Distributed Denial Of Service Introduction
-
Upload
wremes -
Category
Technology
-
view
413 -
download
4
description
Transcript of Distributed Denial Of Service Introduction
![Page 1: Distributed Denial Of Service Introduction](https://reader031.fdocuments.in/reader031/viewer/2022020101/556427a0d8b42a69298b5324/html5/thumbnails/1.jpg)
Distributed Denial of Service attacks(DDoS)
101
![Page 2: Distributed Denial Of Service Introduction](https://reader031.fdocuments.in/reader031/viewer/2022020101/556427a0d8b42a69298b5324/html5/thumbnails/2.jpg)
History Basic Protection
Advanced
Protectio
n
What is it?
Next Steps
AGENDA
![Page 3: Distributed Denial Of Service Introduction](https://reader031.fdocuments.in/reader031/viewer/2022020101/556427a0d8b42a69298b5324/html5/thumbnails/3.jpg)
Examples
2002
DNS root serversattacked
2007
DNS attacks
Estoniaattacks
2010 2012
commercialtargets
![Page 4: Distributed Denial Of Service Introduction](https://reader031.fdocuments.in/reader031/viewer/2022020101/556427a0d8b42a69298b5324/html5/thumbnails/4.jpg)
What is it?
too many requests...can’t handle* this actually happened at a CCC congress in Berlin
![Page 5: Distributed Denial Of Service Introduction](https://reader031.fdocuments.in/reader031/viewer/2022020101/556427a0d8b42a69298b5324/html5/thumbnails/5.jpg)
infrastructure backupinfrastructure
application
What is it?
L1 L1
L2
L2’
L2’
Level 1 : Network-based (D)DoSLevel 2 : Application-level (D)DoSLevel 2’ : Economic (D)DoS
Process (D)DoS
![Page 6: Distributed Denial Of Service Introduction](https://reader031.fdocuments.in/reader031/viewer/2022020101/556427a0d8b42a69298b5324/html5/thumbnails/6.jpg)
What is it?
@
c
c
c
c
c
cc
cc
c
c
c
c
c
main backup
s s s s s s
L1infrastucture
some terminology:•node•command&control•recruitment•attrition•rate of growth/decay:
![Page 7: Distributed Denial Of Service Introduction](https://reader031.fdocuments.in/reader031/viewer/2022020101/556427a0d8b42a69298b5324/html5/thumbnails/7.jpg)
What is it?
L2application
server
web
app
app
server
db server
db
db
<?xml version="1.0"?><!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"> <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;"> <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;"> <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;"> <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;"> <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;"> <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">]><lolz>&lol9;</lolz>
![Page 8: Distributed Denial Of Service Introduction](https://reader031.fdocuments.in/reader031/viewer/2022020101/556427a0d8b42a69298b5324/html5/thumbnails/8.jpg)
Basic
Protection
@
c
c
c
c
c
cc
cc
c
c
c
c
c
main backup
ISP
ONPREMISE s
s
s
s
s
s
CDNcontent
distributionnetwork
- hardware limitations- no control over bandwidth- limited ‘intelligence’
- hardware limitations+ (some) control over bandwidth+ increased ‘intelligence’
+ no hardware limitations+ no bandwidth limits+ intelligence
![Page 9: Distributed Denial Of Service Introduction](https://reader031.fdocuments.in/reader031/viewer/2022020101/556427a0d8b42a69298b5324/html5/thumbnails/9.jpg)
appserver
web
app
server
db server
db
db
Advanced
Protection
centralized mgmt
secureconfig
secureconfig
secureconfig
secure config
Web Application Firewall
SDLC- cloud- “devops”
![Page 10: Distributed Denial Of Service Introduction](https://reader031.fdocuments.in/reader031/viewer/2022020101/556427a0d8b42a69298b5324/html5/thumbnails/10.jpg)
APPDN
S SSL
XML
Advanced
Protection
![Page 11: Distributed Denial Of Service Introduction](https://reader031.fdocuments.in/reader031/viewer/2022020101/556427a0d8b42a69298b5324/html5/thumbnails/11.jpg)
Next
Steps?
process
Incident Response
• Prepare• Integrate service providers• “know your enemy”
Duringan attack
• Containment• Communications• Business Continuity
After the attack
• Return to normal operations• lessons learned• forensics
![Page 12: Distributed Denial Of Service Introduction](https://reader031.fdocuments.in/reader031/viewer/2022020101/556427a0d8b42a69298b5324/html5/thumbnails/12.jpg)
Next
Steps?
quick wins
★ Build standard security components★ encryption★ AuthN/AuthZ★ Logging★ Input/Output validation★ ...
★ Automate standardized processes (leverage tech)★ deployment (including vuln scanning)★ load balancing
![Page 13: Distributed Denial Of Service Introduction](https://reader031.fdocuments.in/reader031/viewer/2022020101/556427a0d8b42a69298b5324/html5/thumbnails/13.jpg)
Q&A
![Page 14: Distributed Denial Of Service Introduction](https://reader031.fdocuments.in/reader031/viewer/2022020101/556427a0d8b42a69298b5324/html5/thumbnails/14.jpg)
some terminology:•node•a computer ‘recruited’ to the botnet and controlled by the botnet owner.
•command&control (C2)•a ‘central’ authority controlling the botnet, providing the nodes with instructions.
•recruitment•the methods used by the botnet owner to add nodes to his botnet.
•attrition•the loss of nodes from the botnet.
•rate of growth/decay: size + recruitment - attrition