CyberWarfare Defense against Penetration T esting and distributed - - PowerPoint PPT Presentation

▶

Sep 16, 2022 23 likes •267 views

CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks The Foundation of Network Security Stand-alone (ISP/Carrier Server Farm) modular TIPS for Perimeter Defense We brought a prototype for you!

SLIDE 1

CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks

The Foundation of Network Security

SLIDE 2

Stand-alone (ISP/Carrier – Server Farm) modular “TIPS” for Perimeter Defense We brought a prototype for you!

SLIDE 3

Presentation Overview

1. Penetration Testing & dDoS Attacks
a quick overview
2. iSecure Technology – Overview of Core System
3. iSecure applied: Penetration Testing Defense
4. iSecure applied: dDoS Defense
5. iSecure Development: anti-Virus, anti-SPAM
6. Practical Applications in current production
7. More Information, White Paper, Demonstrations

SLIDE 4

The Threat

Penetration Testing & dDoS Attacks

Ongoing IP Scans to determine & exploit

vulnerabilities

Penetration Testing provides the “road

map” for subsequent attacks

dDoS attack take advantage of

vulnerabilities

dDoS cause wide-spread outages and

damages (economically, politically, etc).

SLIDE 5

Defense against Penetration Testing?

None geared towards this purpose
Firewalls limit TCP/UDP ports, but leave

those open which need to pass trafc (Web, E-Mail, FTP, SSH, …)

Scanning Tools (NMAP, Nessus, etc.) can

map routers, frewalls, and all systems behind a frewall through open ports, determine Hardware, OSs, Confguration

SLIDE 6

Existing Defense Approaches?

ALL existing solutions are re-active:
Signature-based trafc

comparison/matching – fnds only known attacks

Bandwidth Averaging: requires “learning”,

applies QoS methods, which cut of valid trafc spikes and aid dDoS attacks by “drowning out” the good trafc

SLIDE 7

Existing Defenses? (Cont’d)

Router ACL modifcation works only

against defnable trafc, very slow, may require manual SysAdmin interaction – dDoS damage is done within seconds

ICMP port blocking defends against

some attacks, but application-level attacks share bandwidth with valid trafc, so port blocking does not help

SLIDE 8

The iSecure CORE Technology

Real-time Performance (6ns to 6ms)
Signature-free
No Confguration, defends instantly
Stateless (!) – no attackable tables
Undetectable
Cannot be compromised
No MAC address / No IP Number

SLIDE 9

Defending at Layer 2

SLIDE 10

Works as In-Line-Scanner

SLIDE 11

Real-Time Decisions

Bit-Stream Engine “prepares” and slices Data for parallel Processing. Decision Engine applies the iSecure algorithm

SLIDE 12

Prepared Data “Slices” are fed to the Decision Engine

SLIDE 13

iSecure Decision Engine applies algorithm

SLIDE 14

iSecure Algorithm “tags” data slices based on 3-dimensional model

Slice of the decision matrix 2-dimensional model

SLIDE 15

Re-Assembly of Data Slices

SLIDE 16

Parallel Processing of Streams

SLIDE 17

iSecure Technology Applied:

Penetration Testing Defense

(“Infrastructure Cloaking”)

Distributed Denial-of-Service Defense

In Development:

iSecure Anti-Virus
iSecure Anti-SPAM (UCE) E-Mail

SLIDE 18

Penetration Testing Defense

Recognizes & Intercepts Penetration Testing

probes

Reports all ports as “open”
Provides no Hardware/OS/Confguration
“Mirrors” the Attacker’s own confguration back
NMAP OS Guessing Score always the highest:

9,999,999

Attacker does not know what the infrastructure

looks like, and cannot target an attack or explore specifc vulnerabilities

SLIDE 19

Denial-of-Service Defense

iSecure recognizes “good” from “bad”

trafc, discards the bad, and allows the good trafc to go through

Defends against all three types of dDoS

attacks: bandwidth fooding, TCP/IP stack attacks, application-level attacks

Defends against KNOWN and UNKNOWN

dDoS attacks, incl. Synk4, etc.

SLIDE 20

iSecure “TIPS”

True Intrusion Prevention System

SLIDE 21

Current Production Example: eCommerce

eCommerce Hosting Provider

– Under constant dDoS attacks, web sites unavailable for days – iSecure deployment instantly defended against the dDoS attacks; web sites have been always available since

SLIDE 22

Current Production Example Keeping E-Mail Flowing

SPAM Blacklist Provider OsiruSoft

permanently shut down, resulting in e- mail outages for FTC and many other users

All other blacklist providers under dDoS

attacks (SORBS, EazyNet, DSBL)

SoBig.F linked to Spam Blacklist attacks,

exploiting the network of compromised machines

SLIDE 23

Attacks on BlackList ISPs

iSecure systems are being deployed at

SORBS in Brisbane, Australia, and Connecticut

Defending against dDoS attacks, keeping

anti-SPAM blacklist providers on the net

Allowing Government and Corporate E-

Mail systems to check against Blacklists to eliminate Spam

CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks

The Foundation of Network Security

Stand-alone (ISP/Carrier – Server Farm) modular “TIPS” for Perimeter Defense We brought a prototype for you!

Presentation Overview

The Threat

Penetration Testing & dDoS Attacks

vulnerabilities

map” for subsequent attacks

vulnerabilities

damages (economically, politically, etc).

Defense against Penetration Testing?

those open which need to pass trafc (Web, E-Mail, FTP, SSH, …)

map routers, frewalls, and all systems behind a frewall through open ports, determine Hardware, OSs, Confguration

Existing Defense Approaches?

comparison/matching – fnds only known attacks

applies QoS methods, which cut of valid trafc spikes and aid dDoS attacks by “drowning out” the good trafc

Existing Defenses? (Cont’d)

against defnable trafc, very slow, may require manual SysAdmin interaction – dDoS damage is done within seconds

some attacks, but application-level attacks share bandwidth with valid trafc, so port blocking does not help

The iSecure CORE Technology

Defending at Layer 2

Works as In-Line-Scanner

Real-Time Decisions

Bit-Stream Engine “prepares” and slices Data for parallel Processing. Decision Engine applies the iSecure algorithm

Prepared Data “Slices” are fed to the Decision Engine

iSecure Decision Engine applies algorithm

iSecure Algorithm “tags” data slices based on 3-dimensional model

Slice of the decision matrix 2-dimensional model

Re-Assembly of Data Slices

Parallel Processing of Streams

iSecure Technology Applied:

(“Infrastructure Cloaking”)

In Development:

Penetration Testing Defense

probes

9,999,999

looks like, and cannot target an attack or explore specifc vulnerabilities

Denial-of-Service Defense

trafc, discards the bad, and allows the good trafc to go through

attacks: bandwidth fooding, TCP/IP stack attacks, application-level attacks

dDoS attacks, incl. Synk4, etc.

iSecure “TIPS”

True Intrusion Prevention System

Current Production Example: eCommerce

– Under constant dDoS attacks, web sites unavailable for days – iSecure deployment instantly defended against the dDoS attacks; web sites have been always available since

Current Production Example Keeping E-Mail Flowing

permanently shut down, resulting in e- mail outages for FTC and many other users

attacks (SORBS, EazyNet, DSBL)

exploiting the network of compromised machines

Attacks on BlackList ISPs

SORBS in Brisbane, Australia, and Connecticut

anti-SPAM blacklist providers on the net

Mail systems to check against Blacklists to eliminate Spam

More Information & Demo

Melior F.I.R.E CD

For live comparison and product testing

WHITE PAPER

per request

Demonstration s

Live on the Internet Or On-Site

www.dDoS.com Demo-Video

Live on the Internet At www.dDoS.com Or as DVD per request