Published on March 4, 2014
Countering Denial of Service Attacks Global Infrastructure Services 1 © 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL
Agenda What is DDoS? DDoS Attack Types Mitigation : In Premises & Edge Level Incident Response Measures Conclusion 2 © 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL
Introduction The threat posed by DDoS attacks 3 © 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL
What is DDoS? Attacker Handler Handler Distributed Denial of Service (DDoS) attacks aim at sabotaging web services using malware controlled botnets Outages cause large scale customer defections Zombies (Compromised Machines) Banks hit by 26 attacks in 2012. Average loss $17M BFSI, ISPs, data centers, ecommerce sites are particularly susceptible Attacks increasing rapidly in number, duration, bandwidth. Target Server(s) DDoS Attack Mechanism 4 © 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL
DDoS Attack Types Volume Based Attacks • Floods bandwidth of target server • Units: bits per second (bps) • Examples: • TCP flood • ICMP flood • UDP flood Protocol Based Attacks • Directly occupies target server’s resources • Units: packets per second • Examples: • Ping flood • Smurf attack • SYN flood Application Layer Attacks • Server crash caused by application layer vulnerabilities • Units: requests per second • Examples: • Hash DoS attack • Teardrop attack Challenges Rising threat: Attacks becoming stronger and more numerous Greater variety: Different server parts targeted with combinations of several attack strategies Mitigation Gap: Only ~20% of organizations have a strategy 5 © 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL
Mitigation Strategies Prevention and Cure 6 © 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL
In Premises Uses firewalls & intrusion prevention systems Secures a firm’s servers and applications Protection against small scale attacks However, bandwidth left vulnerable Larger attacks can still clog the network 7 © 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL
At Edge Level Implemented at internet service provider (ISP) level Protects bandwidth against malicious traffic Continuous analysis required to ensure legitimate traffic is not affected Should be used in conjunction with inpremises implementation 8 © 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL
Incident Response Prepare Preparation Compile list of DDoS services at provider level Enumerate business trends and IT risks Identification Identify & Analyze Detect the attack and engage with stakeholders Identify root cause and extent of damage Mitigation Mitigate Contain the attack, initiate remedial measures Post incident analysis Post incident analysis Plug gaps in preparation, support and skills Continuous Improvement Improvement 9 Review mitigation strategy based on the incident Run risk simulations and augment technology © 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL
Conclusion 10 © 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL
Conclusion Qualitative aspect – DDoS gains prominence Companies are increasingly using online channels for customer engagement. Hence, they have become sensitive to cyber threats like DDoS Quantitative aspect – mitigation cost vs benefits DDoS attacks are becoming more varied and their potential impact on profitability is increasing. It makes business sense to have a robust DDoS mitigation policy and infrastructure. 11 © 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL
For more details please visit the link below: http://www.wipro.com/Documents/resource-center/diffusingdenial-of-service.pdf 12 © 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL
About Wipro Wipro Ltd. (NYSE:WIT) is a leading Information Technology, Consulting and Outsourcing company that delivers solutions to enable its clients do business better. Wipro delivers winning business outcomes through its deep industry experience and a 360 degree view of "Business through Technology"; helping clients create successful and adaptive businesses. A company recognized globally for its comprehensive portfolio of services, a practitioner's approach to delivering innovation and an organization wide commitment to sustainability; Wipro has over 140,000 employees and clients across 61 countries. For more information, please visit www.wipro.com 13 © 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL
Thank You ©Wipro Limited, 2014. All rights reserved. For more information visit www.wipro.com No part of this document may be reproduced in whole or in part without the written permission of the authors. Wipro is not liable for any business outcome based on the views presented in this document. For specific implementation clients should take advise from their client engagement manager. 14 © 2014 WIPRO LTD | WWW.WIPRO.COM | CONFIDENTIAL
The work of the SEI's CERT Coordination Center (CERT/CC) became a focal point of worldwide media attention in the wake of recent denial of service attacks ...
2 What is a Denial-of-Service (DoS) attack?!Attacker generates unusually large volume of requests, overwhelming your servers!Legitimate users are denied access
Tech Mavens. Home: Countering SYN Flood Denial-of-Service Attacks. by Ross Oliver Tech Mavens. August 29, 2001. Abstract. Denial-of-service attacks ...
IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles ...
Statistically countering denial of service attacks on ResearchGate, the professional network for scientists.
In computing, a denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, ...
Noisy attacks are increasingly camouflaging more subtle exploits, but a well-structured incident response plan and third-party providers can help limit the ...
We present AMP, a novel service architecture for countering distributed denial of service (dDos) attacks. AMP uses dynamically configured network ...
Countering Distributed Denial of Service ... • The network topology including services and resources. The attack dimension defines the attack type and ...