Published on November 13, 2013
Protection against DDoS and WEB attacks Michael Soukonnik Radware Ltd firstname.lastname@example.org
Ponemon Research 2012: Cyber security threats Cyber security threats according to risk mitigation priority 10 = Highest Priority to 1 = Lowest Priority Denial of service (DoS) Server side injection Distributed denial of service (DDoS) Viruses, worms and trojans Malware Botnets Malicious insiders Cross site scripting Web scrapping Phishing and social engineering 9.0 8.6 8.2 7.9 7.7 6.4 5.4 3.2 3.0 2.8 0.0 2.0 4.0 6.0 8.0 10.0 3
Attacks Have Become More Complex ERT Cases – Attack Vectors 29% 29% 16% 30% 20% 16% 10% 4% 0% 7% 5-6 7-8 2011 2012 Complexity 9-10 Attacks are more complex: 2013 DoS/DDoS attacks have become more sophisticated, using more complex attack vectors. Note the number of attacks with a complexity level of 7-10. 4
Botnet Evolution To subdue the enemy without fighting is the acme of skill. Individual Servers Malicious software installed on hosts and servers (mostly located at Russian and east European universities), controlled by a single entity by direct communication. Examples: Trin00, TFN, Trinity 1998 - 2002 5 Botnets Stealthy malicious software installed mostly on personal computers without the owner’s consent; controlled by a single entity through indirect channels (IRC, HTTP) Examples: Agobot, DirtJumper, Zemra 1998 - Present Voluntary Botnets Many users, at times as part of a Hacktivist group, willingly share their personal computers. Using predetermined and publicly available attack tools and methods, with an optional remote control channel. New Server-based Botnets Powerful, well orchestrated attacks, using a geographically spread server infrastructure. Few attacking servers generate the same impact as hundreds of clients. Examples: LOIC, HOIC 2010 - Present 2012
DDoS from Russia – Just business Slide 6
It is cheap! Current prices on the Russian underground market: Hacking corporate mailbox: $500 Winlocker ransomware: $10-$20 Unintelligent exploit bundle: $25 Intelligent exploit bundle: $10-$3,000 Basic crypter (for inserting rogue code into benign file): $10-$30 SOCKS bot (to get around firewalls): $100 Hiring a DDoS attack: $30-$70 / day, $1,200 / month Botnet: $200 for 2,000 bots DDoS Botnet: $700 ZeuS source code: $200-$250 Windows rootkit (for installing malicious drivers): $292 Hacking Facebook or Twitter account: $130 Hacking Gmail account: $162 Email spam: $10 per one million emails Email scam (using customer database): $50-$500 per one million emails 7
• Lithuania – just weeks before becoming a chairman of EU (1.07.2013) – DDoS attack on a news website resulted by harming Internet for the entire country. New waves of the attack are coming every several weeks on governmental and private sites using 7-8 different attack vectors • In July new DDoS protection system from Radware installed and protecting sites with coverage of Emergency Response Team 8
• Russia – Anonymous Caucasus attacking all major banks (Central Bank, Sberbank, VTB, Alfa, Gazprombank) a month ago • Old fashion systems/services they used before that Russia – Anonymous Caucasus attacking (IPS, IDS, DDoS, NG Firewalls, Kaspersky etc) were all major banks (Central Bank, unable to stop the attacks 9
• US – Op Ababil – all major banks were attacked in multiple waves by Iranian and Arab fundamentalists since 0912 • 5-6 vectors per attack including TCP, UDP, HTTP, HTTPS floods, DNS amplification attacks etc • Old fashion systems they used before that (IPS, IDS, DDoS, NG Firewalls, etc) were unable to stop the attacks • Radware DDoS protection was installed in march – just before 3rd wave of attack and stopped 3rd and 4th waves 10
• Attacks become more complex! • Attacks become longer! • More financially motivated attacks, but at the same time more politically motivated attacks on government and private organizations ! You never know if you are on sight of future attack! 11
Radware Attack Mitigation System (AMS)
Old fashion systems are volnurable Firewall, IPS (even NG) cannot stop DDoS ! Radware Confidential Jan 2012 13
Mapping Security Protection Tools In the cloud DDoS protection DoS protection Behavioral analysis SSL protection IPS WAF UDP Garbage flood on ports 80 and 443 ICMP flood attacks To fight back you need: SYN/TCP OOS flood attacks • An integrated solution with all security technologies Server cracking attacks Business • Mitigate attacks beyond the perimeter SSL/TLS negotiation attacks HTTP flood attack HTTPS flood attack Web attacks: XSS, SQL Injection, Brute force 14
Radware Attack Mitigation System (AMS) 15
Radware AMS Architecture Volumetric DoS Protection L3 – 7 Anomaly Detection Application Firewall IPS & FRAUD PROTECTION Application Attacks Web Application Protection Behavior protection mechanisms & Reputation Engine Static signatures HW/SW specially developed to fight against all levels of attacks !
Radware AMS Portfolio DefensePro On demand 200Mbps – 40Gbps of legitimate traffic Anti-DoS, NBA, IPS, Rep. Engine AppWall Appliance & VA Web Application Firewall (WAF) APSolute Vision HW или VA Security Event Management (SEM) 17
DefensePro Protection Layers Network Server Application DNS Protection HTTP Flood Protection Available Service Anti-Scan Behavioral DoS SYN Protection Server Cracking Signature Protection Connection Limit Connection PPS Limit Out-Of-State BL/WL
US Banks Under Attack: AMS Deployment • Mitigate all type of DDoS attacks • Mitigate SSL attacks Alteon AppWall DefensePro • Mitigate web application explits Application Infrastructure 19
Customer Success Leading the DDoS Protection Market
Top Account Wins in Every Segment Online Businesses Critical Infrastructure Carrier/ISP DDoS Mitigation Service Radware is THE leader in the DDoS Hosting Cloud protection market. Scrubbers Carrier Backbone 21
Our Customers Select AMS Financial Services Retail Services Government, Healthcare & Education Carrier & Technology Services 22
We Protect Against the Top Attack Campaigns 23
Radware AMS Application SLA Assurance Even Under Attack! 24
Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...
In this presentation we will describe our experience developing with a highly dyna...
Presentation to the LITA Forum 7th November 2014 Albuquerque, NM
Un recorrido por los cambios que nos generará el wearabletech en el futuro
Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...