sample presentation title placed here presentation author ... · radware attack mitigation...
TRANSCRIPT
For the most part, in our experience, they’re the same as IPv4 based attacks.
Typically, attack scope is smaller, due to much smaller number of IPv6 hosts
on the internet
Not true for all attacks
IPv6 Attacks in the Word
Not only a IPv6 attack, but interesting because of how it came in over IPv6.
Botnet bots, query through their normal configured recursors, using random
strings which aren’t cachable
DNS cache-busted query attacks.
ex:NXDomain Attack
IPv6 Attacks in the Word
Source:cloudflare.com
IPv6 SYN Floods (and other flooding based attacks)
These attacks are very effective
IPv6 Attacks in the Word
Source:cloudflare.com
Reviews the attack vectors in 2015
5
Frequency of Network Attacks in 2015
Bandwidth of Server Attacks
Weaknesses Attacks in Organizations
DoS/DDoS也有APT???
https://en.wikipedia.org/wiki/Denial-of-service_attack#Distributed_attack
Purpose of a DDoS is to overwhelm an internet resource,to take it offline
This can be:
Volumetric (eg. High Gbps, High PPS or SYN Flooding) to overwhelm infrastructure to the
website / resource.
Application based (eg. Excessive HTTP POST or search) to overwhelm the application or
server.
A website suddenly becoming very popular can also be like a DDOS
DDoS Overview
The advanced persistent denial-of-service (APDoS) attack represents the very
best of the worst
Advanced reconnaissance
Tactical execution
Explicit motivation
Large computing capacity
access to substantial computer power and network bandwidth resources
Simultaneous multi-threaded OSI layer attacks
operating at layers 3 through 7
Persistence over extended periods
APDoS attacks Overview
APDoS-持續了解、偵查及攻擊
13
IPS/IDS/WAF/Virus Wall
APICloud Service
Service
Encryption App parameter
IP Address
Internet Pipe Firewall/UTM Load Balancer/ADC Server SQL Server
Standard
DoS/DDoS
Overload/Bypass
Auto-Learning
DoS/DDoS
Behavioral
Challenge
Bypass
Byte/Threshold
Challenge
Bypass
了解自己,提升防護能力
Layer 4 Attack
15
• 架構:
– Asymmetric or Symmetric
• Behaviroal 演算方式:
– 防護的演算方式
– 多久能進行防護
– 誤判率及防護率
– 可防護的種類
– 可同時防護的數量
• Stateful及Stateless設備的極限:
– 線上設備哪些是Stateful?哪些是Stateless?
– 誤判率及防護率
– Threshold/Byte 精準度
• 頻寬的極限:
– 多少頻寬量攻擊會造成滿載
– 頻寬Upgrade及提供清洗服務需花多少時間
• External Router的處理能力:
– 對於不同種類的Layer4攻擊,Router可負載之能力
• Server的處理能力:
– 對於不同種類的Layer4攻擊,Router可負載之能力
Layer 7 Attack
16
• Security 防護的極限:
– 防護設備於何種狀況會Overload/Bypass
– 誤判率及防護率
– Threshold/Byte的精準度
– 攻擊採樣的方式
• L7 Challenge 種類方式:
– 有多少Challenge種類及演算方式
– 多久能進行防護,是否容易Bypass
– Challenge是否會影響服務
– 可防護的種類(HTTP/HTTPS/DNS….)
– 如果Challenge失效是否有其它防護方式?
• Server/Business的狀態:
– 是否有服務進行加密或使用API?
– 哪些服務無法中斷?
– Client的連線的流程及所需保護的設備有哪些?
– ADC相關應用??
– 後端DB可負荷之能力?
Radware Attack Mitigation System/Service
Multi-vector attacks target all layers of the infrastructure
Radware AMS 彈性的解決方式
IPS/IDS
“Low & Slow” DoS
attacks (e.g.Slowloris)
Large volume network
flood attacks
Syn
Floods
Network
Scan
HTTP Floods
SSL Floods App Misuse
Brute Force
Cloud DDoS protection DoS protection Behavioral analysis IPS WAF SSL protection
Internet Pipe Firewall Load Balancer/ADC Server Under Attack SQL Server
18
XSS, CSRFSQL Injections
DefensePro 多層次防護
Behavioral-based protections
DMEDDoS Mitigation Engine
L7 Regex Acceleration
ASICMulti Purpose Multi Cores CPU’s
& Reputation Engine
Hardware Architecture – Tailored for Attack Mitigation
19
讓自動學習防護成為您真正的幫手-Layer 4 Attack
0.0%
100.0%
TCP Flag Distribution Analysis
0.0%
50.0%
100.0%TCP Flag Distribution
AnalysisRate AnalysisFlash Crowd
RST Flood
Attack
Rate Analysis
Rate/Rate Invariant Behavioral Technology Real Time Signature Technology
Closed
Feedback
INITIAL FILTER
START
MITIGATION
FINAL FILTER
0 Up to 10 sec 10+X
sec
Best Detection Accuracy Best Mitigation Accuracy Best Time to Protection
六種不同的Challenge幫您辨識駭客
21
302 Redirect、Java、 Advance Java、Cloud Java、Active/Passive Challenge互動
服務能針對使用者連線進行確認,提供了更準確及高速度的防範。一旦發現使
用者其實為攻擊主機,管理員服務就會即時進行丟棄,確保後端服務的品質及
穩定。
Detect & learnLearning stops
Characterization state
Attack detected by
Detection Engines
Detect
Suspicious
Sources
Identify Attack
Sources
Mitigation state
Block HTTP traffic
from attack sources
Attack
Termination
Detect & Learn again
Time
Learning only
HTTP Mitigator 自動化防護技術
DNS自動化防護機制
Perimeter
DefensePro
DNSFirewall IPS
Alteon
Stateless ensure Secure DNS Delivery without compromising high performance
and availability
Flood Attacks
Server Brute Force
Stateless Compliance
Tier-1
Statelessness
High Performance
Ensure Availability
Layer 7 採樣技術
Slide 24
Volumetric FTP vulnerability Attacks
FTP ServersAttacker
FTP vulnerability attacks
FTP vulnerability attacks
FTP vulnerability attacks
FTP vulnerability attacks
FTP vulnerability attacks
Suspend Attack
Source IP
強化SSL應用的安全
快速佈署,快速防護
最低延遲,最高效能
無需提交真正加密金鑰
完全自動,無須人工介入
Radware DefenseSSL進階防護
獨特的SSL攻擊緩解解決方案
25
效能監控,確保服務品質
Datacenter Application Dashboard View:
Presents current and time-series
application performance data in the
datacenter in the left and right panes,
respectively
Hovering over a transaction
presents the volume and the
%SLA and allows to drill-
down to the transaction
details
APSolute Vision協助IT人員更容易管理:
彈性即時判別,分類,與反應攻擊事件與風險
靈活性依照用戶別提供即時監控表與歷史報表功能
效率性簡易管理資料中心設備提升IT生產力
集中控管政策建立, 管理, 及分派加強政策部署的穩定及速度全面控管並可滿足區域性的管理要求
最簡易的管理
27
Emergency Response Team (ERT)-You’re not alone
Protecting against top
attack campaigns
Emergency Response Team (ERT)
- 24x7 team of security experts for
fast mitigation under attack
28
Thanks!