Preparing for DDoS and Botnet Attacks BreakingPoint Webcast and Test Methodology 11/05/09

Introductions Dennis Cox, Chief Technology Officer and co-founder Tod Beardsley, Security Researcher Dustin D. Trammell, Security Researcher www.breakingpointlabs.com www.twitter.com/breakingpoint

Dennis Cox, Chief Technology Officer and co-founder

Tod Beardsley, Security Researcher

Dustin D. Trammell, Security Researcher

www.breakingpointlabs.com

www.twitter.com/breakingpoint

Topic 1: DDoS/Botnets Now Imminent? Summer 2009 saw DDoS and botnet attacks against high-profile government and financial websites, not to mention social networks. Is this a trend or an isolated uptick? How many DDoS attacks are we NOT hearing about? Should we all simply expect these attacks in the future? How heavy is the actual damage?

Summer 2009 saw DDoS and botnet attacks against high-profile government and financial websites, not to mention social networks. Is this a trend or an isolated uptick?

How many DDoS attacks are we NOT hearing about?

Should we all simply expect these attacks in the future?

How heavy is the actual damage?

Topic 2: Getting Better or Getting Worse? Are we seeing more sophisticated attacks, or simply more attacks? Does lack of regulation throughout the industry make the penalty for malicious DDoS attacks minimal? Many high-profile vulnerabilities being patched lately are related to DDoS. Is it getting worse? What will it take to see some movement in stopping, or at least slowing down, DDoS and botnets?

Are we seeing more sophisticated attacks, or simply more attacks?

Does lack of regulation throughout the industry make the penalty for malicious DDoS attacks minimal?

Many high-profile vulnerabilities being patched lately are related to DDoS. Is it getting worse?

What will it take to see some movement in stopping, or at least slowing down, DDoS and botnets?

Topic 3: Facing the Enemy What DDoS attacks should you focus on when simulating them during testing? DDoS attacks have many flavors, including SYN floods and using botnets. Which should you use? If you aren’t necessarily threatened by a malicious DDoS attack should you still prepare?

What DDoS attacks should you focus on when simulating them during testing?

DDoS attacks have many flavors, including SYN floods and using botnets. Which should you use?

If you aren’t necessarily threatened by a malicious DDoS attack should you still prepare?

Five Takeaways Test with session based scenarios. Focus on application-based attacks. Never forget fuzzing; a crash is a Dos. Monitor your logs, CPU and memory usage Don’t forget your upstream provider/vendor

Test with session based scenarios.

Focus on application-based attacks.

Never forget fuzzing; a crash is a Dos.

Monitor your logs, CPU and memory usage

Don’t forget your upstream provider/vendor

DDoS and Botnet Test Methodology Download Here: http://clicky.me/ddostest

Download Here: http://clicky.me/ddostest