Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

5 Ways To Fight A DDoS Attack

2,379 views

Published on

The Credit Union National Association (CUNA) issued a statement on Friday, April 26th, 2013 that a possible widespread Distributed Denial of Service (DDoS) attack may take place on Tuesday, May 7th, 2013.

Despite the numerous warnings, CUNA has offered little advice on how to manage the situation and mitigate an attack.

Realizing the severity of the situation, RedZone has put together 5 practical ways to mitigate against a DDoS happening to you that was presented via GoToWebinar on Wednesday, May 1st, 2013.

The types of attacks we reviewed were:
1. Pure network attack against the credit union
2. Pure network attack against the ISP router
3. Content DDoS
4. DNS DDoS
5. Random Botnet attack

We also answered the following questions:
• What does it mean?
• What are your Zero day protection options?
• What to check on your security products?
• How to enable Global IP protection?
• How do I detect fraud communication in advance?
• What are some vendor product options?


Published in: Technology
  • Be the first to comment

5 Ways To Fight A DDoS Attack

  1. 1. Credit Union - DDoS(Distributed Denial of Service) Attacks?Virtual Education SessionMay 2nd | 4 – 4:45pmModerator:KristineWilsonPresenters:BillMurphyandJamesCrifasiLive Tweet from the event!@TheRedZoneCIO
  2. 2. Schedule of EventsLearn5PracticalThingsACreditUnionCanDoToPreventAnAttack4:00p – 4:30p Presentation (If Lucky)4:30p – 4:45p Q&ALive Tweet from the event!@TheRedZoneCIO
  3. 3. President and Founder• RedZone Technologies• ThunderDG• MA DR Solutions• Beyond Limits MagazineKeep In Touch With Bill:@TheRedZoneCIOCIO Executive Series Groupbillm@redzonetech.netAbout Bill MurphyLive Tweet from the event!@TheRedZoneCIO
  4. 4. About James CrifasiLive Tweet from the event!@TheRedZoneCIO• CTO of RedZone Technologies• Co-Founder ThunderDG• Co-Founder MA DR• University of Maryland Graduate | B.A. Criminology &Criminal Justice | B.S. Computer Science – AlgorithmicTheory & AI | M.S. Interdisciplinary Management• Keep In Touch With James: jcrifasi@redzonetech.net
  5. 5. Assessment: IT Architecture and DesignIntegration: Security| Disaster Recovery|InfrastructureManaged Service ProgramsCloud BrokerageLive Tweet from the event!@TheRedZoneCIO
  6. 6. Agenda – Types of attacks To Be Reviewed1. Pure network attack against the credit union2. Pure network attack against the ISP router3. Content DDoS4. DNS DDoS5. Random Botnet attackLive Tweet from the event!@TheRedZoneCIO
  7. 7. Agenda – Questions To Be Answered• What does it mean?• What are your zero-day protection options?• What to check on your security products?• How to enable global IP protection?• How do I address potential fraud communication inadvance?• What are some vendor solutions?Live Tweet from the event!@TheRedZoneCIO
  8. 8. Set The StageLive Tweet from the event!@TheRedZoneCIO
  9. 9. Insidious Plots.Live Tweet from the event!@TheRedZoneCIO
  10. 10. .Live Tweet from the event!@TheRedZoneCIOInsidious PlotsSource: InformationWeek.com
  11. 11. .Live Tweet from the event!@TheRedZoneCIOInsidious PlotsSource: DarkReading.com
  12. 12. Insidious Plots.Live Tweet from the event!@TheRedZoneCIOSource: RSA
  13. 13. What Do They Want?Live Tweet from the event!@TheRedZoneCIO“Their tactics have been succeeding. They will be back formore because they are getting what they want.”- Avivah Litan, a Gartner analyst who tracks DDoS.CU Times1. Primary objective appears to be to create uncertaintiesabout the reliability and dependability of the UnitedStates’ financial system and knock many big banks off line– mission accomplished.2. Headlines
  14. 14. What Do They Want?.Live Tweet from the event!@TheRedZoneCIOSource: RSA
  15. 15. What Does It Mean?• Being down• Unable to update members on situation• Greater risk of attacks on members (Phishing)Live Tweet from the event!@TheRedZoneCIOSource: Tosh.ComedyCentral.com
  16. 16. Our Philosophy – Be Proactive.Live Tweet from the event!@TheRedZoneCIOSource: Google Images
  17. 17. Whack-A-Mole? Reactive!Live Tweet from the event!@TheRedZoneCIOSource: Google Images
  18. 18. Security When Under The Gun.Live Tweet from the event!@TheRedZoneCIOSource: Google Images
  19. 19. Our Approach When Time Is Of the Essence.Live Tweet from the event!@TheRedZoneCIO• Review critical network components• Communication with members• Let board know there are no guarantees
  20. 20. How Can a Credit Union prepare and respondduring an attack?An attack can be from hours to days…Three Phases Are Needed1. Pre-Attack Phase –• Readying for an attack• Securing mitigation solutions, deploying appropriate securitysystems, etc.2. During the Attack Phase• Assemble the required manpower and expertise• Considering that you may only experience a few attacks per year3. Post-Attack Phase• Conducting forensics, drawing conclusions and improving for the nextattack• Search for additional competencies externally - from security experts,vertical alliances, or government services.• On-demand service Live Tweet from the event!@TheRedZoneCIO
  21. 21. Our Approach When Not Under GunLogic | Assessment | Portfolio InvestmentLive Tweet from the event!@TheRedZoneCIO• Review Security Portfolio• Develop 24 month investment roadmap• Identify Gaps• Remediate Gaps• Let Board know there are no guarantees**Don’t make it easy for them (attackers)
  22. 22. Security ScoreboardLive Tweet from the event!@TheRedZoneCIOSource: RedZone Technologies
  23. 23. Client IntegrityIntelligent PerimetersIdentity AccessControlEnterprise SingleSign OnProvisioning/DeprovisioningAuthenticationAuthorization & RolesDirectory - FoundationMulti-year Security, Identity and Privacy Strategy(SIP)ComplianceRequirementsPC firewallsUSB MgmtLaptop MgmtEmail EncryptionFirewallsUTM devicesIDP/IDSSPAM FiltersVPNsSSL/VPNWeb MailTwo factorAuthenticationBiometricsKey fob (two factor)Secure PasswordManagement andBuilding access Mgmtthrough anAppliance orApplication rewritingSingle Directory withprocess and system ‘tie-ins’FederationStrategic Creation ofRoles based on jobfunction, notindividualized on a peruser basis.Microsoft AD, Novell,Open LDAP, etcMONITORLOGGNGREPORTINGLive Tweet from the event!@TheRedZoneCIOSource: RedZone Technologies
  24. 24. PURE POWER IS BIG ENABLERLive Tweet from the event!@TheRedZoneCIO• Attacks reach 40+ gigabits/second• Attacker only needs 2,000+ servers• Targets have to invest substantial resources to defend• Reflective DNS attacks still major “weapon”• Tactics have adapted to counter measures• Attacks are more intelligent and deadlySource: RSA
  25. 25. Pure Network Attack Against the Credit UnionLive Tweet from the event!@TheRedZoneCIOTHE CUServer (Any)Source: RSA
  26. 26. Pure Network Attack Against the ISP RouterLive Tweet from the event!@TheRedZoneCIOThe droidguy.comISP RouterCU Security GearSource: RSA
  27. 27. Content DDoSLive Tweet from the event!@TheRedZoneCIONormal: ask for one file and wait for answerDDoS: ask for hundreds of files and ignore answerEXAMPLE 1EXAMPLE 2Source: RSA
  28. 28. Content DDoSLive Tweet from the event!@TheRedZoneCIOOne example of content DDoS is using the servers SSL certificate against it.Source: Radware
  29. 29. DNS DDoS (Amplification)Live Tweet from the event!@TheRedZoneCIOCU MembersSource: RSA
  30. 30. Live Tweet from the event!@TheRedZoneCIORandom BotnetCredit UnionSource: RSA
  31. 31. What To Check• Firewall – Basic DDoS Network Protection• Load Balancers – Network DDoS Protection• ISP Router – does it answer to the internet? (do you letpeople ping?)• Where is your DNS hosted? i.e. On a single server, withthe ISP, self hosted behind security (best), securecloud hosted (best)• IDS/IPS and Security Services at the edge of yournetworkLive Tweet from the event!@TheRedZoneCIO
  32. 32. What To CheckLive Tweet from the event!@TheRedZoneCIOUlrich RSADefense• Block DNS responses fromservers that don’t need tosee them• Only answer queries forwhich server is authoritative• Limit access to recursivename servers to internalusersOffense• Attacker uses queries forwhich server is authoritative• Attacker compromisesservers with substantialbandwidth• Use of “ANY” queries• Use of EDN0
  33. 33. Vendor OptionsLive Tweet from the event!@TheRedZoneCIO
  34. 34. Live Tweet from the event!@TheRedZoneCIOSource: Blue Coat
  35. 35. Live Tweet from the event!@TheRedZoneCIOSource: RSA
  36. 36. Live Tweet from the event!@TheRedZoneCIOThe Dell SonicWALL Threats Research Teamdiscovered a new Trojan spreading throughdrive-by downloads from malicious links.The Neglemir Trojan was found reporting to aBotnet infrastructure and performing DDOS(Distributed Denial of Service) attacks onselected targets in China.During our analysis, we found it targetingvarious servers belonging to China Telecom aswell as websites selling tools for The Legend ofMir, an online multiplayer roleplaying game.• Web Application Firewalling – Content DDoS• NSA UTM protection – Network DDoS• Spam Filtering – Phishing RelevanceSource: Dell
  37. 37. Live Tweet from the event!@TheRedZoneCIOA new malware threat for the Mac, called “Pintsized,” attempts to set up asecure connection for a remote hacker to connect through and grab privateinformation.This backdoor Trojan can be used to conduct distributed denial of service(DDoS) attacks, or it can be used to install additional Trojans or other forms ofmalicious software. The Trojan stays hidden by disguising itself as a file that isused for networked printers in Mac OS X.This tactic conceals the Trojan and makes a monitor think that a printer isseeking access to the network, thus evading traditional signature-baseddetection systems. http://alrt.co/15ekmXWTakeaway: Distributed denial-of-service attacks (DDOS) can be minimized oreven completely mitigated by a properly planned Web security infrastructureconsisting of global DNS as well as Web application firewalls.• Web Security Monitor• Threat ManagerSource: AlertLogic
  38. 38. In Summary - PlanLive Tweet from the event!@TheRedZoneCIOSource: Google Images
  39. 39. Upcoming EventsLive Tweet from the event!@TheRedZoneCIOBYOD | MDM | Mobile Policy Management | Compliance | Advanced Threats(APTs) | Security Portfolio Investment RiskIn this symposium learning event, Credit Union IT Chiefs will learn to GoHunting for Malware & Crimeware. We will cover 15 major areas of an ITSecurity and Infrastructure Best Practices program. Some highlights of thelearning and education will be:• Centralized deployment of applications and data• BYOD, MDM and Mobility• Perform Compliance functions with ease.• Increase Security effectiveness, management, and auditing on a tightbudget• Advanced Threat Education on APTsWednesday, June 12th from 11:30am to 5:00pmEggspectations in Columbia
  40. 40. Security ScoreboardLive Tweet from the event!@TheRedZoneCIOSource: RedZone Technologies
  41. 41. Live Tweet from the event!@TheRedZoneCIOPyramid of Networking Success –Assessment FoundationBONESIPAddressing, Routers, and SwitchesMUSCLESNOS Services (DHCP, WINS, and DNS)BRAINThe Windows DomainActive DirectorySecurity Edge to CoreNOSNetworkingAndName ResolutionFoundation NetworkServicesDesktop and ServerManagementCompliance, Risk Mgmt,Monitoring, WAN QoS,ReportingData Protection,Backup and RecoverySource: RedZone Technologies
  42. 42. RZ Assessment• RedZone will assess your risk• Examine a number of factors• Score you based on those factors (RZ Scoreboard)• Better to be proactive and assess now to find potentialweaknesses than to be reactive after you’ve alreadybeen hackedLive Tweet from the event!@TheRedZoneCIO
  43. 43. Security ScoreboardLive Tweet from the event!@TheRedZoneCIOSource: RedZone Technologies
  44. 44. Summary• Review zero-day protection options? Check yourcurrent vendors or vendors on following page• What are your BotNet IP options? Check your currentvendors or vendors on following page• How to enable Global IP Filter protection? Check yourcurrent vendors or vendors on following page• How do I alert fraud communication in advance?• What are some vendor product options for advancedcontent security?Live Tweet from the event!@TheRedZoneCIO
  45. 45. Q&ALive Tweet from the event!@TheRedZoneCIO

×