Distributed Denial of Service attacks
(DDoS)

101
AGENDA
ry
to

is
H

Pr
o
What is it?

Next
Step
s

Ba

sic
te
ct
ion

ed
nc
va
ion
Ad
ct
te
ro
P
s
ple
m
Exa

DNS root servers
attacked

2002

DNS
attacks
Estonia
attacks

2007

commercial
targets

2010

2012
t?
is i
hat
W

too many requests...can t handle
* this actually happened at a CCC congress in Berlin
t?
is i
hat
W

L2

application

L2

infrastructure
L1

backup
infrastructure
L1

Level 1 : Network-based (D)DoS
Level 2 : ...
t?
is i
hat
W

c

c

c

c

c
c

c

c

c

c

c
c

c

c

some terminology:
•node
•command&control
•recruitment
•attrition
•r...
t?
is i
hat
W

L2
application

db server

server

db

web

server

db

<?xml version="1.0"?>
<!DOCTYPE lolz [
<!ENTITY lol...
c
asi
B
tion
ec
rot
P

c

c

c

c

c
c

c

c

c

c

c
c

c

c

CDN

@

content
distribution
network

+ no hardware limitat...
d
nce
dva
A
tion
ec
rot
P

Web Application Firewall

db server

server

web

server

db
db

app

secure
config

secure
confi...
DN

L
SS

S

d
nce
dva
A
tion
ec
rot
P

APP

XML
t
Nex
?
eps
St

process

Incident
Response

• Prepare
• Integrate service providers
• “know your enemy”

During
an attack
...
t
Nex
?
eps
St

quick wins
★ Build standard security components
★ encryption
★ AuthN/AuthZ
★ Logging
★ Input/Output valida...
Q&A
some terminology:
•node
•a computer

recruited to the botnet and controlled
by the botnet owner.
•command&control (C2)
•a ...
Upcoming SlideShare
Loading in...5
×

Distributed Denial Of Service Introduction

454

Published on

presentation on DDoS and potential countermeasures for enterprise applications.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
454
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Distributed Denial Of Service Introduction

  1. 1. Distributed Denial of Service attacks (DDoS) 101
  2. 2. AGENDA ry to is H Pr o What is it? Next Step s Ba sic te ct ion ed nc va ion Ad ct te ro P
  3. 3. s ple m Exa DNS root servers attacked 2002 DNS attacks Estonia attacks 2007 commercial targets 2010 2012
  4. 4. t? is i hat W too many requests...can t handle * this actually happened at a CCC congress in Berlin
  5. 5. t? is i hat W L2 application L2 infrastructure L1 backup infrastructure L1 Level 1 : Network-based (D)DoS Level 2 : Application-level (D)DoS Level 2 : Economic (D)DoS Process (D)DoS L2
  6. 6. t? is i hat W c c c c c c c c c c c c c c some terminology: •node •command&control •recruitment •attrition •rate of growth/decay: @ L1 infrastucture main s s backup s s s s
  7. 7. t? is i hat W L2 application db server server db web server db <?xml version="1.0"?> <!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"> <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;"> <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;"> <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;"> <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;"> <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;"> <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;"> ]> <lolz>&lol9;</lolz> app app
  8. 8. c asi B tion ec rot P c c c c c c c c c c c c c c CDN @ content distribution network + no hardware limitations + no bandwidth limits + intelligence ISP main ON PREMISE backup s s s s - hardware limitations + (some) control over bandwidth + increased ‘intelligence’ s s - hardware limitations - no control over bandwidth - limited ‘intelligence’
  9. 9. d nce dva A tion ec rot P Web Application Firewall db server server web server db db app secure config secure config - cloud - devops centralized mgmt secure config app SDLC secure config
  10. 10. DN L SS S d nce dva A tion ec rot P APP XML
  11. 11. t Nex ? eps St process Incident Response • Prepare • Integrate service providers • “know your enemy” During an attack • Containment • Communications • Business Continuity After the attack • Return to normal operations • lessons learned • forensics
  12. 12. t Nex ? eps St quick wins ★ Build standard security components ★ encryption ★ AuthN/AuthZ ★ Logging ★ Input/Output validation ★ ... ★ Automate standardized processes (leverage tech) ★ deployment (including vuln scanning) ★ load balancing
  13. 13. Q&A
  14. 14. some terminology: •node •a computer recruited to the botnet and controlled by the botnet owner. •command&control (C2) •a central authority controlling the botnet, providing the nodes with instructions. •recruitment •the methods used by the botnet owner to add nodes to his botnet. •attrition •the loss of nodes from the botnet. •rate of growth/decay: size + recruitment - attrition
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×