DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS
-
Upload
andris-soroka -
Category
Technology
-
view
572 -
download
2
description
Transcript of DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS
Protection against DDoS and WEB attacks
Michael SoukonnikRadware [email protected]
Landscape
Ponemon Research 2012:Cyber security threats
Phishing and social engineeringWeb scrapping
Cross site scriptingMalicious insiders
BotnetsMalware
Viruses, worms and trojansDistributed denial of service (DDoS)
Server side injectionDenial of service (DoS)
0.0 1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0 9.0 10.0
2.83.03.2
5.46.4
7.77.9
8.28.6
9.0
Cyber security threats according to risk mitigation priority 10 = Highest Priority to 1 = Lowest Priority
3
4
Attacks Have Become More Complex
5-6
7-8
9-10
0%
5%
10%
15%
20%
25%
30%
4%16%
7%
16%29%
29%
2011 2012 Complexity
ERT Cases – Attack Vectors
Attacks are more complex: 2013 DoS/DDoS attacks have become more sophisticated, using more complex attack vectors. Note the number of attacks with a complexity level of 7-10.
Individual ServersMalicious software installed on hosts and servers (mostly locatedat Russian and east European universities),controlled by a single entity by direct communication.
Examples:Trin00, TFN, Trinity
BotnetsStealthy malicious software installed mostly on personal computers without the owner’s consent; controlled by a single entity through indirect channels (IRC, HTTP)
Examples:Agobot, DirtJumper,Zemra
Voluntary BotnetsMany users, at times as part of a Hacktivist group, willingly share their personal computers. Usingpredetermined and publicly available attack tools and methods, with an optional remote control channel.
Examples:LOIC, HOIC
New Server-basedBotnetsPowerful, well orchestrated attacks, using a geographically spread server infrastructure. Few attacking servers generate the same impact as hundreds of clients.
5
20121998 - 2002 1998 - Present 2010 - Present
Botnet EvolutionTo subdue the enemy without fighting is the acme of skill.
DDoS from Russia – Just business
Slide 6
7
It is cheap!
Current prices on the Russian underground market:Hacking corporate mailbox: $500Winlocker ransomware: $10-$20Unintelligent exploit bundle: $25Intelligent exploit bundle: $10-$3,000Basic crypter (for inserting rogue code into benign file): $10-$30SOCKS bot (to get around firewalls): $100Hiring a DDoS attack: $30-$70 / day, $1,200 / monthBotnet: $200 for 2,000 botsDDoS Botnet: $700ZeuS source code: $200-$250Windows rootkit (for installing malicious drivers): $292Hacking Facebook or Twitter account: $130Hacking Gmail account: $162Email spam: $10 per one million emailsEmail scam (using customer database): $50-$500 per one million emails
8
• Lithuania – just weeks before becoming a chairman of EU (1.07.2013) – DDoS attack on a news website resulted by harming Internet for the entire country. New waves of the attack are coming every several weeks on governmental and private sites using 7-8 different attack vectors
• In July new DDoS protection system from Radware installed and protecting sites with coverage of Emergency Response Team
9
• Russia – Anonymous Caucasus attacking all major banks (Central Bank, Sberbank, VTB, Alfa, Gazprombank) a month ago
• Old fashion systems/services they used before that (IPS, IDS, DDoS, NG Firewalls, Kaspersky etc) were unable to stop the attacks
Russia – Anonymous Caucasus attacking all major banks (Central Bank,
10
• US – Op Ababil – all major banks were attacked in multiple waves by Iranian and Arab fundamentalists since 09\12
• 5-6 vectors per attack including TCP, UDP, HTTP, HTTPS floods, DNS amplification attacks etc
• Old fashion systems they used before that (IPS, IDS, DDoS, NG Firewalls, etc) were unable to stop the attacks
• Radware DDoS protection was installed in march – just before 3rd wave of attack and stopped 3rd and 4th waves
11
• Attacks become more complex!• Attacks become longer!• More financially motivated attacks, but
at the same time more politically motivated attacks on government and private organizations ! You never know if you are on sight of future attack!
Radware Attack Mitigation System (AMS)
Old fashion systems are volnurable
Radware Confidential Jan 2012 13
Firewall, IPS (even NG) cannot stop DDoS !
Mapping Security Protection Tools
Business
Network
Server
Application
Business
UDP Garbage flood on ports 80 and 443
SSL/TLS negotiation attacks
Server cracking attacks
SHUTDOWN
HTTPS flood attack
ICMP flood attacks
HTTP flood attack
14
SYN/TCP OOS flood attacks
Web attacks: XSS, SQL Injection, Brute force
DoS protectionBehavioral analysisSSL protectionIPSWAF
In the cloud DDoS protection
To fight back you need:• An integrated solution with all security technologies
• Mitigate attacks beyond the perimeter
15
Radware Attack Mitigation System (AMS)
Radware AMS Architecture
Volumetric DoS Protection
IPS & FRAUD PROTECTIONL3 – 7 Anomaly Detection
& Reputation Engine
Application Firewall
Web Application Protection
ApplicationAttacks
Behavior protection mechanisms
HW/SW specially developed to fight against all levels of attacks !Static signatures
Radware AMS Portfolio
AppWall Appliance & VA Web Application Firewall (WAF)
DefenseProOn demand 200Mbps – 40Gbps of legitimate traffic Anti-DoS, NBA, IPS, Rep. Engine
APSolute Vision HW или VA Security Event Management (SEM)
17
DefensePro Protection Layers
Available Service
Behavioral DoS
SYN Protection
Out-Of-State
BL/WL
Connection Limit
DNS Protection
Anti-Scan
HTTP Flood Protection
Server Cracking
Connection PPS Limit
Signature Protection
Application
Server
NetworkBEHAVIORAL PROTECTIONSCHALLENGE/RESPONSEACCESS CONTROLKNOWN VULNERABILITIES/TOOLS
19
US Banks Under Attack: AMS Deployment
DefensePro
Application Infrastructure
AppWallAlteon
• Mitigate all type of DDoS attacks
• Mitigate SSL attacks
• Mitigate web application explits
Customer Success - Leading the DDoS Protection Market
21
Top Account Wins in Every Segment
Carrier/ISP DDoS Mitigation Service
Critical Infrastructure
Online Businesses
Hosting Cloud Scrubbers
Carrier Backbone
Radware is THE leader in the DDoS
protection market.
22
Our Customers Select AMS
Financial Services Retail Services
Government, Healthcare & Education Carrier & Technology Services
23
We Protect Against the Top Attack Campaigns
24
Radware AMS
Application SLA Assurance
Even Under Attack!