Kazdy z nas w dobie obecnego Internetu i Pokemon Go ma swoja stronę internetowa, forum czy tez prowadzi sklep e-commerce. Z punktu widzenia klienta, rozwiązanie jest proste. Loguje się na swoje konto, uruchamia instalator CMS i zaczyna prowadzić swoje usługi bądź
tez dostarczać treści. Będzie to pierwsze case study skutecznej obrony przed potężnymi atakami
wolumetrycznymi mające na celu wyłącznie usług HTTP bądź HTTPS za pomocą wysyłania dużej ilości pakietów SYN na serwer który hostuje zainfekowana stronę www. Celem prezentacji jest pokazanie mechanizmu obrony przed szeroko znanego problemu jakim jestDDoS, metody mitygacji, blackholing oraz przykładowe scenariusze w raz z konfiguracja w oparciu o dystrybucje CentOS oraz modułu HAProxy.
BSidesLondon 20Th April 2011 - Arron "finux" Finnon
---------------------------------------------------------------------
The presentations aim is to talk about how simple it is to deploy DNS Tunnelling infrastructure at little or no cost. Also shows how to establish a ssh connection from target to attacker, and act as a taster for peoples further research.
----- for more about @F1nux go to www.finux.co.uk
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)Igalia
By Andy Wingo.
Refreshing your Twitter feed is such a drag over 3G, taking forever to connect and fetch those precious kilobytes. The reasons for this go deep into the architecture of the internet: making an HTTPS connection simply has terrible latency.
So let’s fix the internet! MinimaLT is an exciting new network protocol that connects faster than TCP, is more secure than TLS (crypto by DJ Bernstein), and allows mobile devices to keep connections open as they change IP addresses. This talk presents the MinimaLT protocol and a Node library that allows JS hackers to experimentally build a new Internet.
Ведущий: Пол Викси
Система доменных имен (DNS) предлагает отличный вид на локальную и глобальную сети, что дает возможность исследовать действия киберпреступников и методы атак. В докладе будет показано, как обезопасить DNS и использовать ее для защиты других подключенных объектов. Докладчик подробно расскажет о подмене кэша DNS, расширениях защиты для протокола DNS (DNSSEC), DDoS-атаках, ограничении скорости передачи, межсетевом экране DNS и пассивном DNS-мониторинге.
Introduzione ai network penetration test secondo osstmmSimone Onofri
"Competent Analysts will require adequate networking knowledge,
diligent security testing skills, and critical thinking skills to
assure factual data collection creates factual results through
correlation and analysis." - OSSTMM v3
Il Network Penetration Test (NPT) ha lo scopo verificare la sicurezza
dei sistemi esposti sulla rete. Viene valutata la presenza di
controlli - e la loro corretta implementazione - che annullano o
limitano le minacce esistenti verso i beni dell'organizzazione.
L'attività valuta uno scenario specifico che varia secondo il
bersaglio, la posizione degli attaccanti e le informazioni in possesso
al personale coinvolto.
Un Penetration Test si esegue tramite varie attivtà spesso molto
delicate e importanti e, come ben specificato nell'Open Source
Security Testing Methodology Manual (OSSTMM), gli analisti non solo
devono avere delle competenze adeguate della rete e dei suoi
protocolli ma anche applicare un ragionamento critico per raccogliere
e correlare le informazioni in maniera corretta così da ottenere
risultati oggettivi.
Durante il seminario verrà introdotta la metodologia OSSTMM, con
particolare attenzione alle reti TCP/IP (Data Networks) e alle
operazioni tipiche per la ricerca degli host sulla rete e
l'identificazione dei servizi interattivi.
BSidesLondon 20Th April 2011 - Arron "finux" Finnon
---------------------------------------------------------------------
The presentations aim is to talk about how simple it is to deploy DNS Tunnelling infrastructure at little or no cost. Also shows how to establish a ssh connection from target to attacker, and act as a taster for peoples further research.
----- for more about @F1nux go to www.finux.co.uk
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)Igalia
By Andy Wingo.
Refreshing your Twitter feed is such a drag over 3G, taking forever to connect and fetch those precious kilobytes. The reasons for this go deep into the architecture of the internet: making an HTTPS connection simply has terrible latency.
So let’s fix the internet! MinimaLT is an exciting new network protocol that connects faster than TCP, is more secure than TLS (crypto by DJ Bernstein), and allows mobile devices to keep connections open as they change IP addresses. This talk presents the MinimaLT protocol and a Node library that allows JS hackers to experimentally build a new Internet.
Ведущий: Пол Викси
Система доменных имен (DNS) предлагает отличный вид на локальную и глобальную сети, что дает возможность исследовать действия киберпреступников и методы атак. В докладе будет показано, как обезопасить DNS и использовать ее для защиты других подключенных объектов. Докладчик подробно расскажет о подмене кэша DNS, расширениях защиты для протокола DNS (DNSSEC), DDoS-атаках, ограничении скорости передачи, межсетевом экране DNS и пассивном DNS-мониторинге.
Introduzione ai network penetration test secondo osstmmSimone Onofri
"Competent Analysts will require adequate networking knowledge,
diligent security testing skills, and critical thinking skills to
assure factual data collection creates factual results through
correlation and analysis." - OSSTMM v3
Il Network Penetration Test (NPT) ha lo scopo verificare la sicurezza
dei sistemi esposti sulla rete. Viene valutata la presenza di
controlli - e la loro corretta implementazione - che annullano o
limitano le minacce esistenti verso i beni dell'organizzazione.
L'attività valuta uno scenario specifico che varia secondo il
bersaglio, la posizione degli attaccanti e le informazioni in possesso
al personale coinvolto.
Un Penetration Test si esegue tramite varie attivtà spesso molto
delicate e importanti e, come ben specificato nell'Open Source
Security Testing Methodology Manual (OSSTMM), gli analisti non solo
devono avere delle competenze adeguate della rete e dei suoi
protocolli ma anche applicare un ragionamento critico per raccogliere
e correlare le informazioni in maniera corretta così da ottenere
risultati oggettivi.
Durante il seminario verrà introdotta la metodologia OSSTMM, con
particolare attenzione alle reti TCP/IP (Data Networks) e alle
operazioni tipiche per la ricerca degli host sulla rete e
l'identificazione dei servizi interattivi.
Compression Oracle Attacks on VPN NetworksPriyanka Aash
Security researchers have done a good amount of practical attacks in the past using chosen plain-text attacks on compressed traffic to steal sensitive data. In spite of how popular CRIME and BREACH were, little was talked about how this class of attacks was relevant to VPN networks. Compression oracle attacks are not limited to just TLS protected data. In this talk, we try these attacks on browser requests and responses which usually tunnel their HTTP traffic through VPNs. We also show a case study with a well-known VPN server and their plethora of clients. We then go into practical defenses and how mitigations in HTTP/2's HPACK and other mitigation techniques are the way forward rather than claiming 'Thou shall not compress traffic at all.' One of the things that we would like to showcase is how impedance mismatches in these different layers of technologies affect security and how they don't play well together.
The presentation covers information about basic and advanced ddos attacks; the tools, techniques and methods to perform them and how to prevent them using the methods present in TCP/IP. Given the different network and application protocols for tcp/ip; we tried to describe where ddos attacks are made possible in the communication process . Each attack is seperately analyzed and described and defense technique is described using the same analogy. Our motto: If there is a ddos case, there was a way to defend it.
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
Overview of DNSSEC protocol.
DNS is a pivotal infrastructure in TCP/IP based networks. An outage of the DNS system would bring entire networks to a grinding halt.
When DNS was devised in the early days of the Internet, security had no importance. Therefore, DNS is entirely unsecured which means it offers countless attack vectors to hack and crack a network.
Common attacks are DNS cache poisoning, i.e. adding false entries in DNS databases thus diverting the unsuspecting user to a malicious server and man in the middle attacks.
To secure DNS, an extension was defined in the form of DNSSEC. It uses state-of-the-art security algorithms to authenticate and digitally sign requests and responses so that a DNS resolver is able to verify legitimate DNS responses.
The adoption rate of DNSSEC is still slow, but is gradually picking up speed.
Praktické postupy ochrany před DDoS útoky - Přednáška se bude zabývat postupy jak se chránit před DoS/DDoS útoky a to od nejnižší po nejvyšší vrstvu, od malých webů po korporátní sítě.
www.security-session.cz
Presented in OWASP AppSecIL 2017:
https://www.youtube.com/watch?v=nUZLvq2TmcU
https://owaspappsecisrael2017.sched.com/event/CSDM/bleeding-secrets
We do our best to protect the servers' information using security controls like TLS communication, Firewall and advanced security cloud services, but then they bleed secrets (arbitrary pieces of memory are leaked to a potential attacker).
This talk observes three security vulnerabilities found within three security solutions - 2 protocols' implementation issues and one parser issue, that can be the cause for data breaches.
PLNOG 17 - Piotr Gruszczyński - Mobile Fronthaul - ewolucja (a może i rewoluc...PROIDEA
Fronthaul jest rozwijającą się koncepcją, która spowoduje drastyczne wzrost zapotrzebowania na pasmo transmisyjne w sieciach mobilnych, skalą znacznie przewyższajacą to co znamy z wymagań dla Mobile Backhaul. Założenia dla LTE Advanced oraz 5G oraz wirtualizacja kolejnych funkcji już skutkują intensywnymi pracami jak dostarczyć odpowiednie przpustowość do stacji bazowych sieci mobilnych - tych których jeszcze nie ma na rynku.
Compression Oracle Attacks on VPN NetworksPriyanka Aash
Security researchers have done a good amount of practical attacks in the past using chosen plain-text attacks on compressed traffic to steal sensitive data. In spite of how popular CRIME and BREACH were, little was talked about how this class of attacks was relevant to VPN networks. Compression oracle attacks are not limited to just TLS protected data. In this talk, we try these attacks on browser requests and responses which usually tunnel their HTTP traffic through VPNs. We also show a case study with a well-known VPN server and their plethora of clients. We then go into practical defenses and how mitigations in HTTP/2's HPACK and other mitigation techniques are the way forward rather than claiming 'Thou shall not compress traffic at all.' One of the things that we would like to showcase is how impedance mismatches in these different layers of technologies affect security and how they don't play well together.
The presentation covers information about basic and advanced ddos attacks; the tools, techniques and methods to perform them and how to prevent them using the methods present in TCP/IP. Given the different network and application protocols for tcp/ip; we tried to describe where ddos attacks are made possible in the communication process . Each attack is seperately analyzed and described and defense technique is described using the same analogy. Our motto: If there is a ddos case, there was a way to defend it.
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
Overview of DNSSEC protocol.
DNS is a pivotal infrastructure in TCP/IP based networks. An outage of the DNS system would bring entire networks to a grinding halt.
When DNS was devised in the early days of the Internet, security had no importance. Therefore, DNS is entirely unsecured which means it offers countless attack vectors to hack and crack a network.
Common attacks are DNS cache poisoning, i.e. adding false entries in DNS databases thus diverting the unsuspecting user to a malicious server and man in the middle attacks.
To secure DNS, an extension was defined in the form of DNSSEC. It uses state-of-the-art security algorithms to authenticate and digitally sign requests and responses so that a DNS resolver is able to verify legitimate DNS responses.
The adoption rate of DNSSEC is still slow, but is gradually picking up speed.
Praktické postupy ochrany před DDoS útoky - Přednáška se bude zabývat postupy jak se chránit před DoS/DDoS útoky a to od nejnižší po nejvyšší vrstvu, od malých webů po korporátní sítě.
www.security-session.cz
Presented in OWASP AppSecIL 2017:
https://www.youtube.com/watch?v=nUZLvq2TmcU
https://owaspappsecisrael2017.sched.com/event/CSDM/bleeding-secrets
We do our best to protect the servers' information using security controls like TLS communication, Firewall and advanced security cloud services, but then they bleed secrets (arbitrary pieces of memory are leaked to a potential attacker).
This talk observes three security vulnerabilities found within three security solutions - 2 protocols' implementation issues and one parser issue, that can be the cause for data breaches.
PLNOG 17 - Piotr Gruszczyński - Mobile Fronthaul - ewolucja (a może i rewoluc...PROIDEA
Fronthaul jest rozwijającą się koncepcją, która spowoduje drastyczne wzrost zapotrzebowania na pasmo transmisyjne w sieciach mobilnych, skalą znacznie przewyższajacą to co znamy z wymagań dla Mobile Backhaul. Założenia dla LTE Advanced oraz 5G oraz wirtualizacja kolejnych funkcji już skutkują intensywnymi pracami jak dostarczyć odpowiednie przpustowość do stacji bazowych sieci mobilnych - tych których jeszcze nie ma na rynku.
PLNOG 17 - Tomás Strašák - Latencja jest decydentemPROIDEA
Jak latencja wpływa na nasze decyzje przy budowie naszych połączeń. Czy latencja jest narzędziem do poprawy naszej konkurencyjności? Jakie są trendy na rynku jeśli chodzi o latencja?
PLNOG 17 - Dominik Bocheński, Łukasz Walicki - Zapomnij o VPS - nadeszła era ...PROIDEA
Wykład z elementami pokazu na żywo, którego celem jest pokazanie zalet jakie oferuje idea w pełni zwirtualizowanego centrum danych, umożliwiającego użytkownikowi decydowanie o ilości maszyn, które chce utworzyć w swoim środowisku oraz dowolną i samodzielną dystrybucję zasobów pomiędzy nimi. Elastyczność konfiguracji, łatwość zarządzania oraz przede wszystkim oszczędność czasu!
PLNOG 17 - Michał Rosiak - Świadomy Klient to bezpieczna firmaPROIDEA
W dzisiejszych czasach zapobieganie nie jest sexy. Zbyt często wolimy leczyć zamiast zapobiegać, usuwać efekty zamiast skutków. Poczucie oszczędności jest bardzo mylące - jednorazowo może wydamy mniej, ale na dłuższą metę pozbycie się skutków będzie znacznie bardziej kosztowne, niż przyjrzenie się temu, co je powoduje! Tymczasem przynajmniej 8 na 10 zwykłych internautów nie wie czym jest phishing, nie obchodzi ich co to jest ransomware, a na dźwięk informatycznego slangu dostają drgawek. Oni chcą korzystać z sieci, im się bardzo często spieszy, oni wciąż nie rozumieją - bądź nie chcą do siebie dopuścić - że zagrożenia w internecie są jak najbardziej realne! Jeśli wyjdziemy z "eksperckiej bańki" i dotrzemy do naszych klientów, pomożemy im, opowiemy w sposób prosty, zwięzły, zrozumiały, ich językiem, co im grozi w sieci, to relatywnie niskim kosztem wychowamy sobie ambasadorów bezpieczeństwa, a w efekcie zmniejszymy ryzyko tego, że w naszej sieci stanie się coś naprawdę złego.
PLNOG 17 - Emil Gągała - DMZ po nowemu - krok po kroku - jak uruchomić SDN w ...PROIDEA
Nie zawsze mamy komfort wdrożenia nowego rozwiązania od podstaw w całkowicie izolowanym środowisku. Jak zatem bezboleśnie zaimplementować SDN w działającej sieci? Jak zapewnić ciągłość działania aplikacji w trakcie migracji, szczególnie w tak krytycznym obszarze jak DMZ? W trakcie sesji przedstawię krok po kroku możliwe scenariusze wdrożenia.
PLNOG 17 - Grzegorz Kornacki - F5 and OpenStackPROIDEA
F5 is a top Security and Application Delivery Controller vendor. OpenStack is a free and open-source software platform for cloud computing, mostly deployed as an infrastructure-as-a-service (IaaS).
This seemingly unrelated disciplines have a lot of in common. This session will explain what F5 can do for OpenStack, and what OpenStack can do for F5. We will touch upon: F5 platform virtualization, deployment automation, LBaaS and OpenStack security.
PLNOG 17 - Bartosz Musznicki - Mobilne i domowe hotspoty Wi-Fi w INEAPROIDEA
Od 2012 roku INEA rozwija i rozszerza w Wielkopolsce swoją sieć hotspotów Wi-Fi. 330 mobilnych punktów dostępowych działa w autobusach i tramwajach, a ponad 40 tysięcy hotspotów w domach klientów INEA, zapewniając im bezprzewodowy dostęp do internetu przez tzw. społecznościowe Wi-Fi (community Wi-Fi). W prezentacji przedstawione zostaną założenia, koncepcja i sposób realizacji, a towarzyszyć im będą wyniki testów, badań i pomiarów (wykonanych przy użyciu ogólnodostępnych narzędzi) inspirowanych 4 latami doświadczenia.
PLNOG 17 - Shabbir Ahmad - Dell Open Networking i Big Monitoring Fabric: unik...PROIDEA
Unikalne rozwiązanie do efektywnego monitoring ruchu w sieci ! Każdy Kliency posiadający sieć zmaga się z wyzwaniami jakie niosą ze sobą próba efektywnego monitoring ruchu. W trakcie sesji zostanie zaprezentowane w praktyce (demo) niezwykle skalowane, łatwe w implementacji i obsłudze oraz bardzo efektywne kosztow rozwiązanie do monitoringu ruchu w sieci oparte o przełączniki Dell Open Networking oraz oprogramowanie sieciowe BigSwitch Big Monitoring Fabric. Jest to praktyczna implementacja sieci SDN (Software Defined Networking) !
PLNOG 17 - Robert Ślaski - Jak nie zostać bezrobotnym sieciowcem?PROIDEA
To co było w branży sieciowej aksjomatami ugruntowanymi przez lata a nawet dekady dość gwałtownie przestaje obowiązywać. Współczesne sieci zmieniają swój kształt, dostosowując się do wymagań współczesnego świata. Ty, jako pan i władca routerów musisz wreszcie uznać że świat powyżej warstwy czwartej już dawno zaczął żyć swoim życiem i odpływa w nieznanych Tobie kierunkach, a jeśli go nie dogonisz, zostaniesz bezrobotnym sieciowcem. W krótkiej prezentacji postaram się obalić kilka aksjomatów pokutujących jeszcze wśród sieciowców oraz przedstawić kilka technologii i rozwiązań, którymi warto się zainteresować aby za pięć lat nie zostać telemarketerem w call center.
PLNOG 17 - Sławomir Janukowicz - NFV – using Juniper vMX, vSRX and NFXPROIDEA
Zaprezentowany zostanie obecny status rozwiązań NFV. Ich historyczne znaczenie w przeszłości, zmiany na rynku, które doprowadziły do ponownego odkrycia tej technologii. Pokazane zostana możliwe scieżki rozwoju rozwiązań NFV i co w chwili obecnej stanowi blokadę do szerszego wdrożenia tych technologii. Zaprezentowane zostaną przykłady implementacji technolgoii NFV z wykorzystaniem rozwiązań Juniper vSRX vMX oraz produktów z rodziny NFX
PLNOG 17 - Łukasz Dorosz - Architektura Hybrydowa, jak połączyć własne data c...PROIDEA
Architektura hybrydowa, to najczęściej przyjmowany model w dużych firmach. Bez względu na charakter rozwiązania opartego o chmurę publiczną oraz własne data center, bardzo ważną kwestią pozostaje spięcie ze sobą tych dwóch środowisk. Podczas mojej prezentacji pokaże Wam różne modele architektury hybrydowej. Na przykładzie AWS, przyjrzymy się dokładniej jak wygląda konfiguracja oraz czym charakteryzują się usługi VPN i Direct Connect.
PLNOG 17 - Rafał Wiosna - Euro 2016 -- case study (prawdopodobnie) największy...PROIDEA
Podczas prezentacji opowiem o tym, jak Telewizja Polska SA przygotowywała się do przeprowadzenia transmisji internetowej z 11 meczów Euro 2016, jakie porażki i sukcesy zostały odniesione oraz przybliżę technologię wykorzystywaną do masowych transmisji internetowych dla setek tysięcy widzów. Postawię też odważną tezę, że TVP, pod względem dystrybucji sygnału wideo w internecie, biorąc pod uwagę liczbę na terytorium RP, jest "większe" niż Akamai -- i postaram się to udowodnić z wykorzystaniem przeźroczy, plansz i materiałów źródłowych.
W trakcie sesji przedstawione zostaną różne sposoby budowania rozproszonych punktów wymiany ruchu internetowego. Zaprezentowane zostanie również jak w praktyce wykorzystano protokół TRILL w Slovak Internet Exchange.
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPROIDEA
Celem prezentacji jest przedstawienie sposobu tworzenia i zarządzania infrastrukturą sieciową w chmurze (AWS). Podczas prezentacji użytkownicy dowiedzą się z jakich komponentów składa się infrastruktura w chmurze, zapoznają się z tematyką VPC (Virtual Private Cloud), Security Group, Direct Connect, Avaibility Zone, Route53, Regions. Dodatkowo dowiedzą się jak należy projektować systemy aby były określane jako HA oraz w jaki sposób można tworzyć rozwiązania hybrydowe i połączyć chmurę z istniejącą infrastrukturą on-premise. Dodatkowo słuchacze zapoznają się ze sposobem zarządzania infrastrukturą sieciową jak kodem (tzw. IaC - Infrastructure as Code) – co pozwala w szybki sposób tworzyć i zarządzać całością infrastruktury sieciowej w chmurze.
PLNOG 17 - Sebastian Mikołajczyk - Wymiana silnika w aucie sportowym podczas ...PROIDEA
Na spotkaniu chcę powiedzieć o przygotowanej i wykonanej migracji trójwarstwowej sieci (DWDM, L2, IP/MPLS) zbudowanej początkowo na dedykowanym sprzęcie DWDM, przełącznikach i routerach dla każdej z warstw. Do postaci docelowego rozwiązania z wielousługowym sprzętem DWDM (z warstwą L2/MPLS) na dostępie oraz DWDM/L2/IP/MPLS w core, przy jednoczesnym znacznym uproszczeniu warstwy agregacji. Takie rozwiązanie daje spłaszczenie sieci, zmniejszenie ilości urządzeń w niej, możliwości realizacji nowych usług L1, uproszczeniu zarządzania usługami i siecią. Wszystko to obniża koszy inwestycyjne oraz operacyjne. Rozwiązania takie od kilku lat z powodzeniem stosują powszechnie w swojej sieci np. UPC czy Exatel.
Cloudflare lower network latency = faster website loadsVu Long Tran
Network latency is influenced by a variety of different factors. Here's a brief overview of what affects network latency and how you can make the internet experiences for your visitors: faster, more reliable, more secure Internet for everyone.
eb Performance Singapore
Presented at the SingaporeJS meetup in conjunction with the Engineers.sg team, aimed at web app performance, scalability, networking, infrastructure, and more.
https://www.meetup.com/Singapore-JS/events/249730512/
Testing firewalls can be an exact science. Learn how Fortinet tests their firewalls using BreakingPoint. This presentation details how to test firewalls with real-world application traffic, load, and live security attacks. This presentation was given by Fortinet in the BreakingPoint booth at Interop 2011 and included their announcement of the FortiGate 3950B's Resiliency Score of 95, the highest ever published.
As presented at Hackfest 2015 Quebec City, November 7th 2015.
This session will focus on real world deployments of DDoS mitigation strategies in every layer of the network. It will give an overview of methods to prevent these attacks and best practices on how to provide protection in complex cloud platforms. The session will also outline what we have found in our experience managing and running thousands of Linux and Unix managed service platforms and what specifically can be done to offer protection at every layer. The session will offer insight and examples from both a business and technical perspective.
As presented at LinuxCon/CloudOpen 2015 Seattle Washington, August 19th 2015. Sagi Brody & Logan Best
This session will focus on real world deployments of DDoS mitigation strategies in every layer of the network. It will give an overview of methods to prevent these attacks and best practices on how to provide protection in complex cloud platforms. The session will also outline what we have found in our experience managing and running thousands of Linux and Unix managed service platforms and what specifically can be done to offer protection at every layer. The session will offer insight and examples from both a business and technical perspective.
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Fwdays
Keeping good performance with increased amounts of traffic requires intelligent load balancing, transport affinity, and DDoS protection. In this talk, Helen will give an overview of how to design your network flow to process network packets in the most efficient way. You will learn about different techniques of L4 load balancing, BPF and XDP, software and hardware offload, and what future a new protocol QUIC will bring.
Проксирование HTTP-запросов web-акселератором / Александр Крижановский (Tempe...Ontico
РИТ++ 2017, HighLoad Junior
Зал Сингапур, 6 июня, 11:00
Тезисы:
http://junior.highload.ru/2017/abstracts/2545.html
Вы поставили HTTP-акселератор перед вашим web-сервером для ускорения отдачи контента, но запросы пользователей по-прежнему отдаются с большой задержкой, а ресурсы сервера кажутся незагруженными. А, может, после того, как поставили
web-акселератор, web-приложение сломалось, да еще и так, что проблема воспроизводится редко, хуже того, о ней могут знать ваши пользователи, но не вы.
...
Realtime Detection of DDOS attacks using Apache Spark and MLLibRyan Bosshart
In this talk we will show how Hadoop Ecosystem tools like Apache Kafka, Spark, and MLLib can be used in various real-time architectures and how they can be used to perform real-time detection of a DDOS attack. We will explain some of the challenges in building real-time architectures, followed by walking through the DDOS detection example and a live demo. This talk is appropriate for anyone interested in Security, IoT, Apache Kafka, Spark, or Hadoop.
Presenter Ryan Bosshart is a Systems Engineer at Cloudera and is the first 3 time presenter at BigDataMadison!
Presentation by Charl van der Walt at INFO SEC Africa 2001.
The presentation begins with a case study of a DoS attack launched on a number of high profile sites by the canadian teen "Mafiaboy". An explanation of DoS and DDoS given. The impact of DDoS in South Africa is also discussed. The presentation ends with a series of discussions on DDoS countermeasures.
How To Use Kafka and Druid to Tame Your Router Data (Rachel Pedreschi and Eri...confluent
Do you know who is knocking on your network’s door? Have new regulations left you scratching your head on how to a handle what is happening in your network? Network flow data helps answer many questions across a multitude of use cases including network security, performance, capacity planning, routing, operational troubleshooting and more. Today’s modern day streaming data pipelines need to include tools that can scale to meet the demands of these service providers while continuing to provide responsive answers to difficult questions. In addition to stream processing, data needs to be stored in a redundant, operationally focused database to provide fast, reliable answers to critical questions. Together, Kafka and Druid work together to create such a pipeline.
In this talk Eric Graham and Rachel Pedreschi will discuss these pipelines and cover the following topics: Network flow use cases and why this data is important. Reference architectures from production systems at a major international Bank. Why Kafka and Druid and other OSS tools for Network flows. A demo of one such system.
How To Use Kafka and Druid to Tame Your Router Data (Rachel Pedreschi, Imply ...confluent
Do you know who is knocking on your network’s door? Have new regulations left you scratching your head on how to handle what is happening in your network? Network flow data helps answer many questions across a multitude of use cases including network security, performance, capacity planning, routing, operational troubleshooting and more. Today’s modern day streaming data pipelines need to include tools that can scale to meet the demands of these service providers while continuing to provide responsive answers to difficult questions. In addition to stream processing, data needs to be stored in a redundant, operationally focused database to provide fast, reliable answers to critical questions. Together, Kafka and Druid work together to create such a pipeline.
In this talk Eric Graham and Rachel Pedreschi will discuss these pipelines and cover the following topics:
-Network flow use cases and why this data is important.
-Reference architectures from production systems at a major international Bank.
-Why Kafka and Druid and other OSS tools for Network Flows.
-A demo of one such system.
Using a set of Network Critical Success Factors (NCSFs) - things network operators need to get right to run a good network - I then use them to evaluate IPv4 Network Address Translation.
I then look at the fundamental nature of IPv6 (and IPv4), and how it can better suite the two different application communications architectures - client-server and peer-to-peer.
Finally, I describe how some of the perceived benefits of NAT can be achieved with IPv6 without performing address translation.
This is an updated version of my AusNOG 2016 presentation on the same topic.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
PLNOG 17 - Patryk Wojtachnio - DDoS mitygacja oraz ochrona sieci w środowisku szeroko uwielbianego WordPress'a :)
1. DDOS MITYGACJA ORAZ OCHRONA
SIECI W ŚRODOWISKU SZEROKO
UWIELBIANEGO WORDPRESS'A :)
Patryk Wojtachnio
2.
3. ABOUT ME
Network Engineer at Fasthosts Internet Ltd (1&1 Group).
Previously Network & Security Engineer at PGE, MF, AtoS
IT Tech & Home Data Center blog owner (virtualolivia.com)
Bike Trial Rider & Car Movie Producer (rufzor.com)
Administrator of CCIE.PL board
4. ABOUT CCIE.PL
The biggest Cisco community in Europe
Over 8300 users
Strong staff
3 general admins
1 board admin
3 servers admins
3 moderators
Over 60 polish CCIEs as members
over 20 of them actively posting!
About 100 new topics per month
About 800 posts per month
English section available
5.
6. AGENDA
General overview
DDoS categories
Mitigation
DDoS as a Service
Why WordPress ?
How to defend?
UK vs Polish law
Web hosting – case study
Network topology
UDP mitigation
TCP mitigation – Scrubbing Center
7.
8. DDOS CATEGORIES
Volumetric
Flood-based attacks that can be at layer 3, 4, or 7
Asymmetric
Attacks designed to invoke timeouts or session-state changes
Computational
Attacks designed to consume CPU and memory
Vulnerability-based
Attacks that exploit software vulnerabilities
reference f5.com
9. MITIGATION
Volumetric
Cloud-Based Scrubbing Service, Web Application Firewall
Asymmetric
Web Application Firewall
Computational
Application Delivery Controller Network Firewall
Vulnerability-based
IP Reputation Database Intrusion Prevention/Detection Systems (IDS/IPS),
Application Delivery Controller
reference f5.com
18. THERE IS NO UNIVERSAL SOLUTIONS,
THE DEFENCE OF OUR OWN INFRASTRUCTURE
IS A WAY OF THINKING, BEING A GOOD STRATEGIST,
AWARE OF THE WEAKNESSES AND STRENGTHS
19. HOW WE WILL MEASURE THE IMPACT ON OUR
INFRASTRUCTURE, AND HOW DOES THAT RELATIONSHIP
WITH OUR CUSTOMERS?
21. I DO NOT NEED PROTECTION? WHY?
Customer side
Impact ?
Am I ready to loose my customers ?
Data corruption ?
Reputation – Haters gona hate ?
$$$
Hosting provider
More wider look at the issue - think global
Business impact
SLA / ETR ?
Political - Hacktivism
22. WHY NOC IS SO IMPORTANT ?
Incident management
Tools (Network Anomalies, Time changes)
24/7
Processes & Escalation
Standby Engineer always on call
First point of contact
23. WHY NOC IS SO IMPORTANT ? - TOOLS
Focus on real data
Cacti
Netstat
Tcpdump
Wireshark
FlowViewer / Flow Grapher
25. UK VS POLISH LAW
reference
http://www.legislation.gov.uk/ukpga/2006/48
http://www.legislation.gov.uk/ukpga/1990/18/section/3
http://isap.sejm.gov.pl/DetailsServlet?id=WDU19970880553
28. CASE STUDY – UDP MITIGATION – DNS
DNS Amplification
Small look-up query
Asymmetrical
Saturate network bandwidth capacity
DNS Flood
Saturate hardware side (Memory, RAM, CPU etc…
Symmetrical
Generated by script on compromised botnet machines
37. SYN FLOOD
How it works ?
Think3-way handshake
Host has a number of incoming free slots
When slots are full no more connections are
accepted
46. CASE STUDY – HAPROXY SAMPLE CONFIGURATION - SLOWRIS
/etc/haproxy/haproxy.cfg
defaults
option http-server-close
mode http
timeout http-request 5s
timeout connect 5s
timeout server 10s
timeout client 30s
Will send slowly requests (header by header)
Will be waiting long time between each of them
It tells HAproxy to let five seconds to a clients
to send its whole HTTP Request
Otherwise HAproxy will close connection
47. CASE STUDY – HAPROXY CONFIGURATION - ACL
# acl host_ccie(host) -i ccie.pl
www.ccie.pl
# acl allowed hdr(host) -i www.ccie.pl
www.ccie.pl
acl wplogin path_beg /wp-login.php
acl xmlrpc_path path_end /xmlrpc.php
# acl wplogin_rewrite path_beg /wp-log-me-in
# http-request set-path /wp-login.php if wplogin_rewrite
# http-request deny if host_singeply
http-request deny if xmlrpc_path
# http-request deny if !allowed
50. THIS IS NOT ALL…
DNS Amplification
DNS Flood
HTTP Flood
IP Fragmentation Attack
NTP Amplification
Ping of Death
Ping Flood
R-U-Dead-Yet
Slowloris
Smurf Attack
SNMP Reflection
SYN Flood
UDP Flood
https://pl.wikipedia.org/wiki/Nycticebus
Nycticebus – rodzaj małpiatek z rodziny lorisowatych,
obejmujący gatunki występujące w południowej Azji.
51. CASE STUDY – BLACKHOLING
IP ACCESS-LIST EXTENDED OUTSIDE-ACL
1 DENY TCP HOST X.X.X.X EQ 80 ANY