Your SlideShare is downloading. ×
Keep up  keep secured
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Keep up keep secured


Published on

Cloud Asia Singapore 15 May 2013

Cloud Asia Singapore 15 May 2013

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. © 2000-2013
  • 2. 
  • 3. • ••••••
  • 4. ••••••••••
  • 5. SecurityLabs andexpertsComputingClustersServiceClustersWeb crawlers, content analyzers,malware analyzers, vulnerabilityscanners, big data analytics, etc.Reputation ofIP/file/domainname/URL,malicious behavior,vulnerability, attack,etc…• Application identification• Information acquisition• Decoupling of processinglogic and rules• Responsive upgrade• Flexible Deployment
  • 6. An Example
  • 7. Protest2012.7Caused by a film clipAttack2012.9.18Cyber Fighters set up DDoS attack to Banks of the U.S.Named as “Operation Ababil”2 Phases Phase 1, 5 weeks (9.18-10.23)Phase 2, 7 weeks (12.10-1.28)Pause/Resume2013.1.29 attacks pause2013.3.5 attacks resume
  • 8. Huge VolumeLong TimeMultiple Attack MethodsMultiple Targets1. Web Servers as Zombie2. Numerous Zombies3. Dozens of G1. Network Layer:TCP/UDP/ICMP Flood2. Application Layer:HTTP/DNS Flood1. Several months2. APT alike1. Dozens of finance institutes2. ISPsDDoS
  • 9. Zombies are Web Server!! • Vulnerable admin passwords• Software Vulnerabilities TimThumb of WordPress Joomla
  • 10. WebHostingIDC1IDC2ISP1ISP2Internet1. Protocol Analysis•Protocol Validation by RFC Check2. Access Control List• Layer 4 ACL• Conn-Exhaustion ACL• URL ACL3. Reputation List• White/Black List• Dynamic Prioritizing4. Layer 4 Flood Mitigation•Source/destination IP address check/verification• Various mitigation algorithms5. Layer 7 Flood Mitigation• Various mitigation algorithms•Pattern Matching6: Rate Limit•Restricts traffic and ensures the critical business.1G10G40G100G400GThe capability to stop DDoS is fundamental,usually implemented at backbone andprovided as part of infrastructure services.
  • 11. 1. Network Access Control 2. TCP Flood Protection 3. HTTP Termination4. SSL Decryption5. Data Normalization6. HTTP Flood Protection7. HTTP Validation 8. HTTP Access Control9. Web Server and Plug-inProtection10. Rule-BasedProtection•Crawler•XSS•SQL Injection•LDAP Injection•SSI Command Injection•XPath Injection•Command LineInjection•Path Traverse•Remote File Inclusion11. Behavior-BasedProtection•Illegal File Upload•Illegal Download•Information Disclosure•Leech•CSRF•Scanning•Cookie Hijacking12. CustomizedProtection Mechanism•White List•Smart Patch•Custom Security•Exception PolicyWeb hacking protection, e.g. WAF, is usuallyimplemented at access layer and provided asvalue added services.WebHostingIDC1IDC2ISP1ISP2Internet1G10G40G100G400G
  • 12. WAFADSADSADS ADS ADSADS ADS ADS ADS ADS ADS ADS ADS ADS ADSADS ADS ADS ADS ADS ADS ADS ADS ADS ADS ADS ADS ADS … Dedicated Anti-DDoS System for large DDoS attacks Dedicated WAF for Web hackings and small volumeDDoS attacks. Manual operations are needed to transit betweenthem, when attackers change the gameWebHostingIDC1IDC2ISP1ISP2Internet1G10G40G100G400GSecurity as a ServiceSecurity as a ServiceSecurity as a Service
  • 13. ►►►
  • 14. Web DB AppClean CenterNTAADS-MADSWAF1Webhacking3Large volumeDDoS attack2Small volumeDDoS attack1. Web SecurityEngine2. Anti-DDoSModule3. DDoS AttackMitigation SystemNetworkBenefits1. Mitigation of DDoS and Webhacking as a whole2. Agility to respond when theattacker changes the way theyattack3. Cost-efficiency throughcollabration and automation
  • 15. 