Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Proven Practices For Securing Your Website Against DDoS Attacks

776 views

Published on

Join subject matter experts Kevin Beaver, author of Hacking For Dummies and Andrew Sullivan, Director of Architecture at Dyn, for a discussion on real-world practices to protect your enterprise against web-focused attacks including DNS, NTP amplification, and Web application-specific exploits. They discuss the vulnerabilities of web environments and why simply jumping on the cloud provider bandwagon won’t prevent DDoS attacks.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Proven Practices For Securing Your Website Against DDoS Attacks

  1. 1. Proven Practices for Securing Your Website Against DDoS Attacks Kevin Beaver, Principle Logic, LLC Andrew Sullivan, Dyn
  2. 2. A bit about Kevin Beaver ● Independent consultant ­25 years experience in IT – 19 years in information security ­Focus on performing technical security assessments ● Expert witness ­Data breaches, security best practices/due diligence, compliance, and intellectual property cases ● Speaker ● Writer ● Creator/author of Security On Wheels audiobooks & blog (securityonwheels.com)
  3. 3. A bit about Andrew Sullivan ● Director of Architecture for Dyn, an Internet performance company ● 15 years in the Internet industry ● Co-author of the DNS 64 specification ● Active in the Internet Engineering Task Force ● Member of the Internet Architecture Board
  4. 4. Insanity is… “Doing the same thing over and over again and expecting different results.” -­‐Albert Einstein
  5. 5. Defining the term
  6. 6. More than one soft underbelly P SYN floods P UDP amplification SPY BNo tnets UDP floods amplification Botnets
  7. 7. Botnets are cheap and easy!
  8. 8. Why do they do it?
  9. 9. The main driver
  10. 10. Common vulnerabilities
  11. 11. How do DNS attacks work?
  12. 12. Someone else performs attack
  13. 13. Response size is key
  14. 14. In the words of Kevin… “You cannot secure (or respond to) what you don’t understand.” -­‐Kevin Beaver
  15. 15. Situational awareness
  16. 16. Additional Resources ● Kevin’s website: principlelogic.com/ resources ● Kevin’s blog: securityonwheels.com/blog ● Kevin’s audio programs: securityonwheels.com ● Kevin’s latest books: ● Three Ways Companies Can Avoid DDoS Attacks (webinar) brighttalk.com/webcast/ 10729/113345?ContentHub ● DDoS 101 (video): dyn.com/dynedu what_is_a_ddos_attack/ ● The Cost of a DDoS Attack (whitepaper) pages.dyn.com/evaluating-cost- of-ddos.html
  17. 17. Your plan of action “Before everything else, getting ready is the secret to success.” -­‐Henry Ford

×