bandwidth
8
Lessons learned
• Understand the DoS attack landscape.
– Type of attacks
– Megabits-per-second
– New & concurrent connections-per-second
– transactions-per-second
– Size is only one measurement dimension
9
Hacktivism and the Rise of Anonymous
Anonymous Opens Fire -
“Operation Payback”, Dec
2010
LOIC DoS Tool
S
T
O
P
Attack !
Cablegate
10
Anonymous Attacks Grows
11
More Organization Are Threatened by DoS
12
DDoS Attack tools Become Prevalent
Mobile LOIC LOIC webLOIC
Public Attacks
‘Inner Circle’ Attacks
Network Application
Flood
Low & Slow Vulnerability
based
UDP Floods
SYN Floods
Fragmented floods
FIN+ACK
Dynamic HTTP
HTTPS Floods
RUDY
Slowloris
Pyloris
Intrusion attempts
SQL Injection
#refref
xerex
13
Which Elements Are Bottlenecks For DDoS?
14
Stateful devices are
vulnerable to DDoS
(36% of the attacks)
Internet link
is saturated
(27% of the
attacks)
Multi-Vulnerability Attack Campaigns
Business
Large volume network flood attacks
Directed Application DoS attack: Slowloris
Large volume SYN flood
Connection DoS attacks
HTTP & HTTPS flood attacks
15
70% of the 2011 attacks had
5 or more attack vectors
Lessons learned
1. You may be a target.
– Financial service providers.
– eCommerce site
– Government agency
– Affiliated with copyright industry
– National brand
2. Get ready !
– Be prepared for Multi-Vulnerability Attack Campaigns.
– Test your security solutions against the tools.
3. Deploy DDoS Protection from your service provider
– Mitigate volumetric attacks that may saturate your bandwidth
4. Deploy anti-DoS and network behavioral technologies
on site in front of the firewall
– To protect your IT infrastructure from becoming bottlenecks
16
AG
END
A
About 2011 Global Security Report
Key Findings:
Debunking a Myth: Does Size Matter?
Hacktivism, the Rise of Anonymous and Attack
Campaigns.
ERT Case Studies: Cyber Attacks against Israeli
websites
2012 Recommendations
Cyber Attacks against Israeli websites
Course Of Events
January 3rd
Saudi hacker 0xOmar leaks tens of thousands Israeli credit card numbers and other personal sensitive information.
January 16th Early Morning
0xOmar and associated “Nightmare” hacker group sends an email to the Jerusalem Post, threatens to attack EL-AL website.
9:30 AM
EL-AL, Tel-Aviv Stock Exchange, First International Bank of Israel and Discount Bank websites are attacked and are unavailable for hours.
January 17th
Israeli hacker group “IDF-Team” retaliates by attacking Saudi and UAE’s Stock Exchanges websites
January 18th
More Israeli websites targeted: Bank of Israel website under attack
18
Cyber Attacks against Israeli websites
Targets under attack
• In the following weeks, dozens of Israeli web sites were
attacked by these hacker groups
• A Cyber War emerged…..
19
Cyber Attacks against Israeli websites
Verified Attackers
20
• Attacks were highly distributed
• Generated by an international collective or a Botnet
• Geo-IP blocking renders useless
End-to-end solution countering the DDoS threat
Attack Mitigation System
ISP Core Network
In-the-cloud
Anti-DoS Service
Attack Mitigation System
Internet
Customer site
Anti-DoS
NBA
IPS
SSL attacks
Protection
Anti-DoS
On-premises protection against:
• Application DDoS attacks
• SSL based attacks
• Low & Slow attacks
In-the cloud protection against:
• Volumetric bandwidth attacks
21
AG
END
A
About 2011 Global Security Report
Key Findings:
Debunking a Myth: Does Size Matter?
Hacktivism, the Rise of Anonymous and Attack
Campaigns.
ERT Case Studies: Cyber Attacks against Israeli
websites
2012 Recommendations
2012 Recommendations
ERT recommendations to fight DoS/DDoS attacks:
• Understand the DoS threat landscape.
– Collect information about the tools and types of attacks.
– Perform risk analysis at the business level.
• Make sure your service provider can mitigate volumetric attacks.
• Deploy Anti-DoS and Network Behavioral technologies on-
premises.
23
Thank You www.radware.com