Protection from DDoS attack is now your responsibility, but help is at hand Mark Tilston, Senior Cyber-Security Engineer PHOENIX DATACOM 2 nd December 2014 Welcome www.phoenixdatacom.com
Phoenix Datacom, our core competencies Now in our 30 th year, Phoenix Datacom is the UK’s most technically competent provider of solutions and professional services to enhance the performance & security of cloud, physical and virtual networks. We serve customers in : Finance | Enterprises | Government/Defence | Carriers | Mobile Operators Network Data Access for Test, Monitoring & Load Balancing Solutions | Support | Professional Services Phoenix Datacom, our core competencies Locating just the data you need in order to see further return from your security and monitoring investments Application Performance Monitoring & Improvement Resolving bottlenecks and other issues before they affect the performance of applications and staff productivity Cyber-Security Protection & Testing Protecting your critical infrastructure from the threats of cyber-crime whilst saving you significant time and money Network Performance Testing & Validation Helping you to build, test, validate and monitor your business-critical cloud, physical and virtual networks Solutions to enhance the performance & security of your networks & applications
Solution demonstrations available in our…. Solutions to enhance the performance & security of your networks & applications
A sample of our customers… Solutions to enhance the performance & security of your networks & applications
Phoenix Datacom, core security solutions – Monitoring / Mediation / Remediation Remote Internet/ Worker WAN Hacker/ Intruder Perimeter Firewall: Standard FW rules x Next-Generation Firewall for Application Control 1 2 Next-Generation Intrusion Detection and Protection x Zero-Day Malware & APT Execution 3 x 4 DDoS Protection, Prevention and Mitigation x Network, LAN and Computer Forensics 5 6 Threat Vulnerability Management & Assessment Advanced Network & DC Cloaking 7 - 8 Stateful Attack Generation Site CFO CEO CISO HR Department Remote worker Finance HR Legal Exchange Intranet hot-desking Example Hosts Application Servers (on-site and in the Cloud) Solutions to enhance the performance & security of your networks & applications
Phoenix Datacom, core security solutions – Our focus today Remote Internet/ Worker WAN Hacker/ Intruder Perimeter Firewall: Standard FW rules DDoS Protection, Stateful Attack Prevention and Generation Mitigation Site CFO CEO CISO HR Department Remote worker Finance HR Legal Exchange Intranet hot-desking Example Hosts Application Servers (on-site and in the Cloud) Solutions to enhance the performance & security of your networks & applications
The focus here today… Agenda: • The latest DDoS attack threat spectrum targeting Enterprises, the Government and Financial Organisations – Arbor Networks • How local DDoS protection combined with Carrier protection provides the most effective incident response and remediation - Arbor Networks • The importance of knowing the capability of your DDoS Mitigation measures, as well as new solutions under consideration – Ixia (BreakingPoint) • A live demo of DDoS attacks against the Arbor Networks DDoS Mitigation solution for Enterprises, the Government and Financial Organisations - Phoenix Datacom. Solutions to enhance the performance & security of your networks & applications
Better Protection from DDoS attacks Darren Anstee, Director of Solution Architects ARBOR NETWORKS Solutions to enhance the performance & security of your networks & applications
Threats in the news… Cost Disruption Loss of Customer Trust Solutions to enhance the performance & security of your networks & applications
The threat space is complex… Advanced Threat Continuum New Advanced Threat Landscape Availability Integrity Confidentiality Quiet & Patient Loud & Noisy Solutions to enhance the performance & security of your networks & applications
DDoS evolution Peak Monthly Gbps of Attacks 350 325.05 300 264.61 250 200 150 100 50 0 July October July October July October July October January July January April January April January April January April April Period Average Attack % Change Peak Attack Size % Change size (bps) (bps) Q1 1.12Gbps - 325.06Gbps - Q2 759.83Mbps -32.2% 154.69Gbps -52.4% Q3 858.98Mbps +13.05% 264.61Gbps +71.1% Solutions to enhance the performance & security of your networks & applications
2014, a time for reflection… Solutions to enhance the performance & security of your networks & applications
Characteristics of an NTP Reflection/Amplification Attack Abusable Internet accessible Servers, Routers, Home CPE devices, etc . NTP Servers Solutions to enhance the performance & security of your networks & applications
Characteristics of an NTP Reflection/Amplification Attack Abusable NTP Servers Attacker sends monlist , showpeers , or other NTP level-6/-7 administrative queries with target port and spoofed IP address of target Solutions to enhance the performance & security of your networks & applications
Characteristics of an NTP Reflection/Amplification Attack Abusable NTP Servers NTP services ‘reply’ to the attack target with streams of ~468-byte packets sourced from UDP/123 to the` target; the destination port is the source port the attacker Target Port: chose while generating the NTP queries UDP/80 Or UDP/123 Solutions to enhance the performance & security of your networks & applications
2014 ATLAS Initiative : Anonymous Stats, World-Wide Other Protocols for Amplification, Q3 • Lower proportion of events for SNMP reflection this quarter compared to last. Chargen grows • Given the huge storm of NTP reflection activity, there slightly. has been some focus on other protocols that can be • Significant growth in attacks with source port used in this way. 1900 (SSDP) • Looking at attacks with source-ports of services used • Almost no attacks in Q2 for reflection. • 29506 in Q3 • DNS has been used by attackers for several years. Protocol UDP Source Percentage Max Size Average Port of Attacks Q3 Size in Q3 Q3 SNMP 161 0.03% 14.46Gbps 856Mbps Chargen 19 2% 24.8Gbps 1.05Gbps DNS 53 4% 83.9Gbps 1.7Gbps SSDP 1900 4% 124Gbps 4.04Gbps NTP 123 5% 156.3Gbps 2.99Gbps Solutions to enhance the performance & security of your networks & applications
DDoS Evolution Solutions to enhance the performance & security of your networks & applications
Ensure Availability – Layered DDoS Defense SCRUBBING CENTRE Cloud-based DDoS Protection ISP 1 DATA CENTER Cloud Signaling ISP ISP 2 Firewall IPS Load Balancer Target ISP n Applications & Services Perimeter DDoS Protection Solutions to enhance the performance & security of your networks & applications
Ensure Availability – First Layer of Defense Pravail Availability Protection System (APS) Global Internet Immediate protection from current Threats threats. Utilise ATLAS threat intelligence to - protect your organisation from the Global Network latest threats. Easy to install and deploy Easy to operationalize and deploy. - Built in bypass functionality. Detailed Servers traffic and reporting for advanced users. Enterprise (Arbor) Cloud Signaling Perimeter Integration with cloud based DDoS - protection services to provide the Files, Act automated, layered protection Packets & Flow necessary to deal with multi-vector Internal Network attacks. Files, Understand Packets & Flow Enterprise Assets Identify Solutions to enhance the performance & security of your networks & applications
Ensure Availability – Second Layer of Defense Arbor Cloud Global Tier 1 Footprint Global Carrier Agnostic Internet Threats 4 Mitigation Centers around the world. Based on Arbor proven Global mitigation technology Network Transparent operation, clear reporting BGP or DNS diversion options Reporting Portal Servers Highly experienced SOC backed Enterprise by ASERT Perimeter Clean Traffic Pricing Model Files, Act Packets Subscription to service based on & Flow Internal volume of clean traffic Network No limit of attack sizes Files, Understand Packets & Flow Enterprise Assets Identify Solutions to enhance the performance & security of your networks & applications
Arbor Networks • The Internet and security is our heritage 13+ Years • Founded from a DARPA grant of Innovation • Over 40 networking and security patents • Across 60 countries Serving The Most • Service Providers, Hosters, Fortune 50 ancials Demanding Networks and online giants • Over 400 employees around the globe Trusted Experts • >50% in Engineering, Service and Support Globally • Best in class support experts, global infrastructure • Unrivalled visibility, analysing 110Tb/sec of data ATLAS / ASERT • Well regarded security research expertise • Threat Intelligence Solutions to enhance the performance & security of your networks & applications
Recommend
More recommend
