Protecting Your Business From DDoS Attacks
Transcript of Protecting Your Business From DDoS Attacks
-
8/3/2019 Protecting Your Business From DDoS Attacks
1/26
Protecting Your Business from
DDoS Attacks
How effect to DOS attach to the company what are the DOS attacks, how it effect
to the company, how to overcome thisproblem etc.
Saptha WanniarachchiMBCS,MCSE
-
8/3/2019 Protecting Your Business From DDoS Attacks
2/26
Introduction
Overview of DDoS Attack ?
How it works
Impact of businessMitigation
Prevention
Challengers
Q&A
-
8/3/2019 Protecting Your Business From DDoS Attacks
3/26
DDoS Attack Overview
Type of attack causes your computer/Networkto crash or to become so busy processing datathat you are unable to use it
Main objective of committing such attacksdoes not provide the attacker with anyescalated system access; it makes a computer
resource unavailable to its intended users.
-
8/3/2019 Protecting Your Business From DDoS Attacks
4/26
What Is a DDoS Attack?
uses a network of zombie computers
tells all the computers on his botnet to
contact a specific server or Web siterepeatedly.
The sudden increase in traffic can cause the
site to load very slowly for legitimate users.
-
8/3/2019 Protecting Your Business From DDoS Attacks
5/26
Types of DDoS Attacks
Direct Attacks - In a DDoS attack there is at least an attacker, a victim, andan amplifying network.
Remote Attacks Organized Attack using botnet
Reflected attack Traffic directed from known host using reflection
machenisum Ping of Death - bots create huge electronic packets and sends them on to
victims
Mailbomb - bots send a massive amount of e-mail, crashing e-mail servers
Smurf Attack - bots send Internet Control Message Protocol (ICMP)messages to reflectors
Teardrop - bots send pieces of an illegitimate packet; the victim systemtries to recombine the pieces into a packet and crashes as a result
-
8/3/2019 Protecting Your Business From DDoS Attacks
6/26
What Is a DDoS Attack?
-
8/3/2019 Protecting Your Business From DDoS Attacks
7/26
How it works
A botnet is a network of computers that have been infected and can be used
remotely by hackers in order to carry out various attacks.
Botnets: nearly 1/4 of all computers have them. They use your computer to
send spam, collect personal information, or take down websites, all without
your knowledge
-
8/3/2019 Protecting Your Business From DDoS Attacks
8/26
Site Before the attack begin
-
8/3/2019 Protecting Your Business From DDoS Attacks
9/26
Attacked
-
8/3/2019 Protecting Your Business From DDoS Attacks
10/26
Server Statistics
-
8/3/2019 Protecting Your Business From DDoS Attacks
11/26
Tools efficiency
HTTP Flood Test Report
Date: 10/13/2011 12:51:31 PM
Target URL: www.srilankatravelhub.com
Target Port: 80
Duration: 4 minutes, 14 seconds
Requests Issued: 81907
Responses Received: 58
Requests Lost: 99.93%
Request Rate: 322.47 requests per second
-
8/3/2019 Protecting Your Business From DDoS Attacks
12/26
Trend of attacks
DDoS Attacks Continue to Grow
Attackers today are a lot more sophisticated
Every organization online is a potential DDoS Target
-
8/3/2019 Protecting Your Business From DDoS Attacks
13/26
Who will conduct DDoS Attacks? & Why?
Personal reasons - target specific computers
for revenge
Prestige - gain respect of hacker community Material gain - damage resources
Political reasons - compromise enemys
resources
-
8/3/2019 Protecting Your Business From DDoS Attacks
14/26
Legal
DDoS is a federal Crime and its illegal in the united states
under national information infrastructure protection act 1996
Its illegal in many countries now
Legal battle to protect DDoS Theres no such thing as a DDoS attack. A DDoS is a protest,
its a digital sit-it. It is no different than physically occupying a
space. Its not a crime, its speech.
Nothing was malicious, there was no malware, no Trojans.This was merely a digital sit-in. It is no different from
occupying the Woolworths lunch counter in the civil rights
era.
-
8/3/2019 Protecting Your Business From DDoS Attacks
15/26
DDOS Tools
-
8/3/2019 Protecting Your Business From DDoS Attacks
16/26
Mobile DDoS
-
8/3/2019 Protecting Your Business From DDoS Attacks
17/26
Business Impact
Business impactSystem Impact
Cost Of Prevention Customer Satisfaction/ Business Connectivity
-
8/3/2019 Protecting Your Business From DDoS Attacks
18/26
Victim
Application - exploit some feature of a specific application on victim host- disables legitimate client use of that application and possibly strains resources- indistinguishable from legitimate packets- semantics of application must be heavily used in detection
Host - disable access to the target machine completely by overloading or disabling
its communication mechanism (ex: TCP SYN attack)- attack packets carry real destination address of target host
Network Attacks - consume incoming bandwidth of a target networks- attack packets have destination addresses within address space of network- high volume makes detection easy
Infrastructure - target some distributed service that is crucial for the globalInternet operation or operation of a sub-network- ex: DNS server attacks
-
8/3/2019 Protecting Your Business From DDoS Attacks
19/26
Protecting Your Business from DDoS
Attacks Business disruptions
Estimates from Forrester, IDC, and the Yankee Group predict the cost of a 24-hour outage for a
large e-commerce company would approach US$30 million.
Capacity
Ensure that you have adequate bandwidth on your Internet connection. You'll be able to foil
many low-scale DDoS attacks by simply having enough bandwidth (and processing power) to
service the requests.
Deploy DDoS Mitigation Plan
Hire Experts , draft and implement plan to mitigate the risk of been attacked Prevention
Deploy an intrusion prevention system
-
8/3/2019 Protecting Your Business From DDoS Attacks
20/26
DDoS Mitigation Plan
Create a DDoS Response team
On-Premises DDoS Defenses are
Imperative Protect Your DNS Servers
Know Your Real Customers
Maintain Continuous Vigilance
-
8/3/2019 Protecting Your Business From DDoS Attacks
21/26
Prevention (Technical)
Proper Firewall Configuration
Accept Only dedicated ports
Such as port 80 is reachable directly
Update Subscription
Class Based Queuing
Function of the Linux kernel
Setup different traffic queues Determines what packets to put in what queue
Assign a bandwidth to each of the queue
-
8/3/2019 Protecting Your Business From DDoS Attacks
22/26
Prevention
Traffic Monitor
Monitor
Monitors in and out packet
Checks the hashtable
Server thread
Manager
Analyzes the supplied data Sorts the IPs in one of several classes
-
8/3/2019 Protecting Your Business From DDoS Attacks
23/26
Prevention
Traffic generated by reflector
Reflector enable filtering
Deploy trace back mechanism
IDS/IPS
-
8/3/2019 Protecting Your Business From DDoS Attacks
24/26
More Tips to prevent.
Keep an audit trail that describes what was changed and why.
Create interdepartmental Standard Operating Procedures (SOPs) and Emergency
Operating Procedures (EOPs).
Network monitoring isn't enough; your administrators must know yourconfiguration in detail.
Test yourself both locally and over the Internet.
Your processes can harm you just like as hackers.
Keep people aware of old configurations and their purpose.
When something is different, ask why.
Know the trade-offs between simplicity, cost, and survivability.
Protect yourself against hackers.
-
8/3/2019 Protecting Your Business From DDoS Attacks
25/26
Practical Challengers
Distributed response needed at many points on Internet
- attacks target more than one host
- wide deployment of any defense system cannot be enforce because Internet is administered in a distributedmanner
Economic and social factors
- distributed response system must be deployed by parties that do not suffer direct damage from DDoS
attacks- many good distributed solutions will achieve only sparse deployment
Lack of detailed attack information
- attacks scenarios are unique
Lack of defense system benchmarks
- currently no benchmark suite of attack scenarios that would enable comparison between defense systems
Difficulty of large-scale testing
- defenses need to be tested in a realistic environment
- lack of large-scale testbeds
-
8/3/2019 Protecting Your Business From DDoS Attacks
26/26
Thank You !
Q&A