5 Ways To Fight A DDoS Attack

Credit Union - DDoS
(Distributed Denial of Service) Attacks?
Virtual Education Session
May 2nd | 4 – 4:45pm
Moderator:KristineWilson
Presenters:BillMurphyandJamesCrifasi
Live Tweet from the event!
@TheRedZoneCIO

Schedule of Events
Learn5PracticalThingsACreditUnionCanDoToPreventAnAttack
4:00p – 4:30p Presentation (If Lucky)
4:30p – 4:45p Q&A
@TheRedZoneCIO

President and Founder
• RedZone Technologies
• ThunderDG
• MA DR Solutions
• Beyond Limits Magazine
Keep In Touch With Bill:
@TheRedZoneCIO
CIO Executive Series Group
billm@redzonetech.net
About Bill Murphy
@TheRedZoneCIO

About James Crifasi
@TheRedZoneCIO
• CTO of RedZone Technologies
• Co-Founder ThunderDG
• Co-Founder MA DR
• University of Maryland Graduate | B.A. Criminology &
Criminal Justice | B.S. Computer Science – Algorithmic
Theory & AI | M.S. Interdisciplinary Management
• Keep In Touch With James: jcrifasi@redzonetech.net

Assessment: IT Architecture and Design
Integration: Security| Disaster Recovery|
Infrastructure
Managed Service Programs
Cloud Brokerage
@TheRedZoneCIO

Agenda – Types of attacks To Be Reviewed
1. Pure network attack against the credit union
2. Pure network attack against the ISP router
3. Content DDoS
4. DNS DDoS
5. Random Botnet attack
@TheRedZoneCIO

Agenda – Questions To Be Answered
• What does it mean?
• What are your zero-day protection options?
• What to check on your security products?
• How to enable global IP protection?
• How do I address potential fraud communication in
advance?
• What are some vendor solutions?
@TheRedZoneCIO

Set The Stage
@TheRedZoneCIO

Insidious Plots
.
@TheRedZoneCIO

.
@TheRedZoneCIO
Insidious Plots
Source: InformationWeek.com

.
@TheRedZoneCIO
Insidious Plots
Source: DarkReading.com

Insidious Plots
.
@TheRedZoneCIO
Source: RSA

What Do They Want?
@TheRedZoneCIO
“Their tactics have been succeeding. They will be back for
more because they are getting what they want.”
- Avivah Litan, a Gartner analyst who tracks DDoS.
CU Times
1. Primary objective appears to be to create uncertainties
about the reliability and dependability of the United
States’ financial system and knock many big banks off line
– mission accomplished.
2. Headlines

What Do They Want?
.
@TheRedZoneCIO
Source: RSA

What Does It Mean?
• Being down
• Unable to update members on situation
• Greater risk of attacks on members (Phishing)
@TheRedZoneCIO
Source: Tosh.ComedyCentral.com

Our Philosophy – Be Proactive
.
@TheRedZoneCIOSource: Google Images

Whack-A-Mole? Reactive!
@TheRedZoneCIO
Source: Google Images

Security When Under The Gun
.
@TheRedZoneCIOSource: Google Images

Our Approach When Time Is Of the Essence
.
@TheRedZoneCIO
• Review critical network components
• Communication with members
• Let board know there are no guarantees

How Can a Credit Union prepare and respond
during an attack?
An attack can be from hours to days…
Three Phases Are Needed
1. Pre-Attack Phase –
• Readying for an attack
• Securing mitigation solutions, deploying appropriate security
systems, etc.
2. During the Attack Phase
• Assemble the required manpower and expertise
• Considering that you may only experience a few attacks per year
3. Post-Attack Phase
• Conducting forensics, drawing conclusions and improving for the next
attack
• Search for additional competencies externally - from security experts,
vertical alliances, or government services.
• On-demand service Live Tweet from the event!
@TheRedZoneCIO

Our Approach When Not Under Gun
Logic | Assessment | Portfolio Investment
@TheRedZoneCIO
• Review Security Portfolio
• Develop 24 month investment roadmap
• Identify Gaps
• Remediate Gaps
• Let Board know there are no guarantees
**Don’t make it easy for them (attackers)

Security Scoreboard
@TheRedZoneCIO
Source: RedZone Technologies

Client Integrity
Intelligent Perimeters
Identity Access
Control
Enterprise Single
Sign On
Provisioning/
Deprovisioning
Authentication
Authorization & Roles
Directory - Foundation
Multi-year Security, Identity and Privacy Strategy
(SIP)
Compliance
Requirements
PC firewalls
USB Mgmt
Laptop Mgmt
Email Encryption
Firewalls
UTM devices
IDP/IDS
SPAM Filters
VPNs
SSL/VPN
Web Mail
Two factor
Authentication
Biometrics
Key fob (two factor)
Secure Password
Management and
Building access Mgmt
through anAppliance or
Application rewriting
Single Directory with
process and system ‘tie-
ins’
Federation
Strategic Creation of
Roles based on job
function, not
individualized on a per
user basis.
Microsoft AD, Novell,
Open LDAP, etc
M
O
N
I
T
O
R
L
O
G
G
N
G
R
E
P
O
R
T
I
N
G
@TheRedZoneCIOSource: RedZone Technologies

PURE POWER IS BIG ENABLER
@TheRedZoneCIO
• Attacks reach 40+ gigabits/second
• Attacker only needs 2,000+ servers
• Targets have to invest substantial resources to defend
• Reflective DNS attacks still major “weapon”
• Tactics have adapted to counter measures
• Attacks are more intelligent and deadly
Source: RSA

Pure Network Attack Against the Credit Union
@TheRedZoneCIO
THE CU
Server (Any)
Source: RSA

Pure Network Attack Against the ISP Router
@TheRedZoneCIO
The droidguy.com
ISP Router
CU Security Gear
Source: RSA

Content DDoS
@TheRedZoneCIO
Normal: ask for one file and wait for answer
DDoS: ask for hundreds of files and ignore answer
EXAMPLE 1
EXAMPLE 2
Source: RSA

Content DDoS
@TheRedZoneCIO
One example of content DDoS is using the servers SSL certificate against it.
Source: Radware

DNS DDoS (Amplification)
@TheRedZoneCIO
CU Members
Source: RSA

@TheRedZoneCIO
Random Botnet
Credit Union
Source: RSA

What To Check
• Firewall – Basic DDoS Network Protection
• Load Balancers – Network DDoS Protection
• ISP Router – does it answer to the internet? (do you let
people ping?)
• Where is your DNS hosted? i.e. On a single server, with
the ISP, self hosted behind security (best), secure
cloud hosted (best)
• IDS/IPS and Security Services at the edge of your
network
@TheRedZoneCIO

What To Check
@TheRedZoneCIOUlrich RSA
Defense
• Block DNS responses from
servers that don’t need to
see them
• Only answer queries for
which server is authoritative
• Limit access to recursive
name servers to internal
users
Offense
• Attacker uses queries for
which server is authoritative
• Attacker compromises
servers with substantial
bandwidth
• Use of “ANY” queries
• Use of EDN0

Vendor Options
@TheRedZoneCIO

@TheRedZoneCIO
Source: Blue Coat

@TheRedZoneCIO
Source: RSA

@TheRedZoneCIO
The Dell SonicWALL Threats Research Team
discovered a new Trojan spreading through
drive-by downloads from malicious links.
The Neglemir Trojan was found reporting to a
Botnet infrastructure and performing DDOS
(Distributed Denial of Service) attacks on
selected targets in China.
During our analysis, we found it targeting
various servers belonging to China Telecom as
well as websites selling tools for The Legend of
Mir, an online multiplayer roleplaying game.
• Web Application Firewalling – Content DDoS
• NSA UTM protection – Network DDoS
• Spam Filtering – Phishing Relevance
Source: Dell

@TheRedZoneCIO
A new malware threat for the Mac, called “Pintsized,” attempts to set up a
secure connection for a remote hacker to connect through and grab private
information.
This backdoor Trojan can be used to conduct distributed denial of service
(DDoS) attacks, or it can be used to install additional Trojans or other forms of
malicious software. The Trojan stays hidden by disguising itself as a file that is
used for networked printers in Mac OS X.
This tactic conceals the Trojan and makes a monitor think that a printer is
seeking access to the network, thus evading traditional signature-based
detection systems. http://alrt.co/15ekmXW
Takeaway: Distributed denial-of-service attacks (DDOS) can be minimized or
even completely mitigated by a properly planned Web security infrastructure
consisting of global DNS as well as Web application firewalls.
• Web Security Monitor
• Threat Manager
Source: AlertLogic

In Summary - Plan
@TheRedZoneCIO
Source: Google Images

Upcoming Events
@TheRedZoneCIO
BYOD | MDM | Mobile Policy Management | Compliance | Advanced Threats
(APTs) | Security Portfolio Investment Risk
In this symposium learning event, Credit Union IT Chiefs will learn to Go
Hunting for Malware & Crimeware. We will cover 15 major areas of an IT
Security and Infrastructure Best Practices program. Some highlights of the
learning and education will be:
• Centralized deployment of applications and data
• BYOD, MDM and Mobility
• Perform Compliance functions with ease.
• Increase Security effectiveness, management, and auditing on a tight
budget
• Advanced Threat Education on APTs
Wednesday, June 12th from 11:30am to 5:00pm
Eggspectations in Columbia

@TheRedZoneCIO
Pyramid of Networking Success –
Assessment Foundation
BONES
IPAddressing, Routers, and Switches
MUSCLES
NOS Services (DHCP, WINS, and DNS)
BRAIN
The Windows Domain
Active Directory
Security Edge to Core
NOS
Networking
And
Name Resolution
Foundation Network
Services
Desktop and Server
Management
Compliance, Risk Mgmt,
Monitoring, WAN QoS,
Reporting
Data Protection,
Backup and Recovery
Source: RedZone Technologies

RZ Assessment
• RedZone will assess your risk
• Examine a number of factors
• Score you based on those factors (RZ Scoreboard)
• Better to be proactive and assess now to find potential
weaknesses than to be reactive after you’ve already
been hacked
@TheRedZoneCIO

Summary
• Review zero-day protection options? Check your
current vendors or vendors on following page
• What are your BotNet IP options? Check your current
vendors or vendors on following page
• How to enable Global IP Filter protection? Check your
current vendors or vendors on following page
• How do I alert fraud communication in advance?
• What are some vendor product options for advanced
content security?
@TheRedZoneCIO

Q&A
@TheRedZoneCIO

5 Ways To Fight A DDoS Attack

More Related Content

What's hot

Viewers also liked

Similar to 5 Ways To Fight A DDoS Attack

More from RedZone Technologies

Recently uploaded

5 Ways To Fight A DDoS Attack