lightning talks - cyber security congres 2016
TRANSCRIPT
ICE:%In%Case%of%EmergencyA"mobile"application"used"to"warn"people"about"an"emergency
Joey"Mosterd,"Michel"Roke,"Michel"van"der"Hoorn"and"Pedro"Lopes"Silva
Emergency%scenario
Fire"breaks"out"in"a"garage"and"the"alarm"will"only"cover"a"certain"area.
People"traveling"towards"the"emergency"are"oblivious"of"the"situation
Which"could"result"into"a"situation"like"this
But%how%can%you%reduce%the%impact?How"can"you"spread"the"news?
What"can"you"utilize"too"ensure"as"many"people"as"possible"receive"the"information"needed"to"help"contain"the"emergency?
Introducing…%
ICE%AppIn%Case%of%Emergency
• Is"a"tool"to"inform"people"in"crisis"situations
• Is"able"to"send"push"notifications"to"users
• Helps"to"reduce"crowds"in"a"crisis"situation
• Is"divided"in"two"application,"send"and"receive
• Can"be"installed"on"Android"and"iOS
ICE%App…..
Log"in"using"an"administrator"account
How%does%ICE%App%work?
Select"the"type"of"emergency
Start%broadcast
Select"or"write"a"message
Select"the"buildings"that"are"effected
Send"the"broadcast
Flexible%design
! The"application"is"designed"to"be"easily"adjusted
! It"can"be"used"as"is"with"little"effort
!Or"combined"with"existing"applications
VAN$SECURITY$AWARENESS$TRAINING
Fysieke'gamification
Door:$Tim$de$Graaf
De'mens als schakel
• Phishing$en spear@phishing
• Trojanized software$installers$(malware)
• Ddos door$misbruik van$IoT
• BYOD$vs$Shadow@it
• Focus$van$aanvallers op$de$thuisomgeving
Security'testing
• Crisisoefeningen• Ethical$hacking
• Resultaten direct$toepasbaar
• Aanspreekbaarheid
• Lastig controleerbaar• Lastig gevolgen beperken
• Lastig gewenste scenario$te bereiken• Lastig aanspreekbaarheid prettig te laten ervaren
Security'awareness'training
• Bewustzijn (dreigingen,$belang,$eigen rol)• Kennis (voorkomen,$beperken,$afhandelen)• Gedrag
• “Het$duurde te lang”• “Het$sprak niet aan”
• “Kennis blijft niet goed hangen”• “Het$doel ging langs ze heen”
Security'awareness'games
• Leuk• Interactief• Extra$motivatie• Controlen• Beheersen
• “Het$spel was$niet echt leuk”
• “Het$was$wel leuk,$maar$ik heb er niet echt iets van$geleerd”• “Dit zal in$het$echt nooit zo$gebeuren”• “Dit zal mij nooit gebeuren”
Escape'Rooms
• Leuk• Teambuilding• Educatieve inzet
• Extra$motivatie
• Barrieres• Realisme• Controleren• Beheersen
Mogelijkheden
• Cyber$security$vanuit de$aanvaller bekijken• Deelnemers elkaar laten hacken• Meekijken door$(niet@)deelnemers
• Competitie
• Herspeelbaarheid• Beloningen
• Kosten• Ruimte
• Benodigdheden• Beschikbaarheid
DDoS Attackson the Root DNS
Presented by
Ricardo de Oliveira Schmidt
November 18th, 2016 Amsterdam, Netherlands
Presentation copyright © 2016 by Ricardo de Oliveira Schmidt
CYBER SECURITY CONGRESS
Reference:
Anycast Vs. DDoS: Evaluating the November 2015 Root DNS Event
Giovane C. M. Moura, Ricardo de O. Schmidt, John Heidemann, Wouter B. de Vries, Moritz Müller, Lan Wei and Cristian Hesselman
ACM Internet Measurements Conference (IMC), Santa Monica-USA, 2016 (Technical Report ISI-TR-2016-709, USC/Information Sciences Institute)
Distributed Denial of Service
Distributed Denial of Service
?
?
? ?
Big and getting bigger2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible
Easy and getting easier2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters) offer few Gb/s @ US$ 5
Frequent and getting frequent-er2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25)
Distributed Denial of Service
Big and getting bigger2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible
Easy and getting easier2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters)
Frequent and getting frequent-er2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25)
Distributed Denial of Service
vDOS
Big and getting bigger2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible
Easy and getting easier2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters)
Frequent and getting frequent-er2002: the October 30 DNS Root event 2016: 3 recent big attacks
(2015-11-30, 2015-12-01, 2016-06-25)
Distributed Denial of Service
vDOS
Distributed Denial of Service
Image copyrights © thehackernews.com
Distributed Denial of Service
Image copyrights © thehackernews.com
"Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec"
Swati Khandelwal, thehackernews.com
"Root DNS servers DDoS'ed: was it a show off?" Yuri Ilyin, Kaspersky
"Someone Is Learning How to Take Down the Internet" Bruce Schneier, Schneier on Security
DDoS attack on the Root DNS
Peak of 35+ Gb/s 5 million queries/sec Impact was moderate
Thanks to the robustness of the whole system
The Nov. 30 Event
What was the impact?
Most letters suffered a bit (E, F, I, J, K) a lot (B, C, G, H)
Did not see attack traffic D, L, M
Problems on reachability! ... but also on performance
The Nov. 30 Event
0 2000
9000
num
ber o
f VPs
with
suc
cess
ful q
uerie
s
B C
0
5000
E F
1000
9000
G H
0
45007000
I J
0
6000
9000
0 5 10 15 20 25 30 35 40 45hours after 2015-11-30t00:00 UTC
K
0 5 10 15 20 25 30 35 40 45
A D L M
Collateral damage!
D-Root was not targeted... ... but felt the attack
The Nov. 30 Event
0
20
40
60
80
100
120
0 5 10 15 20 25 30 35 40 45
540
580
620
660
num
ber
of V
Ps
hours after 2015-11-30t00:00 UTC
D-FRA
D-SYD
D-AKL
D-DUB
D-BUR
The Root DNS handled the situation quite well... ... at no time the service was completely unreachable
Resilience of the Root DNS is not an accident... ... consequence of fault tolerant design and good engineering!
True diversity is key to avoid collateral damage
The Lessons Learned
And, What Now?Learn from the Root DNS experiences
Have in mind the possible very large DDoS attacks when... ... designing Internet systems ... improving countermeasures and mitigation strategies
It does not matter if...
... someone was showing off
... someone was testing/scanning the infrastructure
... someone is learning how to take down the Internet
It was a big wake up call, this is critical infrastructure!
Things are escalating pretty fast and apparently we are not fully aware of what we are dealing with.
Acknowledgements:
Arjen Zonneveld, Jelte Jansen, Duane Wessels, Ray Bellis, Romeo Zwart, Colin Petrie, Matt Weinberg and Piet Barber
SIDN Labs, NLnet Labs and SURFnet
Self-managing Anycast Networks for the DNS (SAND) project | http://www.sand-project.nl/ NWO DNS Anycast Security (DAS) project | http://www.das-project.nl/
[email protected] http://www.ricardoschmidt.com
CYBERDREIGINGSBEELD,2016
Onderzoek
Onderwijs
Bedrijfsvoering
3,processen
CYBERDREIGINGSBEELD,2016
Onderwijs
CYBERDREIGINGSBEELD,2016
Onderzoek
CYBERDREIGINGSBEELD,2016
Bedrijfsvoering
CYBERDREIGINGSBEELD,2016
Trends:• Phishing'• Ransomware'• DDoS• Kwetsbaarheden in'software• Responsible'Disclosure• Ketenbeveiliging
0
20
40
60
80
1 4 7 1013161922252831343740
CYBERDREIGINGSBEELD,2016
https://www.surf.nl/cyberdreigingsbeeld