SlideShare a Scribd company logo

PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski

PROIDEA
PROIDEA

PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski

Internet
1 of 60
Download to read offline
DDOS SOLUTIONS – CUSTOMER POINT OF VIEW Piotr Wojciechowski (CCIE #25543)
ABOUT ME ¢ Senior Network Engineer MSO at VeriFone Inc. ¢ Previously Network Solutions Architect at one of top polish IT integrators ¢ CCIE #25543 (Routing & Switching) ¢ Administrator of CCIE.PL board — The biggest Cisco community in Europe — About 7800 users — 3 admin, 3 moderators — Over 60 polish CCIEs as members, 20 of them actively posting — About 100 new topics per month — About 800 posts per month — English section available
AGENDA ¢ Risk analysis including threats about attacks, attacks and also attack that are meant to hide hacking ¢ Someone is attacking me! - am I able to get scrubbing service within few hours? ¢ Two models of deployment - DNS Redirection and BGP ¢ What is better - AlwaysOn or AlwaysAvailable? ¢ Volumetric attacks vs. L3-L7 DDoS protection ¢ Scrubbing service is not everything - how to deal with first wave of attack?
INTRODUCTION ¢ What this session is about — Highlight of DDoS problems and different attack — Overview of different solution — Tips about what to look at while designing DDoS protection ¢ What this session isn’t about — Presentation of vendors portfolio — Comparison between available services of multiple vendors
RISK ANALYSIS INCLUDING THREATS ABOUT ATTACKS,ATTACKS AND ALSO ATTACK THAT ARE MEANT TO HIDE HACKING
DDOS ATTACK CATEGORIES ¢ Volumetric — Flood based attacks at layer 3, 4 or 7 ¢ Asymmetric — Attacks designated to invoke timeouts or sessions state change ¢ Computational — Designated to saturate CPU and Memory ¢ Vulnerability-based — Exploit software vulnerabilities — Scrubbing Center — WAF — WAF — Application Delivery Controller — Network Firewall — IP Reputation Database — IDS/IPS + WAF — Application Delivery Controller
DDOS ATTACKS Firewall IPS ServersEdge Router SP Network Enterprise Network / DCInternet
OTHER ATTACKS Firewall IPS Servers Edge Router Large volume network floods Network scan SYN floods SQL HTTP Floods SSL Floods Brute Force XSS, CSRF Low&Slow DDoS SQL Injection
ATTACKS
MULTIPLE PROTECTION TOOLS ¢ To effectively mitigate multiple types of DoS/DDoS attacks, multiple protection tools are needed — Cloud DDoS protection to mitigate volumetric attacks that cansaturate the Internet link — DDoS protection to detect and mitigate all types of network DDoS attacks — Behavioral Analysis to protect against application DDoS and misuse attacks and filter them from legitimate traffic — Intrusion Prevention System (IPS) to block known attack tools and the low and slow attacks and prevent application and system vulnerability exploitations — SSL protection to protect against encrypted flood attacks — Web Application Firewall (WAF) to prevent web application vulnerability exploitations
DDOS ATTACKS DDoS Aware Firewalls: ¢ Most network firewalls are not resistant to DDoS attacks — Even if they are resistance is very limited — Simple layer 4 attack can disable the firewall ¢ Sheer throughput is not the answer — But it can give us some time to react!
DDOS ATTACKS ¢ Application Delivery Controller — Can be both network-aware and application-aware — Can offload services such as load-balancing, caching, and acceleration — A logical defensive position against both DDoS attacks and targeted application-layer attacks
DDOS ATTACKS ¢ IP Reputation Database — Helps to defend against asymmetric attacks — It block whole traffic or traffic pattern based on reputation database — Database can be internally deployed (history of past attacks) or from external subscription service — May be accurate but cannot guarantee 100% success in filtering
DDOS ATTACKS ¢ IDS/IPS — No role in volumetric attack prevention – usually weaker point than firewall — Can be a point for protection on application or protocol related threads ¢ As long as signatures are updated and properly managed — NGIPS can provide comprehensive analysis of network traffic and block malware as well as other attacks on known vulnerabilities
DDOS ATTACKS ¢ Web Application Firewall — It understand and enforce security policies on the applications — Can give us protection against volumetric HTTP floods and vulnerability- based attacks — Can provide additional services like web scraping and PCI compliance — Can offload and inspect SSL traffic
CAN I BE PROTECTED IN 100%? ¢ The hardest things to explain to management: — Scrubbing center, or in general any external DDoS solution, won’t give the company 100% protection — Protection must be done on multiple layers and using multiple solutions — Protection is an ongoing investment — That means $$$ we have to spend — We cannot spend those money when we are already under attack
WHAT SERVICES CAN BE OFFERED? ¢ Real-time DDoS detection and mitigation — Technical requirements must be met on customer side ¢ Defend against large volumetric attacks — Some companies will protect you for attacks up to specified volume only — Other companies may charge you extra if you exceed the traffic limit — But there are also companies that will guarantee minimum volume protection while larger attacks can be mitigated for free if there is platform capacity available
WHAT SERVICES CAN BE OFFERED? ¢ Protect against multiple attack vectors — Complex DDoS Attacks — Multilayered L3-L7 attacks ¢ Support team to respond on unusual cases — 24/7 monitoring
MAGIC WORD – SCRUBBING CENTER IN THE CLOUD ¢ Everything happens in the CLOUD — It’s a magic box that we don’t know how it works — Nobody will really tell us how it works Scrubbing Center
SCRUBBING CENTER – HIGH LEVEL VIEW Customer Customer Portal or Operator
SCRUBBING CENTER – HIGH LEVEL VIEW Customer Customer Portal or Operator
SCRUBBING CENTER – HIGH LEVEL VIEW Customer Customer Portal or Operator
WHICH DDOS MITIGATION TO USE? IDS/IPS Firewalls Web Application Firewall On-premise DDoS solution Scrubbing Services Content Delivery Network On-Premise Services Cloud Services Scrubbing Center
TWO MODELS OF DEPLOYMENT - DNS REDIRECTION AND BGP
Customer DC BGP AKA. ROUTED MODE ¢ Customer won’t announce prefix directly to ISP but to scrubbing center over GRE tunnel (sometimes over MPLS VPN) ¢ Does not require any application-specific configuration ¢ But we have routing asymmetry Scrubbing Center Internet ISP GRE Tunnel BGP Advertisement BGP Advertisement
Customer DC BGP AKA. ROUTED MODE ¢ Usually used in AlwaysAvailable (on-demand) mode ¢ Good for thwarting large volumetric and advanced DDoS assaults targeting any type of protocol or infrastructure Scrubbing Center Internet ISP GRE Tunnel BGP Advertisement BGP Advertisement
Customer DC BGP AKA. ROUTED MODE ¢ Requires additional monitoring and quite often manual action Scrubbing Center Internet ISP GRE Tunnel NetFlow BGP Advertisement BGP Advertisement
Customer DC DEDICATED IP ¢ Scrubbing center provider assign dedicated public IP from its own IP range ¢ All incoming traffic passes through the provider’s network where it is inspected and filtered ¢ Two-way GRE tunnel is used to forward clean traffic Scrubbing Center Internet ISP GRE Tunnel Dedicated IP
Customer DC DNS REDIRECTION AKA PROXY AKA WEB SERVICE PROTECTION ¢ How DNS Redirection works? — Attack is detected and blocked in scrubbing center Scrubbing Center Internet ISP FQDN: www.mydomain.com FQDN: www.mydomain.com
Customer DC DNS REDIRECTION AKA PROXY AKA WEB SERVICE PROTECTION ¢ DNS-based service for specific applications — Other traffic may bypass scrubbing center Scrubbing Center Internet ISP FQDN: www.mydomain.com FQDN: www.mydomain.com FQDN: www.myotherdomain.com
WHAT IS BETTER - ALWAYSON OR ALWAYSAVAILABLE?
WHAT IS BETTER - ALWAYSON OR ALWAYSAVAILABLE? ¢ AlwaysOn model: — Preferred model for DNS Redirection deployment — 24/7 mitigation of DDoS attacks — Monitoring and protection of layer 3, 4 and 7 attacks (in most cases) — No additional hardware or software required — DNS-based compatibility with any cloud service provider — Good solution when there is high frequency of attacks
WHAT IS BETTER - ALWAYSON OR ALWAYSAVAILABLE? ¢ AlwaysAvailable (OnDemand) model: — It can be automatically or manually started when attack is detected but no traffic redirection is required — Attack can be detected either by customer or by vendor — Customer use either BGP route changes or DNS redirection to send the traffic through scrubbing center ¢ Keep in mind that DNS records needs time to propagate and can be cached for long time — OnDemand mode is more suitable for BGP-based solutions
WHAT IS BETTER - ALWAYSON OR ALWAYSAVAILABLE? ¢ Hybrid solution: — It allow the customer to use their own DDoS solution as first line of defence ¢ WAF ¢ Local DDoS scrubbing centers ¢ BGP Blackholing ¢ Etc — When facilities become overwhelmed the customer can redirect traffic to vendor scrubbing center for additional remediation capacity
VOLUMETRIC ATTACKS VS. L3-L7 DDOS PROTECTION
VOLUMETRIC ATTACKS VS. L3-L7 DDOS PROTECTION ¢ Volumetric Attacks — Most common types of DDoS attack — Botnet network to flood the network layers with a substantial amount of seemingly legitimate traffic — UDP-based floods — Takes out the infrastructure capacity – routers, switches, firewalls etc.
VOLUMETRIC ATTACKS VS. L3-L7 DDOS PROTECTION ¢ Reflection Attacks — Usage of legitimate resource to amplify an attack to destination — Spoof victim IP address and send a request to server that will yield a big response — Example: DNS Amplification ¢ TCP State exhausion — SYN, FIN, RST floods — Exhaust resources on servers, load balancers and firewalls
VOLUMETRIC ATTACKS VS. L3-L7 DDOS PROTECTION ¢ L3-L7 DDoS Protection — Exploit limitation, scale and functionality of specific application — Can use known vulnerabilities — Can be slow-and-grow type or flood — Attack examples ¢ L3-4 - SYN flood, TCP flood, ICMP flood, UDP flood, known signature attacks, Teardrop, Smurf, Ping of Death, Mixed Flood, Reflected ICMP ¢ L7 - NTP, HTTP Flood, Slowloris, DNS flood, DNS reflection attacks, DNS amplification attacks
SOMEONE IS ATTACKING ME! - AM I ABLE TO GET SCRUBBING SERVICE WITHIN FEW HOURS?
SOMEONE IS ATTACKING ME! - AM I ABLE TO GET SCRUBBING SERVICE WITHIN FEW HOURS? ¢ The answer is: YES — But as always there are conditions ;) ¢ Some companies offer service that can be setup within few hours — If you have any other service from them process may be even faster ¢ You have to be able to setup service – ie. you still have to access devices and prepare configuration during an attack ¢ This kind of protection is usually only against volumetric attacks
SOMEONE IS ATTACKING ME! - AM I ABLE TO GET SCRUBBING SERVICE WITHIN FEW HOURS? ¢ Cost! — Emergency setup is usually more expensive — You still have to invest in comprehensive DDoS-mitigation solution — You already lost revenue from business — You will loose more if attacks are repeating — You lost your reputation as well
SCRUBBING SERVICE IS NOT EVERYTHING - HOW TO DEAL WITH FIRST WAVE OF ATTACK?
DDOS PROTECTION APPROACH ¢ DDoS Protection Approach 1. Do Nothing ¢ Go on with business as usual ¢ It may work for small companies without significant presence on Internet ¢ Cost: ¢ Short-term – nothing, maybe some transactions or emails will be delayed ¢ Long-term – may impact business and be reason of shutdown
DDOS PROTECTION APPROACH ¢ DDoS Protection Approach 2. Disaster Recovery Site ¢ Backup site in case the primary business site is attacked ¢ May work if we base on IP addresses not on FQDN’s ¢ DR planning generally does not include provisions for DDoS ¢ Usually not really useful solution ¢ Cost: ¢ Short-term – cost of additional rack space, vCPU, RAM etc. ¢ Long-term – may impact business and be reason of shutdown
DDOS PROTECTION APPROACH ¢ DDoS Protection Approach 3. On-Premise DDoS Appliance ¢ Closed solutions provided by some vendors based on algorithms protected as intellectual property – you will never know how it’s working ¢ Some good traffic will probably get filtered while some bad traffic will get through ¢ Throughput dependent on used hardware/licenses ¢ Can they really detect low-and-slow attacks? ¢ Would it prevent internet link from saturation? What’s the prediction of growth of your Internet traffic next 2-4 years? ¢ Cost: ¢ Short-term – cost may vary by vendor, time of the month/quarter, amount purchased, and also the volume of attacks that you we are trying to repel. ¢ Long-term – may impact business as not all attacks may be filtered, it can still cause Internet links saturation, in worst case it can be reason of shutdown
DDOS PROTECTION APPROACH ¢ DDoS Protection Approach 4. DDoS Mitigation from Data Center Operator or ISP ¢ Offered sometimes as standard, sometimes as premium service ¢ Many of them only deal with volumetric attacks ¢ effectiveness against the resource or application attacks will vary depending on what technology is used ¢ It may not be suitable solution for customers using multiple ISPs ¢ Cost: ¢ Short-term – may not be significant in cost (sometimes even free, sometimes flat rate), but there may be cost of exceeded ¢ Long-term – may be costly and not fully efficient
DDOS PROTECTION APPROACH ¢ DDoS Protection Approach 5. DDoS Mitigation services from specialized companies ¢ Requires either change in DNS records or redirecting the traffic basing on BGP ¢ Can be deployed in AlwaysAvailable or AlwaysOn mode ¢ Can deal not only with volumetric attacks ¢ Cost: ¢ Short-term – may depend of vendor and subscribed services ¢ Long-term – may depend of vendor and subscribed services but may cost us penalties or lost revenue if AlwaysAvailable model is used
DDOS PROTECTION APPROACH ¢ DDoS Protection Approach 6. Hybrid Model ¢ combination of an on-premise system and the specialized mitigation and/or provider- based solution ¢ Most expensive but same time most flexible ¢ Cost: ¢ Short-term – cost of on-site protection plus cost of remote protection. ¢ Long-term – increased operational cost that should leverage lost revenue in case of attack
WHAT ASSETS I WANT TO PROTECT? ¢ Identify possible risks for your company (examples): — DDoS attacks targeted on specific sector (ie. financial institutions, media) — DDoS attack threads (“We won’t attack you if you donate small amount of BTC”) — Application layer threads (well know vulnerabilities in common libraries) — Shared DC infrastructure saturation (if we are DC provider or SP) — Targeted attack on business critical application
HOW TO DEAL WITH FIRST WAVE OF ATTACK? ¢ Scenario depends on what solution is deployed ¢ Company should have approved procedure what to do in case of an attack ¢ All network and applications teams have to have knowledge about: — What are the symptoms of attack — How to verify — How to escalate — How to redirect to scrubbing center — How to monitor
HOW TO DEAL WITH FIRST WAVE OF ATTACK? ¢ Big Internet pipe is not a solution but it may help — Especially if we have AlwaysAvailable type of service — Many DC operators offer links with burstable CIR — May help in first wave of an attack as long as out devices won’t be overwhelmed with amount of traffic — Won’t really protect us against other type of attacks than volumetric ¢ But will give us time to redirect traffic to AlwaysAvailable service! ¢ Remember to have OOB management network
PRACTICAL HINTS
PRACTICAL HINTS – PREPARATION CHECKLIST 1. Build your DDoS response team — Identify people and departments that need to be involved — Define roles and responsibilities 2. Create response plan — Define procedures, resources and tools 3. Risk assessment — Evaluate your infrastructure (routers, switches, DNS servers, links bandwidth, firewalls, IPS etc.) — Identify single points of failure
PRACTICAL HINTS – PREPARATION CHECKLIST 4. Define strategy with your ISP — What protection they can offer — How much protection they can provide — What is the SLA of the service — What is response time and how much control/visibility you can get 5. Test the solution readiness — At least every 3-6 months
PRACTICAL HINTS – FUNDAMENTAL QUESTIONS (EXAMPLES) ¢ DDoS protection, both on premise as well as in cloud, is crucial part of traffic flow in your organization — Bad design can affect traffic flow — Bad design may create new SPOF — Bad design may extend the outage and cost you money — There are security concerns as well
PRACTICAL HINTS – FUNDAMENTAL QUESTIONS (EXAMPLES) ¢ Do I want all traffic to flow through scrubbing center? — Is additional delay in RTT significant for my traffic? — Is routing asymmetry something that may affect my service? — How much control I have if there are problems in scrubbing center? — Am I going to loose any of monitoring?
PRACTICAL HINTS – FUNDAMENTAL QUESTIONS (EXAMPLES) ¢ Do I trust my scrubbing service operator? — Would I trust handing over my SSL keys to scrubbing center operator? — What scrubbing center operator may do with metadata of my connections?
LAST WORD FROM THE SPEAKER ¢ I said I won’t talk about vendors ;) ¢ Comparison of global providers: http://www.imperva.com/docs/RPT_Forrester_Wave_DDoS_2015.pdf ¢ Remember that’s not the finite list
QUESTIONS?
THANK YOU

Recommended

PLNOG16: Bezpieczeństwo w sieci operatora, Sebastian Pasternacki
PLNOG16: Bezpieczeństwo w sieci operatora, Sebastian PasternackiPLNOG16: Bezpieczeństwo w sieci operatora, Sebastian Pasternacki
PLNOG16: Bezpieczeństwo w sieci operatora, Sebastian PasternackiPROIDEA
 
PLNOG16: IOS XR – 12 lat innowacji, Krzysztof Mazepa
PLNOG16: IOS XR – 12 lat innowacji, Krzysztof MazepaPLNOG16: IOS XR – 12 lat innowacji, Krzysztof Mazepa
PLNOG16: IOS XR – 12 lat innowacji, Krzysztof MazepaPROIDEA
 
Webinar - Minimise your security risk with Hybrid Cloud and OVH vRack
Webinar - Minimise your security risk with Hybrid Cloud and OVH vRackWebinar - Minimise your security risk with Hybrid Cloud and OVH vRack
Webinar - Minimise your security risk with Hybrid Cloud and OVH vRackOVHcloud
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPROIDEA
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationWilson Rogerio Lopes
 
Инновации Cisco для операторов связи
Инновации Cisco для операторов связиИнновации Cisco для операторов связи
Инновации Cisco для операторов связиCisco Russia
 
PLNOG16: Data center interconnect dla opornych, Krzysztof Mazepa
PLNOG16: Data center interconnect dla opornych, Krzysztof MazepaPLNOG16: Data center interconnect dla opornych, Krzysztof Mazepa
PLNOG16: Data center interconnect dla opornych, Krzysztof MazepaPROIDEA
 
Combating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaCombating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaMyNOG
 

Recommended

PLNOG16: Bezpieczeństwo w sieci operatora, Sebastian Pasternacki
PLNOG16: Bezpieczeństwo w sieci operatora, Sebastian PasternackiPLNOG16: Bezpieczeństwo w sieci operatora, Sebastian Pasternacki
PLNOG16: Bezpieczeństwo w sieci operatora, Sebastian PasternackiPROIDEA
 
PLNOG16: IOS XR – 12 lat innowacji, Krzysztof Mazepa
PLNOG16: IOS XR – 12 lat innowacji, Krzysztof MazepaPLNOG16: IOS XR – 12 lat innowacji, Krzysztof Mazepa
PLNOG16: IOS XR – 12 lat innowacji, Krzysztof MazepaPROIDEA
 
Webinar - Minimise your security risk with Hybrid Cloud and OVH vRack
Webinar - Minimise your security risk with Hybrid Cloud and OVH vRackWebinar - Minimise your security risk with Hybrid Cloud and OVH vRack
Webinar - Minimise your security risk with Hybrid Cloud and OVH vRackOVHcloud
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPROIDEA
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationWilson Rogerio Lopes
 
Инновации Cisco для операторов связи
Инновации Cisco для операторов связиИнновации Cisco для операторов связи
Инновации Cisco для операторов связиCisco Russia
 
PLNOG16: Data center interconnect dla opornych, Krzysztof Mazepa
PLNOG16: Data center interconnect dla opornych, Krzysztof MazepaPLNOG16: Data center interconnect dla opornych, Krzysztof Mazepa
PLNOG16: Data center interconnect dla opornych, Krzysztof MazepaPROIDEA
 
Combating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaCombating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaMyNOG
 
What is Network Function Virtualisation (NFV)?
What is Network Function Virtualisation (NFV)?What is Network Function Virtualisation (NFV)?
What is Network Function Virtualisation (NFV)?Karri Huhtanen
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareSurviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareCloudflare
 
Network engineering surgery - MSER complete network 2 (Firewall edge)
Network engineering surgery - MSER complete network 2 (Firewall edge)Network engineering surgery - MSER complete network 2 (Firewall edge)
Network engineering surgery - MSER complete network 2 (Firewall edge)Jisc
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
Introduction of Cloudflare Solution for Mobile Payment
Introduction of Cloudflare Solution for Mobile PaymentIntroduction of Cloudflare Solution for Mobile Payment
Introduction of Cloudflare Solution for Mobile PaymentJean Ryu
 
SSL for SaaS Providers
SSL for SaaS ProvidersSSL for SaaS Providers
SSL for SaaS ProvidersCloudflare
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationCloudflare
 
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PROIDEA
 
AWS Summit 2013 | Auckland - Extending your Datacentre with Amazon VPC
AWS Summit 2013 | Auckland - Extending your Datacentre with Amazon VPCAWS Summit 2013 | Auckland - Extending your Datacentre with Amazon VPC
AWS Summit 2013 | Auckland - Extending your Datacentre with Amazon VPCAmazon Web Services
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO a.s.
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesCloudflare
 
PLNOG16: ZTP – Zero Touch Provisioning in use, Marek Plaza
PLNOG16: ZTP – Zero Touch Provisioning in use, Marek PlazaPLNOG16: ZTP – Zero Touch Provisioning in use, Marek Plaza
PLNOG16: ZTP – Zero Touch Provisioning in use, Marek PlazaPROIDEA
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Bangladesh Network Operators Group
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonPavel Odintsov
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesSagi Brody
 
Network concepts
Network conceptsNetwork concepts
Network conceptsPrajwal Panchmahalkar
 
Introduction to BRAS
Introduction to BRASIntroduction to BRAS
Introduction to BRASKHNOG
 
SDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumSDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumThe Linux Foundation
 
Filling the Gaps in Your DDoS Mitigation Strategy
Filling the Gaps in Your DDoS Mitigation StrategyFilling the Gaps in Your DDoS Mitigation Strategy
Filling the Gaps in Your DDoS Mitigation StrategyCloudflare
 
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...Ziv Ichilov
 

More Related Content

What's hot

What is Network Function Virtualisation (NFV)?
What is Network Function Virtualisation (NFV)?What is Network Function Virtualisation (NFV)?
What is Network Function Virtualisation (NFV)?Karri Huhtanen
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareSurviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareCloudflare
 
Network engineering surgery - MSER complete network 2 (Firewall edge)
Network engineering surgery - MSER complete network 2 (Firewall edge)Network engineering surgery - MSER complete network 2 (Firewall edge)
Network engineering surgery - MSER complete network 2 (Firewall edge)Jisc
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
Introduction of Cloudflare Solution for Mobile Payment
Introduction of Cloudflare Solution for Mobile PaymentIntroduction of Cloudflare Solution for Mobile Payment
Introduction of Cloudflare Solution for Mobile PaymentJean Ryu
 
SSL for SaaS Providers
SSL for SaaS ProvidersSSL for SaaS Providers
SSL for SaaS ProvidersCloudflare
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationCloudflare
 
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PROIDEA
 
AWS Summit 2013 | Auckland - Extending your Datacentre with Amazon VPC
AWS Summit 2013 | Auckland - Extending your Datacentre with Amazon VPCAWS Summit 2013 | Auckland - Extending your Datacentre with Amazon VPC
AWS Summit 2013 | Auckland - Extending your Datacentre with Amazon VPCAmazon Web Services
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO a.s.
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesCloudflare
 
PLNOG16: ZTP – Zero Touch Provisioning in use, Marek Plaza
PLNOG16: ZTP – Zero Touch Provisioning in use, Marek PlazaPLNOG16: ZTP – Zero Touch Provisioning in use, Marek Plaza
PLNOG16: ZTP – Zero Touch Provisioning in use, Marek PlazaPROIDEA
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonPavel Odintsov
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesSagi Brody
 
Introduction to BRAS
Introduction to BRASIntroduction to BRAS
Introduction to BRASKHNOG
 
SDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumSDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumThe Linux Foundation
 

What's hot (20)

What is Network Function Virtualisation (NFV)?
What is Network Function Virtualisation (NFV)?What is Network Function Virtualisation (NFV)?
What is Network Function Virtualisation (NFV)?
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareSurviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
 
Network engineering surgery - MSER complete network 2 (Firewall edge)
Network engineering surgery - MSER complete network 2 (Firewall edge)Network engineering surgery - MSER complete network 2 (Firewall edge)
Network engineering surgery - MSER complete network 2 (Firewall edge)
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a Fox
 
Introduction of Cloudflare Solution for Mobile Payment
Introduction of Cloudflare Solution for Mobile PaymentIntroduction of Cloudflare Solution for Mobile Payment
Introduction of Cloudflare Solution for Mobile Payment
 
SSL for SaaS Providers
SSL for SaaS ProvidersSSL for SaaS Providers
SSL for SaaS Providers
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigation
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and Mitigation
 
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
 
AWS Summit 2013 | Auckland - Extending your Datacentre with Amazon VPC
AWS Summit 2013 | Auckland - Extending your Datacentre with Amazon VPCAWS Summit 2013 | Auckland - Extending your Datacentre with Amazon VPC
AWS Summit 2013 | Auckland - Extending your Datacentre with Amazon VPC
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product Launches
 
PLNOG16: ZTP – Zero Touch Provisioning in use, Marek Plaza
PLNOG16: ZTP – Zero Touch Provisioning in use, Marek PlazaPLNOG16: ZTP – Zero Touch Provisioning in use, Marek Plaza
PLNOG16: ZTP – Zero Touch Provisioning in use, Marek Plaza
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmon
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
 
Network concepts
Network conceptsNetwork concepts
Network concepts
 
Introduction to BRAS
Introduction to BRASIntroduction to BRAS
Introduction to BRAS
 
SDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + QuantumSDN - OpenFlow + OpenVSwitch + Quantum
SDN - OpenFlow + OpenVSwitch + Quantum
 

Similar to PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski

Filling the Gaps in Your DDoS Mitigation Strategy
Filling the Gaps in Your DDoS Mitigation StrategyFilling the Gaps in Your DDoS Mitigation Strategy
Filling the Gaps in Your DDoS Mitigation StrategyCloudflare
 
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...Ziv Ichilov
 
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
DETENIENDO LOS ATAQUES DDOS CON NSFOCUSDETENIENDO LOS ATAQUES DDOS CON NSFOCUS
DETENIENDO LOS ATAQUES DDOS CON NSFOCUSCristian Garcia G.
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPROIDEA
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewMarketingArrowECS_CZ
 
HaltDos DDoS Protection Solution
HaltDos DDoS Protection SolutionHaltDos DDoS Protection Solution
HaltDos DDoS Protection SolutionHaltdos
 
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...MazeBolt Technologies
 
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...Sergiy Pitel
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceCloudflare
 
Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Amazon Web Services
 
ddos-protector-customer-presentation.pdf
ddos-protector-customer-presentation.pdfddos-protector-customer-presentation.pdf
ddos-protector-customer-presentation.pdfTuPhan66
 
The role of DDoS Providers
The role of DDoS ProvidersThe role of DDoS Providers
The role of DDoS ProvidersNeil Hinton
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCCloudflare
 
Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Infradata
 
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks PROIDEA
 

Similar to PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski (20)

Filling the Gaps in Your DDoS Mitigation Strategy
Filling the Gaps in Your DDoS Mitigation StrategyFilling the Gaps in Your DDoS Mitigation Strategy
Filling the Gaps in Your DDoS Mitigation Strategy
 
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...
SecurityDAM - Hybrid DDoS Protection for MSSPs and Enterprises (Infosecurity ...
 
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
DETENIENDO LOS ATAQUES DDOS CON NSFOCUSDETENIENDO LOS ATAQUES DDOS CON NSFOCUS
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
 
HaltDos DDoS Protection Solution
HaltDos DDoS Protection SolutionHaltDos DDoS Protection Solution
HaltDos DDoS Protection Solution
 
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
 
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
bestpracticesforusingyournetworkandtheciscoasr9kforddos-150603185523-lva1-app...
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
 
Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...
 
ddos-protector-customer-presentation.pdf
ddos-protector-customer-presentation.pdfddos-protector-customer-presentation.pdf
ddos-protector-customer-presentation.pdf
 
The role of DDoS Providers
The role of DDoS ProvidersThe role of DDoS Providers
The role of DDoS Providers
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
 
DDoS Protection System DPS
DDoS Protection System DPSDDoS Protection System DPS
DDoS Protection System DPS
 
Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)
 
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
 

Recently uploaded

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 

Recently uploaded (20)

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 

PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski

  • 1. DDOS SOLUTIONS – CUSTOMER POINT OF VIEW Piotr Wojciechowski (CCIE #25543)
  • 2. ABOUT ME ¢ Senior Network Engineer MSO at VeriFone Inc. ¢ Previously Network Solutions Architect at one of top polish IT integrators ¢ CCIE #25543 (Routing & Switching) ¢ Administrator of CCIE.PL board — The biggest Cisco community in Europe — About 7800 users — 3 admin, 3 moderators — Over 60 polish CCIEs as members, 20 of them actively posting — About 100 new topics per month — About 800 posts per month — English section available
  • 3. AGENDA ¢ Risk analysis including threats about attacks, attacks and also attack that are meant to hide hacking ¢ Someone is attacking me! - am I able to get scrubbing service within few hours? ¢ Two models of deployment - DNS Redirection and BGP ¢ What is better - AlwaysOn or AlwaysAvailable? ¢ Volumetric attacks vs. L3-L7 DDoS protection ¢ Scrubbing service is not everything - how to deal with first wave of attack?
  • 4. INTRODUCTION ¢ What this session is about — Highlight of DDoS problems and different attack — Overview of different solution — Tips about what to look at while designing DDoS protection ¢ What this session isn’t about — Presentation of vendors portfolio — Comparison between available services of multiple vendors
  • 5. RISK ANALYSIS INCLUDING THREATS ABOUT ATTACKS,ATTACKS AND ALSO ATTACK THAT ARE MEANT TO HIDE HACKING
  • 6. DDOS ATTACK CATEGORIES ¢ Volumetric — Flood based attacks at layer 3, 4 or 7 ¢ Asymmetric — Attacks designated to invoke timeouts or sessions state change ¢ Computational — Designated to saturate CPU and Memory ¢ Vulnerability-based — Exploit software vulnerabilities — Scrubbing Center — WAF — WAF — Application Delivery Controller — Network Firewall — IP Reputation Database — IDS/IPS + WAF — Application Delivery Controller
  • 7. DDOS ATTACKS Firewall IPS ServersEdge Router SP Network Enterprise Network / DCInternet
  • 8. OTHER ATTACKS Firewall IPS Servers Edge Router Large volume network floods Network scan SYN floods SQL HTTP Floods SSL Floods Brute Force XSS, CSRF Low&Slow DDoS SQL Injection
  • 10. MULTIPLE PROTECTION TOOLS ¢ To effectively mitigate multiple types of DoS/DDoS attacks, multiple protection tools are needed — Cloud DDoS protection to mitigate volumetric attacks that cansaturate the Internet link — DDoS protection to detect and mitigate all types of network DDoS attacks — Behavioral Analysis to protect against application DDoS and misuse attacks and filter them from legitimate traffic — Intrusion Prevention System (IPS) to block known attack tools and the low and slow attacks and prevent application and system vulnerability exploitations — SSL protection to protect against encrypted flood attacks — Web Application Firewall (WAF) to prevent web application vulnerability exploitations
  • 11. DDOS ATTACKS DDoS Aware Firewalls: ¢ Most network firewalls are not resistant to DDoS attacks — Even if they are resistance is very limited — Simple layer 4 attack can disable the firewall ¢ Sheer throughput is not the answer — But it can give us some time to react!
  • 12. DDOS ATTACKS ¢ Application Delivery Controller — Can be both network-aware and application-aware — Can offload services such as load-balancing, caching, and acceleration — A logical defensive position against both DDoS attacks and targeted application-layer attacks
  • 13. DDOS ATTACKS ¢ IP Reputation Database — Helps to defend against asymmetric attacks — It block whole traffic or traffic pattern based on reputation database — Database can be internally deployed (history of past attacks) or from external subscription service — May be accurate but cannot guarantee 100% success in filtering
  • 14. DDOS ATTACKS ¢ IDS/IPS — No role in volumetric attack prevention – usually weaker point than firewall — Can be a point for protection on application or protocol related threads ¢ As long as signatures are updated and properly managed — NGIPS can provide comprehensive analysis of network traffic and block malware as well as other attacks on known vulnerabilities
  • 15. DDOS ATTACKS ¢ Web Application Firewall — It understand and enforce security policies on the applications — Can give us protection against volumetric HTTP floods and vulnerability- based attacks — Can provide additional services like web scraping and PCI compliance — Can offload and inspect SSL traffic
  • 16. CAN I BE PROTECTED IN 100%? ¢ The hardest things to explain to management: — Scrubbing center, or in general any external DDoS solution, won’t give the company 100% protection — Protection must be done on multiple layers and using multiple solutions — Protection is an ongoing investment — That means $$$ we have to spend — We cannot spend those money when we are already under attack
  • 17. WHAT SERVICES CAN BE OFFERED? ¢ Real-time DDoS detection and mitigation — Technical requirements must be met on customer side ¢ Defend against large volumetric attacks — Some companies will protect you for attacks up to specified volume only — Other companies may charge you extra if you exceed the traffic limit — But there are also companies that will guarantee minimum volume protection while larger attacks can be mitigated for free if there is platform capacity available
  • 18. WHAT SERVICES CAN BE OFFERED? ¢ Protect against multiple attack vectors — Complex DDoS Attacks — Multilayered L3-L7 attacks ¢ Support team to respond on unusual cases — 24/7 monitoring
  • 19. MAGIC WORD – SCRUBBING CENTER IN THE CLOUD ¢ Everything happens in the CLOUD — It’s a magic box that we don’t know how it works — Nobody will really tell us how it works Scrubbing Center
  • 20. SCRUBBING CENTER – HIGH LEVEL VIEW Customer Customer Portal or Operator
  • 21. SCRUBBING CENTER – HIGH LEVEL VIEW Customer Customer Portal or Operator
  • 22. SCRUBBING CENTER – HIGH LEVEL VIEW Customer Customer Portal or Operator
  • 23. WHICH DDOS MITIGATION TO USE? IDS/IPS Firewalls Web Application Firewall On-premise DDoS solution Scrubbing Services Content Delivery Network On-Premise Services Cloud Services Scrubbing Center
  • 24. TWO MODELS OF DEPLOYMENT - DNS REDIRECTION AND BGP
  • 25. Customer DC BGP AKA. ROUTED MODE ¢ Customer won’t announce prefix directly to ISP but to scrubbing center over GRE tunnel (sometimes over MPLS VPN) ¢ Does not require any application-specific configuration ¢ But we have routing asymmetry Scrubbing Center Internet ISP GRE Tunnel BGP Advertisement BGP Advertisement
  • 26. Customer DC BGP AKA. ROUTED MODE ¢ Usually used in AlwaysAvailable (on-demand) mode ¢ Good for thwarting large volumetric and advanced DDoS assaults targeting any type of protocol or infrastructure Scrubbing Center Internet ISP GRE Tunnel BGP Advertisement BGP Advertisement
  • 27. Customer DC BGP AKA. ROUTED MODE ¢ Requires additional monitoring and quite often manual action Scrubbing Center Internet ISP GRE Tunnel NetFlow BGP Advertisement BGP Advertisement
  • 28. Customer DC DEDICATED IP ¢ Scrubbing center provider assign dedicated public IP from its own IP range ¢ All incoming traffic passes through the provider’s network where it is inspected and filtered ¢ Two-way GRE tunnel is used to forward clean traffic Scrubbing Center Internet ISP GRE Tunnel Dedicated IP
  • 29. Customer DC DNS REDIRECTION AKA PROXY AKA WEB SERVICE PROTECTION ¢ How DNS Redirection works? — Attack is detected and blocked in scrubbing center Scrubbing Center Internet ISP FQDN: www.mydomain.com FQDN: www.mydomain.com
  • 30. Customer DC DNS REDIRECTION AKA PROXY AKA WEB SERVICE PROTECTION ¢ DNS-based service for specific applications — Other traffic may bypass scrubbing center Scrubbing Center Internet ISP FQDN: www.mydomain.com FQDN: www.mydomain.com FQDN: www.myotherdomain.com
  • 31. WHAT IS BETTER - ALWAYSON OR ALWAYSAVAILABLE?
  • 32. WHAT IS BETTER - ALWAYSON OR ALWAYSAVAILABLE? ¢ AlwaysOn model: — Preferred model for DNS Redirection deployment — 24/7 mitigation of DDoS attacks — Monitoring and protection of layer 3, 4 and 7 attacks (in most cases) — No additional hardware or software required — DNS-based compatibility with any cloud service provider — Good solution when there is high frequency of attacks
  • 33. WHAT IS BETTER - ALWAYSON OR ALWAYSAVAILABLE? ¢ AlwaysAvailable (OnDemand) model: — It can be automatically or manually started when attack is detected but no traffic redirection is required — Attack can be detected either by customer or by vendor — Customer use either BGP route changes or DNS redirection to send the traffic through scrubbing center ¢ Keep in mind that DNS records needs time to propagate and can be cached for long time — OnDemand mode is more suitable for BGP-based solutions
  • 34. WHAT IS BETTER - ALWAYSON OR ALWAYSAVAILABLE? ¢ Hybrid solution: — It allow the customer to use their own DDoS solution as first line of defence ¢ WAF ¢ Local DDoS scrubbing centers ¢ BGP Blackholing ¢ Etc — When facilities become overwhelmed the customer can redirect traffic to vendor scrubbing center for additional remediation capacity
  • 35. VOLUMETRIC ATTACKS VS. L3-L7 DDOS PROTECTION
  • 36. VOLUMETRIC ATTACKS VS. L3-L7 DDOS PROTECTION ¢ Volumetric Attacks — Most common types of DDoS attack — Botnet network to flood the network layers with a substantial amount of seemingly legitimate traffic — UDP-based floods — Takes out the infrastructure capacity – routers, switches, firewalls etc.
  • 37. VOLUMETRIC ATTACKS VS. L3-L7 DDOS PROTECTION ¢ Reflection Attacks — Usage of legitimate resource to amplify an attack to destination — Spoof victim IP address and send a request to server that will yield a big response — Example: DNS Amplification ¢ TCP State exhausion — SYN, FIN, RST floods — Exhaust resources on servers, load balancers and firewalls
  • 38. VOLUMETRIC ATTACKS VS. L3-L7 DDOS PROTECTION ¢ L3-L7 DDoS Protection — Exploit limitation, scale and functionality of specific application — Can use known vulnerabilities — Can be slow-and-grow type or flood — Attack examples ¢ L3-4 - SYN flood, TCP flood, ICMP flood, UDP flood, known signature attacks, Teardrop, Smurf, Ping of Death, Mixed Flood, Reflected ICMP ¢ L7 - NTP, HTTP Flood, Slowloris, DNS flood, DNS reflection attacks, DNS amplification attacks
  • 39. SOMEONE IS ATTACKING ME! - AM I ABLE TO GET SCRUBBING SERVICE WITHIN FEW HOURS?
  • 40. SOMEONE IS ATTACKING ME! - AM I ABLE TO GET SCRUBBING SERVICE WITHIN FEW HOURS? ¢ The answer is: YES — But as always there are conditions ;) ¢ Some companies offer service that can be setup within few hours — If you have any other service from them process may be even faster ¢ You have to be able to setup service – ie. you still have to access devices and prepare configuration during an attack ¢ This kind of protection is usually only against volumetric attacks
  • 41. SOMEONE IS ATTACKING ME! - AM I ABLE TO GET SCRUBBING SERVICE WITHIN FEW HOURS? ¢ Cost! — Emergency setup is usually more expensive — You still have to invest in comprehensive DDoS-mitigation solution — You already lost revenue from business — You will loose more if attacks are repeating — You lost your reputation as well
  • 42. SCRUBBING SERVICE IS NOT EVERYTHING - HOW TO DEAL WITH FIRST WAVE OF ATTACK?
  • 43. DDOS PROTECTION APPROACH ¢ DDoS Protection Approach 1. Do Nothing ¢ Go on with business as usual ¢ It may work for small companies without significant presence on Internet ¢ Cost: ¢ Short-term – nothing, maybe some transactions or emails will be delayed ¢ Long-term – may impact business and be reason of shutdown
  • 44. DDOS PROTECTION APPROACH ¢ DDoS Protection Approach 2. Disaster Recovery Site ¢ Backup site in case the primary business site is attacked ¢ May work if we base on IP addresses not on FQDN’s ¢ DR planning generally does not include provisions for DDoS ¢ Usually not really useful solution ¢ Cost: ¢ Short-term – cost of additional rack space, vCPU, RAM etc. ¢ Long-term – may impact business and be reason of shutdown
  • 45. DDOS PROTECTION APPROACH ¢ DDoS Protection Approach 3. On-Premise DDoS Appliance ¢ Closed solutions provided by some vendors based on algorithms protected as intellectual property – you will never know how it’s working ¢ Some good traffic will probably get filtered while some bad traffic will get through ¢ Throughput dependent on used hardware/licenses ¢ Can they really detect low-and-slow attacks? ¢ Would it prevent internet link from saturation? What’s the prediction of growth of your Internet traffic next 2-4 years? ¢ Cost: ¢ Short-term – cost may vary by vendor, time of the month/quarter, amount purchased, and also the volume of attacks that you we are trying to repel. ¢ Long-term – may impact business as not all attacks may be filtered, it can still cause Internet links saturation, in worst case it can be reason of shutdown
  • 46. DDOS PROTECTION APPROACH ¢ DDoS Protection Approach 4. DDoS Mitigation from Data Center Operator or ISP ¢ Offered sometimes as standard, sometimes as premium service ¢ Many of them only deal with volumetric attacks ¢ effectiveness against the resource or application attacks will vary depending on what technology is used ¢ It may not be suitable solution for customers using multiple ISPs ¢ Cost: ¢ Short-term – may not be significant in cost (sometimes even free, sometimes flat rate), but there may be cost of exceeded ¢ Long-term – may be costly and not fully efficient
  • 47. DDOS PROTECTION APPROACH ¢ DDoS Protection Approach 5. DDoS Mitigation services from specialized companies ¢ Requires either change in DNS records or redirecting the traffic basing on BGP ¢ Can be deployed in AlwaysAvailable or AlwaysOn mode ¢ Can deal not only with volumetric attacks ¢ Cost: ¢ Short-term – may depend of vendor and subscribed services ¢ Long-term – may depend of vendor and subscribed services but may cost us penalties or lost revenue if AlwaysAvailable model is used
  • 48. DDOS PROTECTION APPROACH ¢ DDoS Protection Approach 6. Hybrid Model ¢ combination of an on-premise system and the specialized mitigation and/or provider- based solution ¢ Most expensive but same time most flexible ¢ Cost: ¢ Short-term – cost of on-site protection plus cost of remote protection. ¢ Long-term – increased operational cost that should leverage lost revenue in case of attack
  • 49. WHAT ASSETS I WANT TO PROTECT? ¢ Identify possible risks for your company (examples): — DDoS attacks targeted on specific sector (ie. financial institutions, media) — DDoS attack threads (“We won’t attack you if you donate small amount of BTC”) — Application layer threads (well know vulnerabilities in common libraries) — Shared DC infrastructure saturation (if we are DC provider or SP) — Targeted attack on business critical application
  • 50. HOW TO DEAL WITH FIRST WAVE OF ATTACK? ¢ Scenario depends on what solution is deployed ¢ Company should have approved procedure what to do in case of an attack ¢ All network and applications teams have to have knowledge about: — What are the symptoms of attack — How to verify — How to escalate — How to redirect to scrubbing center — How to monitor
  • 51. HOW TO DEAL WITH FIRST WAVE OF ATTACK? ¢ Big Internet pipe is not a solution but it may help — Especially if we have AlwaysAvailable type of service — Many DC operators offer links with burstable CIR — May help in first wave of an attack as long as out devices won’t be overwhelmed with amount of traffic — Won’t really protect us against other type of attacks than volumetric ¢ But will give us time to redirect traffic to AlwaysAvailable service! ¢ Remember to have OOB management network
  • 53. PRACTICAL HINTS – PREPARATION CHECKLIST 1. Build your DDoS response team — Identify people and departments that need to be involved — Define roles and responsibilities 2. Create response plan — Define procedures, resources and tools 3. Risk assessment — Evaluate your infrastructure (routers, switches, DNS servers, links bandwidth, firewalls, IPS etc.) — Identify single points of failure
  • 54. PRACTICAL HINTS – PREPARATION CHECKLIST 4. Define strategy with your ISP — What protection they can offer — How much protection they can provide — What is the SLA of the service — What is response time and how much control/visibility you can get 5. Test the solution readiness — At least every 3-6 months
  • 55. PRACTICAL HINTS – FUNDAMENTAL QUESTIONS (EXAMPLES) ¢ DDoS protection, both on premise as well as in cloud, is crucial part of traffic flow in your organization — Bad design can affect traffic flow — Bad design may create new SPOF — Bad design may extend the outage and cost you money — There are security concerns as well
  • 56. PRACTICAL HINTS – FUNDAMENTAL QUESTIONS (EXAMPLES) ¢ Do I want all traffic to flow through scrubbing center? — Is additional delay in RTT significant for my traffic? — Is routing asymmetry something that may affect my service? — How much control I have if there are problems in scrubbing center? — Am I going to loose any of monitoring?
  • 57. PRACTICAL HINTS – FUNDAMENTAL QUESTIONS (EXAMPLES) ¢ Do I trust my scrubbing service operator? — Would I trust handing over my SSL keys to scrubbing center operator? — What scrubbing center operator may do with metadata of my connections?
  • 58. LAST WORD FROM THE SPEAKER ¢ I said I won’t talk about vendors ;) ¢ Comparison of global providers: http://www.imperva.com/docs/RPT_Forrester_Wave_DDoS_2015.pdf ¢ Remember that’s not the finite list