Distributed Denial Of Service Introduction


Published on

presentation on DDoS and potential countermeasures for enterprise applications.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Distributed Denial Of Service Introduction

  1. 1. Distributed Denial of Service attacks (DDoS) 101
  2. 2. AGENDA ry to is H Pr o What is it? Next Step s Ba sic te ct ion ed nc va ion Ad ct te ro P
  3. 3. s ple m Exa DNS root servers attacked 2002 DNS attacks Estonia attacks 2007 commercial targets 2010 2012
  4. 4. t? is i hat W too many requests...can t handle * this actually happened at a CCC congress in Berlin
  5. 5. t? is i hat W L2 application L2 infrastructure L1 backup infrastructure L1 Level 1 : Network-based (D)DoS Level 2 : Application-level (D)DoS Level 2 : Economic (D)DoS Process (D)DoS L2
  6. 6. t? is i hat W c c c c c c c c c c c c c c some terminology: •node •command&control •recruitment •attrition •rate of growth/decay: @ L1 infrastucture main s s backup s s s s
  7. 7. t? is i hat W L2 application db server server db web server db <?xml version="1.0"?> <!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"> <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;"> <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;"> <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;"> <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;"> <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;"> <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;"> ]> <lolz>&lol9;</lolz> app app
  8. 8. c asi B tion ec rot P c c c c c c c c c c c c c c CDN @ content distribution network + no hardware limitations + no bandwidth limits + intelligence ISP main ON PREMISE backup s s s s - hardware limitations + (some) control over bandwidth + increased ‘intelligence’ s s - hardware limitations - no control over bandwidth - limited ‘intelligence’
  9. 9. d nce dva A tion ec rot P Web Application Firewall db server server web server db db app secure config secure config - cloud - devops centralized mgmt secure config app SDLC secure config
  10. 10. DN L SS S d nce dva A tion ec rot P APP XML
  11. 11. t Nex ? eps St process Incident Response • Prepare • Integrate service providers • “know your enemy” During an attack • Containment • Communications • Business Continuity After the attack • Return to normal operations • lessons learned • forensics
  12. 12. t Nex ? eps St quick wins ★ Build standard security components ★ encryption ★ AuthN/AuthZ ★ Logging ★ Input/Output validation ★ ... ★ Automate standardized processes (leverage tech) ★ deployment (including vuln scanning) ★ load balancing
  13. 13. Q&A
  14. 14. some terminology: •node •a computer recruited to the botnet and controlled by the botnet owner. •command&control (C2) •a central authority controlling the botnet, providing the nodes with instructions. •recruitment •the methods used by the botnet owner to add nodes to his botnet. •attrition •the loss of nodes from the botnet. •rate of growth/decay: size + recruitment - attrition