The document discusses CloudFlare's ability to help customers survive distributed denial-of-service (DDoS) attacks. It provides details on major DDoS attacks against CloudFlare customers in 2013 and 2014 reaching up to 400 Gbps. It then describes how CloudFlare is able to mitigate these large-scale attacks through its global network of data centers and security mechanisms implemented at the network level.
Cloudflare protects and accelerates any web property online. We stop hackers from reaching your web property and knocking it offline. In addition, we help your site visitors access your content as fast as possible no matter their location. Join us as we discuss evolving DDoS attack types and trends to be aware about in 2018.
Free and open cloud security posture monitoringElasticsearch
As organizations migrate to the cloud, attackers have diversified to operate in cloud environments. Learn about the challenges faced by security teams in the cloud and why attacks against cloud environments often succeed. We’ll demonstrate how to ship event data from platforms like AWS, Okta, and Azure to the Elastic Stack, and how security teams can monitor attacker behavior using Elastic Security and Elastic’s free and open detection rules.
Understand AWS best practices for Distributed Denial of Service (DDoS) resiliency and how AWS Shield can assist you to protect your business. Uncover how this tool safeguards web applications running on AWS, and how always-on detection and automatic inline mitigations minimize application downtime and latency.
Cloudflare protects and accelerates any web property online. We stop hackers from reaching your web property and knocking it offline. In addition, we help your site visitors access your content as fast as possible no matter their location. Join us as we discuss evolving DDoS attack types and trends to be aware about in 2018.
Free and open cloud security posture monitoringElasticsearch
As organizations migrate to the cloud, attackers have diversified to operate in cloud environments. Learn about the challenges faced by security teams in the cloud and why attacks against cloud environments often succeed. We’ll demonstrate how to ship event data from platforms like AWS, Okta, and Azure to the Elastic Stack, and how security teams can monitor attacker behavior using Elastic Security and Elastic’s free and open detection rules.
Understand AWS best practices for Distributed Denial of Service (DDoS) resiliency and how AWS Shield can assist you to protect your business. Uncover how this tool safeguards web applications running on AWS, and how always-on detection and automatic inline mitigations minimize application downtime and latency.
IPS (Intrusion Prevention System) is definitely the next level of security technology with its capability to
provide security at all system levels from the operating system kernel to network data packets. It
provides policies and rules for network traffic along with an IDS for alerting system or network
administrators to suspicious traffic, but allows the administrator to provide the action upon being
alerted. Where IDS informs of a potential attack, an IPS makes attempts to stop it. Another huge leap
over IDS, is that IPS has the capability of being able to prevent known intrusion signatures, but also
some unknown attacks due to its database of generic attack behaviours. Thought of as a combination of
IDS and an application layer firewall for protection, IPS is generally considered to be the "next
generation" of IDS.
MySQL Database Architectures - InnoDB ReplicaSet & ClusterKenny Gryp
Following MySQL InnoDB Cluster as our first, fully integrated MySQL High Availability solution based on Group Replication, MySQL Shell 8.0.19 includes MySQL InnoDB ReplicaSet which delivers another complete solution, this time based on MySQL Replication.
The basic idea for InnoDB ReplicaSet is to do the same for classic MySQL Replication as InnoDB Cluster did for Group Replication. We take a strong technology that is very powerful but can be complex, and provide an easy-to-use AdminAPI for it in the MySQL Shell.
In just a few easy to use Shell commands, a MySQL Replication database architecture can be configured from scratch including:
Data provisioning using MySQL CLONE, Setting up replication,
Performing manual switchover/failover.
This presentation covers the Cross site scripting attacks and defences in web applications, this talk was delivered as part of OWASP Hyderabad Chapter meet. Comments and suggestions are welcome.
Hardening Microservices Security: Building a Layered Defense StrategyCloudflare
Microservices architecture is forcing developers to not only rethink how they design and develop applications, but also common security assumptions and practices.
With the decomposition of traditional applications, each microservice instance represents a unique network endpoint, creating a distributed attack surface that is no longer limited to a few isolated servers or IP addresses.
In this presention, we will review:
-How microservices differ from SOA or monolithic architectures
-Best practices for adopting and deploying secure microservices for production use
-Avoiding continuous delivery of new vulnerabilities
-Limiting attack vectors on a growing number of API endpoints
-Protecting Internet-facing services from resource exhaustion
This presentation discusses the various types of distributed denial of service attacks launched worldwide by botnets in 2014. From DNS to Layer7 attacks, this deck provides an expert analysis of botnet breakdowns by-the-numbers including where the majority of botnets came from regionally, what attack trends were most popular, and when these attacks occurred.
IPS (Intrusion Prevention System) is definitely the next level of security technology with its capability to
provide security at all system levels from the operating system kernel to network data packets. It
provides policies and rules for network traffic along with an IDS for alerting system or network
administrators to suspicious traffic, but allows the administrator to provide the action upon being
alerted. Where IDS informs of a potential attack, an IPS makes attempts to stop it. Another huge leap
over IDS, is that IPS has the capability of being able to prevent known intrusion signatures, but also
some unknown attacks due to its database of generic attack behaviours. Thought of as a combination of
IDS and an application layer firewall for protection, IPS is generally considered to be the "next
generation" of IDS.
MySQL Database Architectures - InnoDB ReplicaSet & ClusterKenny Gryp
Following MySQL InnoDB Cluster as our first, fully integrated MySQL High Availability solution based on Group Replication, MySQL Shell 8.0.19 includes MySQL InnoDB ReplicaSet which delivers another complete solution, this time based on MySQL Replication.
The basic idea for InnoDB ReplicaSet is to do the same for classic MySQL Replication as InnoDB Cluster did for Group Replication. We take a strong technology that is very powerful but can be complex, and provide an easy-to-use AdminAPI for it in the MySQL Shell.
In just a few easy to use Shell commands, a MySQL Replication database architecture can be configured from scratch including:
Data provisioning using MySQL CLONE, Setting up replication,
Performing manual switchover/failover.
This presentation covers the Cross site scripting attacks and defences in web applications, this talk was delivered as part of OWASP Hyderabad Chapter meet. Comments and suggestions are welcome.
Hardening Microservices Security: Building a Layered Defense StrategyCloudflare
Microservices architecture is forcing developers to not only rethink how they design and develop applications, but also common security assumptions and practices.
With the decomposition of traditional applications, each microservice instance represents a unique network endpoint, creating a distributed attack surface that is no longer limited to a few isolated servers or IP addresses.
In this presention, we will review:
-How microservices differ from SOA or monolithic architectures
-Best practices for adopting and deploying secure microservices for production use
-Avoiding continuous delivery of new vulnerabilities
-Limiting attack vectors on a growing number of API endpoints
-Protecting Internet-facing services from resource exhaustion
This presentation discusses the various types of distributed denial of service attacks launched worldwide by botnets in 2014. From DNS to Layer7 attacks, this deck provides an expert analysis of botnet breakdowns by-the-numbers including where the majority of botnets came from regionally, what attack trends were most popular, and when these attacks occurred.
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSCloudflare
CloudFlare is excited to announce the release of Virtual DNS. Virtual DNS protects and accelerates any organization’s DNS infrastructure through robust DDoS mitigation, lightning-fast DNS lookups, and caching at 31 locations around the globe.
Latest Trends in Web Application SecurityCloudflare
Hear the talk on YouTube: https://www.youtube.com/watch?v=lp4dQTSH130
Web Application Firewall security is evolving. Join John Graham-Cumming, CTO of CloudFlare, as he shares the latest trends and changes in Web Application Security. This talk will give details of the big trends in web application security seen in 2015, and how to defend against these threats and talk about the evolving web application security landscape.
How to Meet FFIEC Regulations and Protect Your Bank from Cyber AttacksCloudflare
Cyber-attacks on financial institutions of all sizes are on the rise, and community and regional banks face an overproportional cost burden to meet the comprehensive cybersecurity requirements set by the Federal Financial Institutions Examination Council (FFIEC).
View this presentation to learn how to keep banks safe and compliant in the face of continuously evolving cyber attacks. We'll cover:
-DDoS attacks bringing banks like yours offline
-FFIEC regulations posing burdens on community and regional banks
-Montecito Bank's story of cost-effectively achieving cybersecurity compliance
-Practical ways to mitigate DDoS attacks on your bank and meet FFIEC regulations
Overview of SSL: choose the option that's right for youCloudflare
Keeping communication between your visitors and your website secure and confidential has never been more important. Data can be vulnerable to theft as it’s transferred to and from your website. One simple solution to this security threat is to encrypt your traffic with SSL (Secure Sockets Layer).
SSL encryption ensures the data transferred between your visitors and your site is safe from data theft, and having SSL enabled can also boost your Google search rankings.
CloudFlare has made it simple and easy to add SSL to your site: you don’t have to purchase a separate certificate or install anything. In this webinar CloudFlare’s solution engineer Peter Griffin explains the key features of SSL, and walks you through the simple process of getting SSL running on your site.
Managing Traffic Spikes This Holiday Season Cloudflare
The holiday season is just around the corner, and for many websites—especially online retailers—this means huge spikes in web traffic. For many sites, a sudden surge in visitors can overwhelm servers, taking your site offline. Having your site offline during peak season not only affects the business bottom line, but also the brand's reputation.
CloudFlare offers a host of services that will keep your site online, and lightning fast, throughout the holiday season no matter the size of the traffic. CloudFlare’s programer John Graham-Cumming explains how to fine tune CloudFlare to make sure your website is ready for traffic spikes this holiday season.
For more information, please visit:
www.cloudflare.com/overview
www.cloudflare.com/support
This document contains the results of a comparative penetration test conducted by a team of security specialists at Zero Science Lab against three ‘leading’ web application firewall solutions. Our goal was to bypass security controls in place, in any way we can, circumventing whatever filters they have. This report also outlines the setup and configuration process, as well as a detailed security assessment.
This talk is about the creation of a new security tool, Red October. Red October can be used to enforce the two-person rule for access to critical data, helping keep company data protected from insider threats.
The security industry tends to be less open about the details of how their software works than other parts of the software industry. This project was created to tackle the practical challenges of traditional security compliance, but inspired by an open source mentality. By taking a vague set of regulatory requirements we devised a user-friendly tool that solves a broader problem that is an issue for many small organizations.
This talk will teach people about cryptography and division of responsibility in key management, a very important consideration when moving a business to the cloud. It will also help show where to draw the line between using existing cryptographic and security mechanisms, and building your own.
Running Secure Server Software on Insecure Hardware Without ParachuteCloudflare
In today’s world, you may not know if the hardware you are running software on is secure or not. How can you ensure that, regardless of the hardware security, the software stays protected? CloudFlare’s systems engineer, Nick Sullivan shares advanced techniques on how to protect your server software. These techniques include anti-reverse engineering methods, secure key management and designing a system for renewal.
The Heartbleed vulnerability was an information disclosure bug in OpenSSL unveiled to the world in April 2014. This talk will describe the impact of this bug on the Internet and CloudFlare's part in contributing to the research and education of the public about this issue.
CloudFlare - The Heartbleed Bug - WebinarCloudflare
An encryption flaw, called the Heartbleed bug, is already referred to as one of the biggest security threats on the Internet. The flaw, announced on April 7th, allows an attacker to pull bits of data from a server and potentially access sensitive information.
How did the Heartbleed bug happen? How does it affect your website? What can you do protect yourself?
CloudFlare security engineer Nick Sullivan answers these and more questions on this CloudFlare webinar. At the last portion of the webinar we have Ben Murphy (one of the winners of the CloudFlare Heartbleed challenge) on a Q&A session.
For more information on Heartbleed and the CloudFlare challenge, go to: http://bit.ly/1lVKy4O
For more information on CloudFlare, visit www.cloudflare.com or dial 888-99-FLARE.
CloudFlare looked at several NoSQL and SQL solutions and ended up with a hybrid model where many Kyoto Cabinet DBs are accessed via a Postgres wrapper. This presentation describes the resulting novel architecture which combines the horizontal scalability of NoSQL solutions with the flexibility and stability of SQL.
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...Ruo Ando
Feasibility study of large scale attacks of DNS. We have found 10,334,293 DNS servers in 34 hours of first measurement (2013/05/31 – 2013/06/02) and 30285322 DNS servers in 26 hours of second measurement (2013/07/05).
"In this session, we will address the current threat landscape, present DDoS attacks that we have seen on AWS, and discuss the methods and technologies we use to protect AWS services. You will leave this session with a better understanding of:
DDoS attacks on AWS as well as the actual threats and volumes that we typically see.
What AWS does to protect our services from these attacks.
How this all relates to the AWS Shared Responsibility Model."
ION Bucharest, 12 October 2016 - DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
Demystifying SharePoint Infrastructure – for NON-IT People SPC Adriatics
This talk is specifically for NON-SharePoint infrastructure administrators (or for new ones still figuring things out)! Instead it’s for the rest of the SharePoint team – come learn about the basic building blocks of SharePoint infrastructure – things like DNS, load balancing, AD, high availability and disaster recovery, backup options, database options, and some of the core components of Windows in an understandable way so you can speak the lingo and seem really smart!
Zvonimir Mavretić
DDoS Mitigation on the Front Line with RedShieldSam Pickles
Denial of Service attacks are increasingly targeting applications, masking attack traffic as legitimate HTTP, and using SSL encryption to avoid detection.
In this presentation Aura Information Security CTO Sam Pickles discusses lessons learnt in delivering RedShield, Aura's managed web shielding service; including attack trends and types, mitigation of next generation DDoS attacks, the use and automation of the F5 DDoS reference architecture.
Docker Engine 1.12 can be rightly called ” A Next Generation Docker Clustering & Distributed System”. Though Docker Engine 1.12 Final Release is around corner but the recent RC3 brings lots of improvements and exciting features. One of the major highlight of this release is Docker Swarm Mode which provides powerful yet optional ability to create coordinated groups of decentralized Docker Engines. Swarm Mode combines your engine in swarms of any scale. It’s self-organizing and self-healing. It enables infrastructure-agnostic topology.The newer version democratizes orchestration with out-of-box capabilities for multi-container on multi-host app deployments.
"How overlay networks can make public clouds your global WAN" by Ryan Koop o...Cohesive Networks
The presentation "How overlay networks can make public clouds your global WAN" presented by Ryan Koop on Oct 24, 2013 at LASCON in Austin, TX.
Enterprises, organizations and governments are realizing the benefits of cloud flexibility, cost savings, scalability and connectivity. Yet the traditional approach focuses too much on the underlying infrastructure, instead of the applications.
So who is making solutions for the people who work at the application layer? Are software-defined things secure?
With a focus on application-layer integration, governance and security, overlay networks let developers, and the enterprise apps they work with, use the public clouds as a global WAN network, not just extra storage.
Developers can build on top of overlay networking to extend traditional networks to the cloud with added security such as encryption, IPsec connections, VLANs and VPNs into the public cloud networks.
Prime examples are the previously cost-prohibitive projects can now use public clouds as global points of presence to create cloud WAN to partners and customers.
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPROIDEA
Adam Obszyński – pracuje w Infoblox jako Senior Systems Engineer odpowiedzialny za CEE. Wcześniej pracował w Cisco, u kilku integratorów (NXO, MCX, ATM) i operatorów (ATMAN, Polbox, Multinet). Posiada doświadczenie w projektowaniu i wdrażaniu rozwiązań sieciowych i aplikacyjnych. W branży od 20 lat. Certyfikowany inżynier CCIE #8557 oraz CISSP. Prowadził prezentacje i warsztaty na wielu konferencjach w kraju i za granicą (m.in. Cisco Live US & EU, Cisco Forum, Cisco Expo, PLNOG).
Temat prezentacji:Case Study – Infoblox Advanced DNS Protection
Język prezentacji: Polski
Abstrakt:
Słyszałeś o typach ataków wymienionych poniżej? A może doświadczyłeś ich w swojej sieci?
Phantom domain attack
NXDomain attack
DNS reflection/DrDoS attacks
DNS amplification
DNS cache poisoning
Protocol anomalies
DNS tunneling
DNS hijacking
Na poprzednim PLNOG mówiłem o unikalnej ochronie DNS za pomocą Infoblox ADP. Tym razem opowiem o tym co nowego zrobiliśmy w ramach ochrony DNS oraz zaprezentuje przypadki ze środowisk sieciowych naszych klientów.
Opowiem co się działo w sieci klientów i jak uporaliśmy się z problemami ataków na DNS.
Rozwiązanie Advanced DNS Protection od Infoblox dostarcza kompleksowe rozwiązanie do ochrony przed wieloma atakami na usługi DNS. System w inteligentny sposób odróżnia poprawny ruch DNS od złośliwego ruchu DDoS generowanego przez atakujących, takich jak DNS, exploity i słabości. Automatycznie usuwa ruch atakujący podczas gdy z pełną wydajnością odpowiada na poprawny ruch DNS. Ponadto, Advanced DNS Protection otrzymuje automatyczne aktualizacje swoich polityk/reguł, zapewniając stałą ochronę przed wszelkimi nowościami w tej dziedzinie. Infoblox jest pierwszym i jedynym producentem, który oferuje tak wyjątkowe i unkalne rozwiązanie dla najwyższej ochrony krytycznych usług DNS. Więcej szczegółów o rozwiązaniach dla operatorów: www.infoblox.com/sp
By default Azure does not provide any network traffic isolation between the subnets in VNETs. This creates a unique challenge for IT network and security professionals who have multiple subnets in Azure and would like to provide segmentation within the VNETS; an architecture that is common in on premise networks, for both physical and virtual infrastructures, for mitigating various security concerns. Azure NSGs (Network Security Groups) provides solutions for such virtual network segmentations without using any additional virtual appliances.
You will learn :
1.Azure VM traffic isolation
2.Azure VNET traffic isolation
3.Azure network segmentation through traffic isolation
4.Isolated network security zones
Learn to recognize the many ways in which attackers can tamper with DNS servers and records, and the measures you can take to prevent this.
See the full webinar and the rest of the series at https://www.thousandeyes.com/resources/monitoring-for-dns-security-webinar
Building Resilient Applications with Cloudflare DNSDevOps.com
DNS is a mission-critical component for any online business. Yet this component is often overlooked and forgotten until something breaks.
As DNS attacks become more prevalent, businesses are starting to realize that the lack of a resilient DNS creates a weak link in their security strategy. Also, adopting the right DNS posture is important for achieving 100% uptime and ensuring uninterrupted superior performance. This becomes even more important during this crisis environment as your online presence is the only bridge connecting your business to customers and prospects.
Join this webinar to learn more about:
Risks posed by a weak DNS strategy,
Different ways to accomplish a redundant DNS setup,
How Cloudflare makes it easy to deploy a secure and resilient DNS.
Succeeding with Secure Access Service Edge (SASE)Cloudflare
With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data.
SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture? View to learn:
-Why SASE should be less complicated than many vendors are making it
-What to look for when evaluating a migration to a SASE platform
-A 3 month, 6 month, and 12 month roadmap for implementation
-How Cloudflare One, a purpose-built SASE platform, delivers on these promised benefits
Close your security gaps and get 100% of your traffic protected with CloudflareCloudflare
The Gaming & Gambling industry has been the target of increasingly sophisticated cyber attacks in recent years, ranging from automated bots carrying out credential stuffing and intellectual property scraping to Layer 3 DDoS attacks, which can result in reduced network speed and performance, and in some cases loss of business when such incidents occur.
View this presentation from Cloudflare security experts Stephane Nouvellon, Principal Solutions Engineer and Philip Björkman, Strategic Vertical Account Executive (EMEA Gaming & Gambling) to learn about:
-How you can protect your business and improve the performance and reliability of your infrastructure, globally
-Solutions to secure your organization's online traffic (all OSI layers) against bots and cyber attacks whilst improving the performance of your applications.
Why you should replace your d do s hardware applianceCloudflare
Watch this webinar to learn how to:
Protect and accelerate your networks
Reduce the total cost of ownership (TCO) in your data centers, and
Increase your operational agility with easy deployment and management of network services
Don't Let Bots Ruin Your Holiday Business - Snackable WebinarCloudflare
Bot attacks to look out for this holiday season including:
Account takeover/Credential stuffing, inventory hoarding, price scraping, fake account creation, credit card stuffing.
Why Zero Trust Architecture Will Become the New Normal in 2021Cloudflare
The COVID-19 pandemic brought changes no IT team was ready for: employees were sent home, customer interaction models changed, and cloud transformation efforts abruptly accelerated. Cloudflare recently commissioned Forrester Consulting to explore the impact of 2020 disruptions on security strategy and operations among companies of all sizes. To do so, they surveyed 317 global security decision makers from around the world.
Join our guest Forrester VP, Principal Analyst, Chase Cunningham, and Cloudflare Go-To-Market Leader, Brian Parks, for an in-depth discussion of the survey results, followed by practical guidance for next year’s planning.
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...Cloudflare
Join this webinar to learn how Paul Hartmann, a leading manufacturer of medical and healthcare products, leverages Cloudflare to strengthen its security posture and deliver a superior online experience to its customers
Zero trust for everybody: 3 ways to get there fastCloudflare
The COVID-19 pandemic has exposed the weaknesses of the traditional ‘castle-and-moat’ security model. Remote work has expanded attack surfaces infinitely outwards, and more than ever, organizations need to start from the assumption that their ‘castle’ is already compromised. Zero Trust has emerged as a compelling security framework to address the failures of existing perimeter-based security approaches. It’s aspirational, but not unachievable.
At Cloudflare, we’re making complicated security challenges easier to solve. Since 2018, Cloudflare Access has helped thousands of organizations big and small take their first steps toward Zero Trust.
In this presentation, Cloudflare will share their perspective on what the most successful organizations do first on their journey to Zero Trust.
We’ll cover:
-The Zero Trust framework, and our recommended ZT security model
-How 3 organizations of differing size and security maturity have implemented Zero Trust access
-Cloudflare’s Zero Trust implementation and lessons learned
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...Cloudflare
Maintaining the right balance between security and customer experience is always challenging for online businesses. This challenge becomes even more relevant during this crisis as businesses face unprecedented levels of traffic and attacks.
Tune in to learn how LendingTree leverages Cloudflare to strengthen their security posture while ensuring a superior online experience for their customers. Listen to security experts from LendingTree and Cloudflare as they discuss:
Emerging attack vectors and tactics impacting online platforms
Best practices for online businesses to overcome these threats
How LendingTree leverages Cloudflare to maintain the right balance between security and business objectives
Network Transformation: What it is, and how it’s helping companies stay secur...Cloudflare
Rahul Deshmukh, Product Marketing at Cloudflare, & Varun Mehta, Solutions Engineer at Cloudflare, discuss how several companies have approached network transformation to improve the security, performance, and reliability of their infrastructure
Scaling service provider business with DDoS-mitigation-as-a-serviceCloudflare
During the webinar, Vivek Ganti, Product Marketing Manager for Cloudflare, & Jim Hodges, Chief Analyst of Cloud and Security at Heavy Reading, discussed how service providers are regular targets of DDoS attacks, and how these attacks directly impact their uptime, availability, and revenue.
Application layer attack trends through the lens of Cloudflare dataCloudflare
The past few months have seen significant changes in how attackers target the application layer—through injection attacks, malicious bots, DDoS, API vulnerability exploits, and more. We can observe these changes by analyzing traffic from Cloudflare’s global network, which blocks an average of 45 billion threats per day for over 27 million Internet properties.
Watch this webinar to explore data on:
Which attack vectors have become more and less common
How those changes vary by region and industry
The business and societal trends behind these attacks
Strategies for addressing these latest attack tactics
Recent DDoS attack trends, and how you should respondCloudflare
The past few months have seen significant changes in global DDoS tactics. We can observe these changes in detail by analyzing traffic patterns from Cloudflare’s global network, which protects more than 27 million Internet properties and blocks 45 billion cyber threats every day. What approaches are DDoS attackers using right now, and what are forward-thinking organizations doing in response?
Cloudflare DDoS product experts Omer Yoachimik, and Vivek Ganti will explore new data on DDoS trends and discuss ways to counter these tactics.
Cybersecurity 2020 threat landscape and its implications (AMER)Cloudflare
Cybersecurity decisions have direct implications to individuals, enterprises and organizations but also have broader societal implications than ever before. In 2020 and beyond, technology promises to change our own experience and enhance our way of life, and those of our customers, significantly. This reliance and targeting have been magnified during COVID19, where the cybercriminals have sunk to new lows at the same time as that reliance on tech has increased.
This session will explore how these technologies are going to change the experiences of our lives for the better and for the worse. It will explore the most recent cybersecurity breaches, predict the key security issues for 2020 and discuss current security priorities.
Strengthening security posture for modern-age SaaS providersCloudflare
Businesses become more resilient in times of crises. This is especially true for SaaS businesses that are facing unprecedented challenges in this environment. While some are catering to a surge in traffic, others are figuring out innovative solutions to retain their customers. In addition, increasing malicious attacks are straining the resources of these SaaS businesses.
Now more than ever, it is important for SaaS providers to deliver an uninterrupted experience. One that is fast, secure, and reliable to their customers in a cost effective manner.
Join this webcast to learn more about how ActiveCampaign leverages Cloudflare to deliver meaningful services to their end users.
Kentik and Cloudflare Partner to Mitigate Advanced DDoS AttacksCloudflare
DDoS attacks are evolving. Detecting and mitigating attacks quickly and accurately is a key strategy to ensure business continuity.
Join this webinar to learn about:
- What is a DDoS attack and what it can cost you
- Global DDoS attack trends and what it means to you
- How Cloudflare Magic Transit and Kentik together monitor and mitigate DDoS attacks of all sizes and kinds
In this webinar, learn from Cloudflare’s DDoS Protection Product Manager, Omer Yoachimik, about the recent attacks (both large and small) and how Cloudflare is uniquely positioned to help protect Internet properties on its network from DDoS attacks and cyber threats.
In this webinar, you will learn:
- DDoS attack trends to watch out for in 2020
- How Cloudflare detects & mitigates DDoS attacks
- How can you protect your website and networks against DDoS attacks
It’s 9AM... Do you know what’s happening on your network?Cloudflare
If you manage a corporate network, you’re responsible for protecting users from risky and malicious content online. Doing that well requires insight into the requests on your network, and the power to block risky content before it impacts your users. Legacy solutions have addressed this challenge by forcing the Internet through hardware onsite.
Cloudflare has a better way. The all-new Cloudflare Gateway (part of the Cloudflare for Teams family), provides secure, intelligent DNS powered by the world’s fastest public DNS resolver. With Gateway, you can visualize your Internet traffic in one place. And with 100+ security and content filters at your fingertips, you can apply comprehensive Internet intelligence to protect global office networks in a matter of minutes.
Join Irtefa, Product Manager for Cloudflare Gateway and AJ Gerstenhaber, Go to Market for Cloudflare for Teams, to discover a new way to protect your offices and teams from malware - no legacy firewalls required.
Bring speed and security to the intranet with cloudflare for teamsCloudflare
Cloudflare was started to solve one half of every IT organization's challenge: how do you ensure the resources and infrastructure that you expose to the Internet are safe from attack, fast, and reliable? To deliver that, we built one of the world's largest networks. Today our network spans more than 200 cities worldwide and is within milliseconds of nearly everyone connected to the Intranet.
Cloudflare for Teams is a new platform designed to solve the other half of every IT organization's challenge: ensuring the people and teams within an organization can safely access the tools they need to do their job. Now you can extend Cloudflare’s speed, reliability and protection to everything your team does on the Intranet.
In this webinar, you’ll learn:
- Common challenges of scaling security for your growing business
- How to extend Zero Trust security principles to your internally managed applications
- How to make Intranet access faster and safer for your employees
In a highly competitive digital culture, businesses are intensifying their digital transformation efforts to expand their hybrid and multi-cloud cloud initiatives. As dependencies on legacy point solutions and architectures begin to diminish, developers are becoming increasingly influential in newly digitally transformed organizations.
The need for increased agility, and speed is paramount. While CDNs have been a key fixture for many enterprise businesses to remediate global network latencies, new challenges have arisen with these solutions that are inhibiting agile workstyles.
Join this webinar to learn the following:
- The foundations of improving web performance
- How the web performance market is evolving and the challenges faced by CDN providers
- How Cloudflare supports your digital transformation
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...JeyaPerumal1
A cellular network, frequently referred to as a mobile network, is a type of communication system that enables wireless communication between mobile devices. The final stage of connectivity is achieved by segmenting the comprehensive service area into several compact zones, each called a cell.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
1. Surviving a DDoS Attack:
Securing CDN traffic at CloudFlare
Martin J. Levy, Network Strategy
CloudFlare, Inc.
MSK-IX Moscow Russia
December 4, 2014
2. 24 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
DDoS Attacks are
becoming massive,
and easier to initiate
Today:
3. 34 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Major Attacks against
CloudFlare Customers
Mar 2013
309
Gbps
Feb 2014
400
Gbps
Feb 2012
65 Gbps
Next?
???
Gbps
4. 44 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
CloudFlare
5. 54 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
CloudFlare network locations
• Global: Deployed into 28 data centers in 20 countries
• Secure: Built into every layer and every protocol
• Robust: Every node can perform any task. Anycast HTTP routing
• Reliable: Built-in redundancy, load balancing, and high-availability
6. 64 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
CloudFlare works at the network level
7. 74 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
CloudFlare works globally
8. 84 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
CloudFlare sample customers
Nearly two million websites
9. 94 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Chronology
of the major attacks
10. 104 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
March 2013
11. 114 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
The Spamhaus attack
12. 124 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Monday, March 18th thru 21st
“Annoyance” attacks, 10-80Gbps
13. 134 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Wednesday, March 20th
~75Gbps attack
“Instant on”
14. 144 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Then, it got real …
15. 154 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Sunday, March 24th thru 25th
Peaks of the attack reached 309Gbps
“Instant on”
16. 164 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
February 2014
17. 174 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Monday, February 10th, 2014
400Gbps, Globally Distributed Attacks
18. 184 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
19. 194 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
The Evolving Landscape
20. 204 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
The Evolving Landscape of DDoS Attacks
DNS amplification
Up to 300 Gbps
NTP reflection
Up to 400+ Gbps
(35% up from DNS amplification)
DNS infrastructure
100s Gbps
HTTP Application
100s Gbps
Sophistication
ATTACK TYPE TREND
• Volumetric Layer 3 / 4
• DNS Infrastructure
• HTTPS application
• Origin: 100s of countries
More sophisticated DDoS mitigation and larger surface area to
block volumetric attacks has forced hackers to change tactics.
New DNS infrastructure and HTTP layer 7 attack signatures that
mimic human-like behavior are increasing in frequency.
20142013
21. 214 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Layer 7 Attacks
22. 224 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Layer 7 Attack methodology
Exhausts CPU
Attackers use millions of
compromised machines to launch
a sophisticated attack that mimics
real users and overloads the slow
points in your web property.
A highly advanced attack that
mimics real users is detected and
blocked by CloudFlare before it
can overload the slow parts of
web server software.
23. 234 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
DNS Infrastructure Attacks
24. Layer 7 – Malicious Payload
• Request sent to exploit vulnerability on server
• WAF on CloudFlare blocks 1.2 billion request per day
• Shellshock
• 10 to 15 attacks per second during the first week
• Top countries: France (80%), US (7%), Netherlands (7%)
244 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
25. 254 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Breaking Down the Attacks
26. 264 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
DDoS mechanics
27. 274 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
IP Spoofing
Attacker
Network Device
1.2.3.4
Hi, I’m 1.2.3.4,
and I need some info
Here’s your info
213.4.99.70
Target Website
28. 284 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
IP Spoofing
http://spoofer.cmand.org/
25.5% of networks allow spoofing
29. 294 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Attack #1 – Spamhaus Attack:
309Gbps
UDP DNS
30. 304 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Getting to 309Gbps
10 Mbps 30,900X 309,000 Mbps=
31. 314 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
An easier way: DNS
Amplification
Attacker
Open DNS Resolver
Target Website
64 Bytes
3,363 Bytes
~50x
32. 324 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
How easy is it to
create a DNS query packet?
33. 334 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
64 bytes becomes 3,363 bytes
$ dig ANY isc.org @63.21*.**.** +edns=0 +notcp +bufsize=4096
64 byte query
Sorryforthesmallprint
;; ANSWER SECTION:
isc.org. 7147 IN SOA ns-int.isc.org. hostmaster.isc.org. 2013073000 7200 3600 24796800 3600
isc.org. 7147 IN NS ns.isc.afilias-nst.info.
isc.org. 7147 IN NS ord.sns-pb.isc.org.
isc.org. 7147 IN NS ams.sns-pb.isc.org.
isc.org. 7147 IN NS sfba.sns-pb.isc.org.
isc.org. 7 IN A 149.20.64.69
isc.org. 7147 IN MX 10 mx.pao1.isc.org.
isc.org. 7147 IN TXT "v=spf1 a mx ip4:204.152.184.0/21 ip4:149.20.0.0/16 ip6:2001:04F8::0/32 ip6:2001:500:60::65/128 ~all"
isc.org. 7147 IN TXT "$Id: isc.org,v 1.1835 2013-07-24 00:15:22 dmahoney Exp $"
isc.org. 7 IN AAAA 2001:4f8:0:2::69
isc.org. 7147 IN NAPTR 20 0 "S" "SIP+D2U" "" _sip._udp.isc.org.
isc.org. 3547 IN NSEC _adsp._domainkey.isc.org. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY SPF
isc.org. 7147 IN DNSKEY 256 3 5 BQEAAAABwuHz9Cem0BJ0JQTO7C/a3McR6hMaufljs1dfG/inaJpYv7vH XTrAOm/MeKp+/x6eT4QLru0KoZkvZJnqTI8JyaFTw2OM/ItBfh/hL2lm Cft2O7n3MfeqYtvjPnY7dWghYW4sVfH7VVEGm958o9nfi79532Qeklxh x8pXWdeAaRU=
isc.org. 7147 IN DNSKEY 257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGr hhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+ u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy3 47cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQz
Bkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyL KOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bB yBNsO70aEFTd
isc.org. 7147 IN SPF "v=spf1 a mx ip4:204.152.184.0/21 ip4:149.20.0.0/16 ip6:2001:04F8::0/32 ip6:2001:500:60::65/128 ~all"
isc.org. 7147 IN RRSIG SPF 5 2 7200 20130828233259 20130729233259 50012 isc.org. XDoOYzkTHEV1W1V4TT50SsqXn4cxNhPvEuz3iFjq/oskLY9UOaK4GYDO GqHAjwNT0B6pUakKTQ3GvBjUBufPcEauCOl7L7kb8/cC6zYifUCoW0pS moiQxmyqfrPDTzyVA894myUONGgMmB6QW68HGPVvc6HzGWx9bOmjvFyX uOs=
isc.org. 7147 IN RRSIG DNSKEY 5 2 7200 20130828230128 20130729230128 12892 isc.org. COfF8fU6a8TBUG97SI/X+u2eKv7/mw+ixD3IWBnr3d3cWZmzF1sV8bWT YbuJebwnJMgN5OfB9PLsN+4QT617OjBe1dUF2M9jZeBiWsSsvvrdHnHM P8KwX6eayByDUoFsYe9VAH6C94XmOVXTQ7h7Cr0ytaVSXUytqFZV+DGn
v3kqSi50V3YkFNPAJDqqs0treWjwV/SPlqWVqEAoU/KMZMtYpCEMbHVP 8nbRP3jj/10WLccPtjHhiw4Ka9Sk4o+b7BMYCgXGXlhaap21SUqkytHt 8RJdVxxd5Cj7Bi+O4LXODlS4bAZEDG7UoHR27MzXtvMZogsNyyNUKHSs FtUvBg==
isc.org. 7147 IN RRSIG DNSKEY 5 2 7200 20130828230128 20130729230128 50012 isc.org. Mbr/QqJPoIuf3K5jCuABUIG0/zSHQ8iWZpqvHx7olVBEmTxhi3/vW+IE DW6VCE1EpZclSIlMMRZUnbBnVSpe0rZ13BxoLlRQqvsbC3jD15Se41WB DscD0S63C0GLqI9IhSyVugtlpqhA3CaluSqtABHbAktPP05Rm00tST2Y A5Q=
isc.org. 3547 IN RRSIG NSEC 5 2 3600 20130828233259 20130729233259 50012 isc.org. V7G42xY7TY9wF1vsBlRFuJ2ror/QjftLoRrDCMfqFW6kb5ZswjKt5zho 4o2sIrylTqad68O+lMxrDcg+7c2D8Hdh84SC0DEkjunBXkGBtLtaJvO5 zMn+d/OgUY5O7wtkerybJwZeiHcFxIkMRIcvsPKJYZWKCdaaCWibne7c w1s=
isc.org. 7147 IN RRSIG NAPTR 5 2 7200 20130828233259 20130729233259 50012 isc.org. gWDvD0KACaYgsCgtRS4iKkHBBidfJfqS4drUf4kuPX2Etl9fj1YrqOQK QFB5kBrzJLKh1IF4YpV+KYVUF82l3AtpsohpUH5Uyc3yD3r1CUDVyVvc T9qUrIuRpZLInD2kBLmDaG76MRz4Fz+NAkdXmwxZJhgTrfMLy+Uw/Ktk H7w=
isc.org. 7 IN RRSIG AAAA 5 2 60 20130828233259 20130729233259 50012 isc.org. dfzIo0VGT0MptTaPoua3tFwDxSpeuOg127QedlqLGTxKGN1ppV/bd6R0 WktMagZY9rSqmjfXNPlF3Q+7YeTpMssQhHqjE/tDoj9q9r8RXuBLJ1+a VRq3+xMbxb5EXAyQVZw24LIuloqNprXePRUGCXNINSWd7VZEIDNqhu9C g7U=
isc.org. 7147 IN RRSIG TXT 5 2 7200 20130828233259 20130729233259 50012 isc.org. WtB3SYzcOKpNbOtBlnmtsI0DCbDB4Kiv/HBY24PTZyWF/3tI8l+wZ+/p MfJ/SblbAzT67DO5RfxlOhr8UlRKVa70oqinQp5+rqiS67lv1hGO6ArO k+J0jLTis9Uz32653dgAxlgjEdWDKAg4F12TaHirAXxyI8fos5WNl/h4 GLo=
isc.org. 7147 IN RRSIG MX 5 2 7200 20130828233259 20130729233259 50012 isc.org. BSXC42oV6MCF0dX2icyxnvyijhy569BJCoanm5VrIIuiNeTeo261FQJx 7ofFCWa4fKOoa+EZ0qloNPfDiczStr8MmK8Lznu6+8IRfdmcG/kURuSi JdvDa0swxjmCm9aYu2nhoyHs+jqbJ+9+fneI0iDUX1fiM+9G2K9BjLru NxU=
isc.org. 7 IN RRSIG A 5 2 60 20130828233259 20130729233259 50012 isc.org. Gmb8tt8d7kxx4HsA8L6IdFYGGSJCA8PTWexUP3CBLna39e4a6gVzjoNd dEI7B5mySAujZBEXNx3dSagpjiTJYfMML8AY0uO0tgyjqaTyzwPPV5lW xQKVC092BPJx9IeKw+DC57f3m9LOaHJlMIh7wYFn8jxqeg1lSwJN0e35 Qvc=
isc.org. 7147 IN RRSIG NS 5 2 7200 20130828233259 20130729233259 50012 isc.org. RBvXLeTH0726iKvElmBZYUE+AWG3s2YRxKxuCnrhg7o9qIQGKXvEXrb3 wJeC/74KY2FW+RRz4F0QxODnPm+frpWIPbCpRf0SUFDQ82opQDwAb2CM 0D9N95y1t9hYfSeHEsEEk2yWgLymd9/S24XCmwuVVZ7ZeYQmVEVkF7Jt V3A=
isc.org. 7147 IN RRSIG SOA 5 2 7200 20130828233259 20130729233259 50012 isc.org. iiDnH6tvmap0h2cdULI8Ihme+zbtQ2+D3ycKRqBc9TRfA0poNaaZ97aF 15EIKyIpjiVybkP2DNLm5nkpNsgA+Ur+YQ6pr0hZKzbDkBllBIW4C0LV DsjzPX3qLPH4G3x/20M+TeGe4uzPB5ImPuw0VxB8g8ZP5znvdiZG6qen jas=
;; AUTHORITY SECTION:
isc.org. 7147 IN NS ns.isc.afilias-nst.info.
isc.org. 7147 IN NS ord.sns-pb.isc.org.
isc.org. 7147 IN NS ams.sns-pb.isc.org.
isc.org. 7147 IN NS sfba.sns-pb.isc.org.
;; ADDITIONAL SECTION:
ns.isc.afilias-nst.info. 56648 IN A 199.254.63.254
ns.isc.afilias-nst.info. 56652 IN AAAA 2001:500:2c::254
ord.sns-pb.isc.org. 31018 IN AAAA 2001:500:71::30
ord.sns-pb.isc.org. 31018 IN A 199.6.0.30
ams.sns-pb.isc.org. 31018 IN AAAA 2001:500:60::30
ams.sns-pb.isc.org. 31018 IN A 199.6.1.30
sfba.sns-pb.isc.org. 31018 IN AAAA 2001:4f8:0:2::19
sfba.sns-pb.isc.org. 31018 IN A 149.20.64.3
mx.pao1.isc.org. 3547 IN AAAA 2001:4f8:0:2::2b
mx.pao1.isc.org. 3547 IN A 149.20.64.53
_sip._udp.isc.org. 7147 IN SRV 0 1 5060 asterisk.isc.org.
3,363 byte response
34. 344 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
300Gbps+ of DDoS attack traffic
1 laptop
+ 5-7 compromised servers
+ 3 networks which allow spoofing
+ 9Gbps of DNS requests to
+ 0.1% of all open resolvers
----------------------------------------
= 300Gbps of DDoS traffic
35. 354 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Attack #2 – The NTP Attack:
400Gbps
UDP NTP
36. 364 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Tweets report attack issues
37. 374 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
An EVEN easier way: NTP
Amplification
Attacker
NTP Server with
MONLIST
Target Website
64 Bytes
13,184 Bytes
~206x
38. 1 laptop
+ 1 compromised server
+ 1 network which allowed spoofing
+ 1.94Gbps of MONLIST to
----------------------------------------------------
= 400Gbps+ of DDoS attack traffic
384 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
400Gbps+ of DDoS attack traffic
39. 394 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
What’s Next?
~206x
650x
~50x
8xDNS
EDNS
NTP
SNMP
→
→
→
→
40. 404 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Something extra …
41. Largest Attack in History
• Hong Kong
• Peaked at ~500Gbps
• 7 days
• Reflection attack (DNS, NTP)
• DNS flood - 250 million DNS
requests per second
• HTTP(S) attack
414 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
42. 424 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Protecting your network
43. 434 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
28 Million Open DNS Resolvers
http://OpenResolverProject.org/
Lock your DNS server (recursive & authoritative) down
44. 444 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
28 Million Open DNS Resolvers
http://team-cymru.org/
Confirm that the resolver is a closed resolver
options {
recursion no;
additional-from-cache no;
};
UNIX bind configuration examples
acl "trusted" {
10.42.0.0/16;
192.0.2.0/24;
192.0.6.0/24;
};
options {
recursion no;
additional-from-cache no;
allow-query { none; };
};
view "trusted" in {
match-clients { trusted; };
allow-query { trusted; };
recursion yes;
additional-from-cache yes;
};
45. 454 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
NTP Amplification Attacks
http://OpenNTPProject.org/
Turn off MONLIST on your NTP servers
46. 464 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
NTP Amplification Attacks
47. 474 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
NTP Amplification Attacks
http://team-cymru.org/
“noquery” is required to disable MONLIST
# by default act only as a basic NTP client
restrict -4 default nomodify nopeer noquery notrap
restrict -6 default nomodify nopeer noquery notrap
# allow NTP messages from the loopback address, useful for debugging
restrict 127.0.0.1
restrict -6 ::1
# server(s) we time sync to
server 192.0.2.1
server 2001:db8::1
server time.example.net
UNIX ntpd configuration example
48. 484 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Prevent IP Spoofing (network hygiene)
• BCP38 / RFC2827 (ingress filtering) – May, 2000:
• http://bcp38.info/
• http://www.ietf.org/rfc/bcp/bcp38.txt
• http://www.ietf.org/rfc/rfc2827.txt
• BCP84 / RFC3704 (for multihomed) – March, 2004:
• http://www.ietf.org/rfc/bcp/bcp84.txt
• http://www.ietf.org/rfc/rfc3704.txt
… and yet still an issue today!
49. 494 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Securing CDN traffic at
CloudFlare
50. 504 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
CloudFlare security
51. 514 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
CloudFlare – a global network
Attack traffic is global and hence a global edge is valuable
52. 524 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Anycast Dilutes Attacks
300Gbps of attack traffic
/ 28 locations
----------------------------------------------------
= ~10.7Gbps average per location
Reality is that some locations are much larger
than others. However every location is vital.
53. 534 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Anycast Dilutes Attacks
54. 544 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Solution: Hide Origin IPs
• Use separate IPs for HTTP, DNS, SMTP, etc
• Public DNS should route to your EDGE’s public IPs
• Keep actual/origin web device IPs protected
55. 554 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Filter traffic by IP and protocol
• No UDP packets should be able to hit your HTTP
server
• UDP is IP protocol 17 vs. TCP for HTTP is IP protocol 6
• No HTTP packets should be able to hit your SMTP
server
• HTTP is TCP port 80 & 443 vs. SMTP is port 25 & 587
56. 564 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Filter traffic by IP and protocol
http://team-cymru.org/
Allow only HTTP& HTTPS via TCP protocol to a specific IP
!
hostname router-www
!
interface ethernet0
ip access-group 102 in
!
access-list 102 permit tcp any host 10.0.0.100 eq 80
access-list 102 permit tcp any host 10.0.0.100 eq 443
access-list 102 deny all
!
Simple Cisco filter configuration example
57. 574 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Protect your infrastructure
• Internal switches, routers, and other devices should be
locked down from any external access
• All traffic should flow through EDGE devices which
handle attacks
• CloudFlare Web Application Firewall (WAF) service
58. 584 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Build relationships upstream
• Understand what your data center and bandwidth
providers do about DDoS
• Know who to call when trouble strikes
• Share your IP/Protocol architecture with them
59. 594 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Communicate about attacks
60. 604 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Summary
61. 614 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Summary
• Volumetric DDoS evolving (NTP came and went)
• Larger botnets / Cloud services user in botnets
• DNS flood on the rise / Application-level on the rise
• Politically motivated attacks
• First, make sure you’re not part of the problem …
• Second, practice good protocol hygiene …
• Third, implement infrastructure ACLs …
• Fourth, know your upstreams
62. 624 December 2014 MSK-IX Moscow Russia - CloudFlare - Surviving a DDoS Attack - Securing CDN traffic at CloudFlare
Questions?
Martin J. Levy, Network Strategy
@mahtin
@cloudflare
http://www.cloudflare.com/
AS13335
Editor's Notes
Founded 1998 // The Spamhaus Project is an international nonprofit organization whose mission is to track the Internet's spam operations
more volumetric attacks (less frequent)
more sophisticated attacks (more frequent)