Distributed Denial Of Service Introduction
Upcoming SlideShare
Loading in...5
×
 

Distributed Denial Of Service Introduction

on

  • 396 views

presentation on DDoS and potential countermeasures for enterprise applications.

presentation on DDoS and potential countermeasures for enterprise applications.

Statistics

Views

Total Views
396
Slideshare-icon Views on SlideShare
396
Embed Views
0

Actions

Likes
1
Downloads
5
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Distributed Denial Of Service Introduction Distributed Denial Of Service Introduction Presentation Transcript

    • Distributed Denial of Service attacks (DDoS) 101
    • AGENDA ry to is H Pr o What is it? Next Step s Ba sic te ct ion ed nc va ion Ad ct te ro P
    • s ple m Exa DNS root servers attacked 2002 DNS attacks Estonia attacks 2007 commercial targets 2010 2012
    • t? is i hat W too many requests...can t handle * this actually happened at a CCC congress in Berlin
    • t? is i hat W L2 application L2 infrastructure L1 backup infrastructure L1 Level 1 : Network-based (D)DoS Level 2 : Application-level (D)DoS Level 2 : Economic (D)DoS Process (D)DoS L2
    • t? is i hat W c c c c c c c c c c c c c c some terminology: •node •command&control •recruitment •attrition •rate of growth/decay: @ L1 infrastucture main s s backup s s s s
    • t? is i hat W L2 application db server server db web server db <?xml version="1.0"?> <!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"> <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;"> <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;"> <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;"> <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;"> <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;"> <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;"> ]> <lolz>&lol9;</lolz> app app
    • c asi B tion ec rot P c c c c c c c c c c c c c c CDN @ content distribution network + no hardware limitations + no bandwidth limits + intelligence ISP main ON PREMISE backup s s s s - hardware limitations + (some) control over bandwidth + increased ‘intelligence’ s s - hardware limitations - no control over bandwidth - limited ‘intelligence’
    • d nce dva A tion ec rot P Web Application Firewall db server server web server db db app secure config secure config - cloud - devops centralized mgmt secure config app SDLC secure config
    • DN L SS S d nce dva A tion ec rot P APP XML
    • t Nex ? eps St process Incident Response • Prepare • Integrate service providers • “know your enemy” During an attack • Containment • Communications • Business Continuity After the attack • Return to normal operations • lessons learned • forensics
    • t Nex ? eps St quick wins ★ Build standard security components ★ encryption ★ AuthN/AuthZ ★ Logging ★ Input/Output validation ★ ... ★ Automate standardized processes (leverage tech) ★ deployment (including vuln scanning) ★ load balancing
    • Q&A
    • some terminology: •node •a computer recruited to the botnet and controlled by the botnet owner. •command&control (C2) •a central authority controlling the botnet, providing the nodes with instructions. •recruitment •the methods used by the botnet owner to add nodes to his botnet. •attrition •the loss of nodes from the botnet. •rate of growth/decay: size + recruitment - attrition