Protecting your business from ddos attacks


Published on

Protecting your business from d do s attacks

Published in: Technology, News & Politics
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Protecting your business from ddos attacks

  1. 1. Protecting Your Business from DDoS Attacks How effect to DOS attach to the company – what are the DOS attacks, how it effect to the company, how to overcome this problem etc. Saptha Wanniarachchi MBCS,MCSE<MCITP
  2. 2. Introduction <ul><li>Overview of DDoS Attack ? </li></ul><ul><li>How it works </li></ul><ul><li>Impact of business </li></ul><ul><li>Mitigation </li></ul><ul><li>Prevention </li></ul><ul><li>Challengers </li></ul><ul><li>Q&A </li></ul>
  3. 3. DDoS Attack Overview <ul><li>Type of attack causes your computer/Network to crash or to become so busy processing data that you are unable to use it </li></ul><ul><li>Main objective of committing such attacks does not provide the attacker with any escalated system access; it makes a computer resource unavailable to its intended users. </li></ul>
  4. 4. What Is a DDoS Attack? <ul><li>uses a network of zombie computers </li></ul><ul><li>tells all the computers on his botnet to contact a specific server or Web site repeatedly. </li></ul><ul><li>The sudden increase in traffic can cause the site to load very slowly for legitimate users. </li></ul>
  5. 5. Types of DDoS Attacks <ul><li>Direct Attacks - In a DDoS attack there is at least an attacker, a victim, and an amplifying network . </li></ul><ul><li>Remote Attacks – Organized Attack using botnet </li></ul><ul><li>Reflected attack – Traffic directed from known host using reflection machenisum </li></ul><ul><li>Ping of Death - bots create huge electronic packets and sends them on to victims </li></ul><ul><li>Mailbomb - bots send a massive amount of e-mail, crashing e-mail servers </li></ul><ul><li>Smurf Attack - bots send Internet Control Message Protocol (ICMP) messages to reflectors </li></ul><ul><li>Teardrop - bots send pieces of an illegitimate packet; the victim system tries to recombine the pieces into a packet and crashes as a result </li></ul>
  6. 6. What Is a DDoS Attack?
  7. 7. How it works A botnet is a network of computers that have been infected and can be used remotely by hackers in order to carry out various attacks. Botnets: nearly 1/4 of all computers have them. They use your computer to send spam, collect personal information, or take down websites, all without your knowledge
  8. 8. Site Before the attack begin
  9. 9. Attacked
  10. 10. Server Statistics
  11. 11. Tools efficiency <ul><li>HTTP Flood Test Report </li></ul><ul><li>Date: 10/13/2011 12:51:31 PM </li></ul><ul><li>Target URL: </li></ul><ul><li>Target Port: 80 </li></ul><ul><li>Duration: 4 minutes, 14 seconds </li></ul><ul><li>Requests Issued: 81907 </li></ul><ul><li>Responses Received: 58 </li></ul><ul><li>Requests Lost: 99.93% </li></ul><ul><li>Request Rate: 322.47 requests per second </li></ul>
  12. 12. Trend of attacks <ul><li>DDoS Attacks Continue to Grow </li></ul><ul><li>Attackers today are a lot more sophisticated </li></ul><ul><li>Every organization online is a potential DDoS Target </li></ul>
  13. 13. Who will conduct DDoS Attacks? & Why? <ul><li>Personal reasons - target specific computers for revenge </li></ul><ul><li>Prestige - gain respect of hacker community </li></ul><ul><li>Material gain - damage resources </li></ul><ul><li>Political reasons - compromise enemy’s resources </li></ul>
  14. 14. Legal <ul><li>DDoS is a federal Crime and its illegal in the united states under national information infrastructure protection act 1996 </li></ul><ul><li>It’s illegal in many countries now </li></ul><ul><li>Legal battle to protect DDoS </li></ul><ul><li>There’s no such thing as a DDoS attack. A DDoS is a protest, it’s a digital sit-it. It is no different than physically occupying a space. It’s not a crime, it’s speech. </li></ul><ul><li>Nothing was malicious, there was no malware, no Trojans. This was merely a digital sit-in. It is no different from occupying the Woolworth’s lunch counter in the civil rights era. </li></ul>
  15. 15. DDOS Tools
  16. 16. Mobile DDoS
  17. 17. Business Impact Business impact System Impact Cost Of Prevention Customer Satisfaction/ Business Connectivity
  18. 18. Victim <ul><li>Application - exploit some feature of a specific application on victim host - disables legitimate client use of that application and possibly strains resources - indistinguishable from legitimate packets - semantics of application must be heavily used in detection </li></ul><ul><li>Host - disable access to the target machine completely by overloading or disabling its communication mechanism (ex: TCP SYN attack) - attack packets carry real destination address of target host </li></ul><ul><li>Network Attacks - consume incoming bandwidth of a target networks - attack packets have destination addresses within address space of network - high volume makes detection easy </li></ul><ul><li>Infrastructure - target some distributed service that is crucial for the global Internet operation or operation of a sub-network - ex: DNS server attacks </li></ul>
  19. 19. Protecting Your Business from DDoS Attacks <ul><li>Business disruptions </li></ul><ul><li>Estimates from Forrester, IDC, and the Yankee Group predict the cost of a 24-hour outage for a large e-commerce company would approach US$30 million. </li></ul><ul><li>Capacity </li></ul><ul><li>Ensure that you have adequate bandwidth on your Internet connection. You'll be able to foil many low-scale DDoS attacks by simply having enough bandwidth (and processing power) to service the requests. </li></ul><ul><li>Deploy DDoS Mitigation Plan </li></ul><ul><li>Hire Experts , draft and implement plan to mitigate the risk of been attacked </li></ul><ul><li>Prevention </li></ul><ul><li>Deploy an intrusion prevention system </li></ul>
  20. 20. DDoS Mitigation Plan <ul><li>Create a DDoS Response team </li></ul><ul><li>On-Premises DDoS Defenses are Imperative </li></ul><ul><li>Protect Your DNS Servers </li></ul><ul><li>Know Your Real Customers </li></ul><ul><li>Maintain Continuous Vigilance </li></ul>
  21. 21. Prevention (Technical) <ul><li>Proper Firewall Configuration </li></ul><ul><ul><li>Accept Only dedicated ports </li></ul></ul><ul><ul><li>Such as port 80 is reachable directly </li></ul></ul><ul><ul><li>Update Subscription </li></ul></ul><ul><li>Class Based Queuing </li></ul><ul><ul><li>Function of the Linux kernel </li></ul></ul><ul><ul><li>Setup different traffic queues </li></ul></ul><ul><ul><li>Determines what packets to put in what queue </li></ul></ul><ul><ul><li>Assign a bandwidth to each of the queue </li></ul></ul>
  22. 22. Prevention <ul><li>Traffic Monitor </li></ul><ul><ul><li>Monitor </li></ul></ul><ul><ul><ul><li>Monitors in and out packet </li></ul></ul></ul><ul><ul><ul><li>Checks the hashtable </li></ul></ul></ul><ul><ul><ul><li>Server thread </li></ul></ul></ul><ul><ul><li>Manager </li></ul></ul><ul><ul><ul><li>Analyzes the supplied data </li></ul></ul></ul><ul><ul><ul><li>Sorts the IPs in one of several classes </li></ul></ul></ul>
  23. 23. Prevention <ul><li>Traffic generated by reflector </li></ul><ul><li>Reflector enable filtering </li></ul><ul><li>Deploy trace back mechanism </li></ul><ul><li>IDS/IPS </li></ul>
  24. 24. More Tips to prevent……. <ul><li>Keep an audit trail that describes what was changed and why. </li></ul><ul><li>Create interdepartmental Standard Operating Procedures (SOPs) and Emergency Operating Procedures (EOPs). </li></ul><ul><li>Network monitoring isn't enough; your administrators must know your configuration in detail. </li></ul><ul><li>Test yourself both locally and over the Internet. </li></ul><ul><li>Your processes can harm you just like as hackers. </li></ul><ul><li>Keep people aware of old configurations and their purpose. </li></ul><ul><li>When something is different, ask why. </li></ul><ul><li>Know the trade-offs between simplicity, cost, and survivability. </li></ul><ul><li>Protect yourself against hackers. </li></ul>
  25. 25. Practical Challengers <ul><li>Distributed response needed at many points on Internet </li></ul><ul><li>- attacks target more than one host </li></ul><ul><li>- wide deployment of any defense system cannot be enforce because Internet is administered in a distributed manner </li></ul><ul><li>Economic and social factors </li></ul><ul><li>- distributed response system must be deployed by parties that do not suffer direct damage from DDoS attacks </li></ul><ul><li>- many good distributed solutions will achieve only sparse deployment </li></ul><ul><li>Lack of detailed attack information </li></ul><ul><li>- attacks scenarios are unique </li></ul><ul><li>Lack of defense system benchmarks </li></ul><ul><li>- currently no benchmark suite of attack scenarios that would enable comparison between defense systems </li></ul><ul><li>Difficulty of large-scale testing </li></ul><ul><li>- defenses need to be tested in a realistic environment </li></ul><ul><li>- lack of large-scale testbeds </li></ul>
  26. 26. Thank You ! <ul><li>Q&A </li></ul>