• Save
Keep up  keep secured
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Keep up keep secured

on

  • 946 views

Cloud Asia Singapore 15 May 2013

Cloud Asia Singapore 15 May 2013

Statistics

Views

Total Views
946
Views on SlideShare
946
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Keep up keep secured Presentation Transcript

  • 1. © 2000-2013 NSFOCUSwww.nsfocus.comnsfocus.comwww.nsfocus.comnsfocus.com
  • 2. 
  • 3. • ••••••
  • 4. ••••••••••
  • 5. SecurityLabs andexpertsComputingClustersServiceClustersWeb crawlers, content analyzers,malware analyzers, vulnerabilityscanners, big data analytics, etc.Reputation ofIP/file/domainname/URL,malicious behavior,vulnerability, attack,etc…• Application identification• Information acquisition• Decoupling of processinglogic and rules• Responsive upgrade• Flexible Deployment
  • 6. An Example
  • 7. Protest2012.7Caused by a film clipAttack2012.9.18Cyber Fighters set up DDoS attack to Banks of the U.S.Named as “Operation Ababil”2 Phases Phase 1, 5 weeks (9.18-10.23)Phase 2, 7 weeks (12.10-1.28)Pause/Resume2013.1.29 attacks pause2013.3.5 attacks resume
  • 8. Huge VolumeLong TimeMultiple Attack MethodsMultiple Targets1. Web Servers as Zombie2. Numerous Zombies3. Dozens of G1. Network Layer:TCP/UDP/ICMP Flood2. Application Layer:HTTP/DNS Flood1. Several months2. APT alike1. Dozens of finance institutes2. ISPsDDoS
  • 9. Zombies are Web Server!! • Vulnerable admin passwords• Software Vulnerabilities TimThumb of WordPress Joomla
  • 10. WebHostingIDC1IDC2ISP1ISP2Internet1. Protocol Analysis•Protocol Validation by RFC Check2. Access Control List• Layer 4 ACL• Conn-Exhaustion ACL• URL ACL3. Reputation List• White/Black List• Dynamic Prioritizing4. Layer 4 Flood Mitigation•Source/destination IP address check/verification• Various mitigation algorithms5. Layer 7 Flood Mitigation• Various mitigation algorithms•Pattern Matching6: Rate Limit•Restricts traffic and ensures the critical business.1G10G40G100G400GThe capability to stop DDoS is fundamental,usually implemented at backbone andprovided as part of infrastructure services.
  • 11. 1. Network Access Control 2. TCP Flood Protection 3. HTTP Termination4. SSL Decryption5. Data Normalization6. HTTP Flood Protection7. HTTP Validation 8. HTTP Access Control9. Web Server and Plug-inProtection10. Rule-BasedProtection•Crawler•XSS•SQL Injection•LDAP Injection•SSI Command Injection•XPath Injection•Command LineInjection•Path Traverse•Remote File Inclusion11. Behavior-BasedProtection•Illegal File Upload•Illegal Download•Information Disclosure•Leech•CSRF•Scanning•Cookie Hijacking12. CustomizedProtection Mechanism•White List•Smart Patch•Custom Security•Exception PolicyWeb hacking protection, e.g. WAF, is usuallyimplemented at access layer and provided asvalue added services.WebHostingIDC1IDC2ISP1ISP2Internet1G10G40G100G400G
  • 12. WAFADSADSADS ADS ADSADS ADS ADS ADS ADS ADS ADS ADS ADS ADSADS ADS ADS ADS ADS ADS ADS ADS ADS ADS ADS ADS ADS … Dedicated Anti-DDoS System for large DDoS attacks Dedicated WAF for Web hackings and small volumeDDoS attacks. Manual operations are needed to transit betweenthem, when attackers change the gameWebHostingIDC1IDC2ISP1ISP2Internet1G10G40G100G400GSecurity as a ServiceSecurity as a ServiceSecurity as a Service
  • 13. ►►►
  • 14. Web DB AppClean CenterNTAADS-MADSWAF1Webhacking3Large volumeDDoS attack2Small volumeDDoS attack1. Web SecurityEngine2. Anti-DDoSModule3. DDoS AttackMitigation SystemNetworkBenefits1. Mitigation of DDoS and Webhacking as a whole2. Agility to respond when theattacker changes the way theyattack3. Cost-efficiency throughcollabration and automation
  • 15. 