• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
453
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. © 2000-2013 NSFOCUSwww.nsfocus.comnsfocus.comwww.nsfocus.comnsfocus.com
  • 2. 
  • 3. • ••••••
  • 4. ••••••••••
  • 5. SecurityLabs andexpertsComputingClustersServiceClustersWeb crawlers, content analyzers,malware analyzers, vulnerabilityscanners, big data analytics, etc.Reputation ofIP/file/domainname/URL,malicious behavior,vulnerability, attack,etc…• Application identification• Information acquisition• Decoupling of processinglogic and rules• Responsive upgrade• Flexible Deployment
  • 6. An Example
  • 7. Protest2012.7Caused by a film clipAttack2012.9.18Cyber Fighters set up DDoS attack to Banks of the U.S.Named as “Operation Ababil”2 Phases Phase 1, 5 weeks (9.18-10.23)Phase 2, 7 weeks (12.10-1.28)Pause/Resume2013.1.29 attacks pause2013.3.5 attacks resume
  • 8. Huge VolumeLong TimeMultiple Attack MethodsMultiple Targets1. Web Servers as Zombie2. Numerous Zombies3. Dozens of G1. Network Layer:TCP/UDP/ICMP Flood2. Application Layer:HTTP/DNS Flood1. Several months2. APT alike1. Dozens of finance institutes2. ISPsDDoS
  • 9. Zombies are Web Server!! • Vulnerable admin passwords• Software Vulnerabilities TimThumb of WordPress Joomla
  • 10. WebHostingIDC1IDC2ISP1ISP2Internet1. Protocol Analysis•Protocol Validation by RFC Check2. Access Control List• Layer 4 ACL• Conn-Exhaustion ACL• URL ACL3. Reputation List• White/Black List• Dynamic Prioritizing4. Layer 4 Flood Mitigation•Source/destination IP address check/verification• Various mitigation algorithms5. Layer 7 Flood Mitigation• Various mitigation algorithms•Pattern Matching6: Rate Limit•Restricts traffic and ensures the critical business.1G10G40G100G400GThe capability to stop DDoS is fundamental,usually implemented at backbone andprovided as part of infrastructure services.
  • 11. 1. Network Access Control 2. TCP Flood Protection 3. HTTP Termination4. SSL Decryption5. Data Normalization6. HTTP Flood Protection7. HTTP Validation 8. HTTP Access Control9. Web Server and Plug-inProtection10. Rule-BasedProtection•Crawler•XSS•SQL Injection•LDAP Injection•SSI Command Injection•XPath Injection•Command LineInjection•Path Traverse•Remote File Inclusion11. Behavior-BasedProtection•Illegal File Upload•Illegal Download•Information Disclosure•Leech•CSRF•Scanning•Cookie Hijacking12. CustomizedProtection Mechanism•White List•Smart Patch•Custom Security•Exception PolicyWeb hacking protection, e.g. WAF, is usuallyimplemented at access layer and provided asvalue added services.WebHostingIDC1IDC2ISP1ISP2Internet1G10G40G100G400G
  • 12. WAFADSADSADS ADS ADSADS ADS ADS ADS ADS ADS ADS ADS ADS ADSADS ADS ADS ADS ADS ADS ADS ADS ADS ADS ADS ADS ADS … Dedicated Anti-DDoS System for large DDoS attacks Dedicated WAF for Web hackings and small volumeDDoS attacks. Manual operations are needed to transit betweenthem, when attackers change the gameWebHostingIDC1IDC2ISP1ISP2Internet1G10G40G100G400GSecurity as a ServiceSecurity as a ServiceSecurity as a Service
  • 13. ►►►
  • 14. Web DB AppClean CenterNTAADS-MADSWAF1Webhacking3Large volumeDDoS attack2Small volumeDDoS attack1. Web SecurityEngine2. Anti-DDoSModule3. DDoS AttackMitigation SystemNetworkBenefits1. Mitigation of DDoS and Webhacking as a whole2. Agility to respond when theattacker changes the way theyattack3. Cost-efficiency throughcollabration and automation
  • 15. 