Your SlideShare is downloading. ×

Keep up keep secured

592

Published on

Cloud Asia Singapore 15 May 2013

Cloud Asia Singapore 15 May 2013

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
592
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. © 2000-2013 NSFOCUSwww.nsfocus.comnsfocus.comwww.nsfocus.comnsfocus.com
  • 2. 
  • 3. • ••••••
  • 4. ••••••••••
  • 5. SecurityLabs andexpertsComputingClustersServiceClustersWeb crawlers, content analyzers,malware analyzers, vulnerabilityscanners, big data analytics, etc.Reputation ofIP/file/domainname/URL,malicious behavior,vulnerability, attack,etc…• Application identification• Information acquisition• Decoupling of processinglogic and rules• Responsive upgrade• Flexible Deployment
  • 6. An Example
  • 7. Protest2012.7Caused by a film clipAttack2012.9.18Cyber Fighters set up DDoS attack to Banks of the U.S.Named as “Operation Ababil”2 Phases Phase 1, 5 weeks (9.18-10.23)Phase 2, 7 weeks (12.10-1.28)Pause/Resume2013.1.29 attacks pause2013.3.5 attacks resume
  • 8. Huge VolumeLong TimeMultiple Attack MethodsMultiple Targets1. Web Servers as Zombie2. Numerous Zombies3. Dozens of G1. Network Layer:TCP/UDP/ICMP Flood2. Application Layer:HTTP/DNS Flood1. Several months2. APT alike1. Dozens of finance institutes2. ISPsDDoS
  • 9. Zombies are Web Server!! • Vulnerable admin passwords• Software Vulnerabilities TimThumb of WordPress Joomla
  • 10. WebHostingIDC1IDC2ISP1ISP2Internet1. Protocol Analysis•Protocol Validation by RFC Check2. Access Control List• Layer 4 ACL• Conn-Exhaustion ACL• URL ACL3. Reputation List• White/Black List• Dynamic Prioritizing4. Layer 4 Flood Mitigation•Source/destination IP address check/verification• Various mitigation algorithms5. Layer 7 Flood Mitigation• Various mitigation algorithms•Pattern Matching6: Rate Limit•Restricts traffic and ensures the critical business.1G10G40G100G400GThe capability to stop DDoS is fundamental,usually implemented at backbone andprovided as part of infrastructure services.
  • 11. 1. Network Access Control 2. TCP Flood Protection 3. HTTP Termination4. SSL Decryption5. Data Normalization6. HTTP Flood Protection7. HTTP Validation 8. HTTP Access Control9. Web Server and Plug-inProtection10. Rule-BasedProtection•Crawler•XSS•SQL Injection•LDAP Injection•SSI Command Injection•XPath Injection•Command LineInjection•Path Traverse•Remote File Inclusion11. Behavior-BasedProtection•Illegal File Upload•Illegal Download•Information Disclosure•Leech•CSRF•Scanning•Cookie Hijacking12. CustomizedProtection Mechanism•White List•Smart Patch•Custom Security•Exception PolicyWeb hacking protection, e.g. WAF, is usuallyimplemented at access layer and provided asvalue added services.WebHostingIDC1IDC2ISP1ISP2Internet1G10G40G100G400G
  • 12. WAFADSADSADS ADS ADSADS ADS ADS ADS ADS ADS ADS ADS ADS ADSADS ADS ADS ADS ADS ADS ADS ADS ADS ADS ADS ADS ADS … Dedicated Anti-DDoS System for large DDoS attacks Dedicated WAF for Web hackings and small volumeDDoS attacks. Manual operations are needed to transit betweenthem, when attackers change the gameWebHostingIDC1IDC2ISP1ISP2Internet1G10G40G100G400GSecurity as a ServiceSecurity as a ServiceSecurity as a Service
  • 13. ►►►
  • 14. Web DB AppClean CenterNTAADS-MADSWAF1Webhacking3Large volumeDDoS attack2Small volumeDDoS attack1. Web SecurityEngine2. Anti-DDoSModule3. DDoS AttackMitigation SystemNetworkBenefits1. Mitigation of DDoS and Webhacking as a whole2. Agility to respond when theattacker changes the way theyattack3. Cost-efficiency throughcollabration and automation
  • 15. 

×