against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against...
Transcript of against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against...
![Page 1: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/1.jpg)
CyberWarfare Defenseagainst Penetration Testing and
distributed Denial-of-Service Attacks
The Foundation of Network Security
![Page 2: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/2.jpg)
Stand-alone (ISP/Carrier – Server Farm)modular “TIPS” for Perimeter Defense
We brought a prototype for you!
![Page 3: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/3.jpg)
Presentation Overview
1. Penetration Testing & dDoS Attacks- a quick overview
2. iSecure Technology – Overview of Core System3. iSecure applied: Penetration Testing Defense4. iSecure applied: dDoS Defense5. iSecure Development: anti-Virus, anti-SPAM
6. Practical Applications in current production7. More Information, White Paper, Demonstrations
![Page 4: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/4.jpg)
The ThreatPenetration Testing & dDoS Attacks
• Ongoing IP Scans to determine & exploit vulnerabilities
• Penetration Testing provides the “road map” for subsequent attacks
• dDoS attack take advantage of vulnerabilities
• dDoS cause wide-spread outages and damages (economically, politically, etc).
![Page 5: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/5.jpg)
Defense against Penetration Testing?
• None geared towards this purpose• Firewalls limit TCP/UDP ports, but leave
those open which need to pass trafc (Web, E-Mail, FTP, SSH, …)
• Scanning Tools (NMAP, Nessus, etc.) can map routers, frewalls, and all systems behind a frewall through open ports, determine Hardware, OSs, Confguration
![Page 6: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/6.jpg)
Existing Defense Approaches?
• ALL existing solutions are re-active:• Signature-based trafc
comparison/matching – fnds only known attacks
• Bandwidth Averaging: requires “learning”, applies QoS methods, which cut of valid trafc spikes and aid dDoS attacks by “drowning out” the good trafc
![Page 7: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/7.jpg)
Existing Defenses? (Cont’d)
• Router ACL modifcation works only against defnable trafc, very slow, may require manual SysAdmin interaction – dDoS damage is done within seconds
• ICMP port blocking defends against some attacks, but application-level attacks share bandwidth with valid trafc, so port blocking does not help
![Page 8: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/8.jpg)
The iSecure CORE Technology
• Real-time Performance (6ns to 6ms)• Signature-free• No Confguration, defends instantly• Stateless (!) – no attackable tables• Undetectable• Cannot be compromised• No MAC address / No IP Number
![Page 9: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/9.jpg)
Defending at Layer 2
![Page 10: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/10.jpg)
Works as In-Line-Scanner
![Page 11: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/11.jpg)
Real-Time Decisions
Bit-Stream Engine “prepares” and slicesData for parallelProcessing.
Decision Engine applies the iSecurealgorithm
![Page 12: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/12.jpg)
Prepared Data “Slices” are fed to the Decision Engine
![Page 13: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/13.jpg)
iSecure Decision Engineapplies algorithm
![Page 14: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/14.jpg)
iSecure Algorithm “tags” data slices based on 3-dimensional model
Slice of the decision matrix2-dimensional model
![Page 15: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/15.jpg)
Re-Assembly of Data Slices
![Page 16: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/16.jpg)
Parallel Processing of Streams
![Page 17: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/17.jpg)
iSecure Technology Applied:
• Penetration Testing Defense(“Infrastructure Cloaking”)
• Distributed Denial-of-Service Defense
In Development:• iSecure Anti-Virus• iSecure Anti-SPAM (UCE) E-Mail
![Page 18: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/18.jpg)
Penetration Testing Defense
• Recognizes & Intercepts Penetration Testing probes
• Reports all ports as “open”• Provides no Hardware/OS/Confguration• “Mirrors” the Attacker’s own confguration back• NMAP OS Guessing Score always the highest:
9,999,999• Attacker does not know what the infrastructure
looks like, and cannot target an attack or explore specifc vulnerabilities
![Page 19: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/19.jpg)
Denial-of-Service Defense
• iSecure recognizes “good” from “bad” trafc, discards the bad, and allows the good trafc to go through
• Defends against all three types of dDoS attacks: bandwidth fooding, TCP/IP stack attacks, application-level attacks
• Defends against KNOWN and UNKNOWN dDoS attacks, incl. Synk4, etc.
![Page 20: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/20.jpg)
iSecure “TIPS”True Intrusion Prevention System
![Page 21: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/21.jpg)
Current Production Example:eCommerce
• eCommerce Hosting Provider– Under constant dDoS attacks, web sites
unavailable for days– iSecure deployment instantly defended
against the dDoS attacks; web sites have been always available since
![Page 22: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/22.jpg)
Current Production ExampleKeeping E-Mail Flowing
• SPAM Blacklist Provider OsiruSoft permanently shut down, resulting in e-mail outages for FTC and many other users
• All other blacklist providers under dDoS attacks (SORBS, EazyNet, DSBL)
• SoBig.F linked to Spam Blacklist attacks, exploiting the network of compromised machines
![Page 23: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/23.jpg)
Attacks on BlackList ISPs
• iSecure systems are being deployed at SORBS in Brisbane, Australia, and Connecticut
• Defending against dDoS attacks, keeping anti-SPAM blacklist providers on the net
• Allowing Government and Corporate E-Mail systems to check against Blacklists to eliminate Spam
![Page 24: against Penetration Testing and distributed Denial-of-Service … · 2019-06-29 · against Penetration Testing and distributed Denial-of-Service Attacks The Foundation of Network](https://reader034.fdocuments.us/reader034/viewer/2022042316/5f04b6617e708231d40f548d/html5/thumbnails/24.jpg)
More Information & Demo
Melior F.I.R.E CDFor live comparison and product testing
WHITE PAPERper request
DemonstrationsLive on the InternetOr On-Site
www.dDoS.com
Demo-VideoLive on the InternetAt www.dDoS.comOr as DVD per request