SlideShare una empresa de Scribd logo

Security Bootcamp 2013 mitigate d do-s attack with effective cost

Security Bootcamp
Security Bootcamp
Tecnología
1 de 30
Descargar para leer sin conexión
Mitigate DDoS attack with effective cost Nguyễn Chấn Việt
Đơn vị tổ chức: Đơn vị tài trợ:
The Growth of DDoS Attacks • Malware • Exploit 10/28/2013 11:58 AM www.securitybootcamp.vn
Classification • Volume Based Attacks –The attacker tries to saturate the bandwidth of the target’s website by flooding it with a huge quantity of data. This category includes ICMP floods, UDP floods and other spoofed-packet floods. The magnitude of Volume Based Attacks is measured in bits per second (Bps). • Protocol Attacks –The attacker’s goal is to saturate the target’s server resources or those of intermediate communication equipment (e.g., Load balancers) by exploiting network protocol flaws. This category includes SYN floods, Ping of Death, fragmented packet attacks, Smurf DDoS and more. The magnitude of Protocol Attacks is measured in Packets per second. • Application Layer (Layer 7) Attacks – Designed to exhaust the resource limits of Web services, application layer attacks target specific web applications, flooding them with a huge quantity of HTTP requests that saturate a target’s resources. Examples of application layer DDoS attacks include Slowloris, as well as DDoS attacks that target Apache, Windows, or OpenBSD vulnerabilities. The magnitude of application layer attacks is measured in Requests per second. 10/28/2013 11:58 AM www.securitybootcamp.vn
What we care ? • Exhausting resources like: – CPU – Memory/Buffers – I/O operations – Disk space – Network bandwidth 10/28/2013 11:58 AM www.securitybootcamp.vn
Where to start ? • Go through all devices on network, from L2 switches to backend servers and identify possible leaks, bottlenecks, attack vectors, applicable DoS attacks, vulnerabilities ... and mitigate or (rate)limit them 10/28/2013 11:58 AM www.securitybootcamp.vn
Infrastructure • Hosting and VM is not good idea 10/28/2013 11:58 AM www.securitybootcamp.vn
[1] 10/28/2013 11:58 AM www.securitybootcamp.vn
Architecture • Rule: Defence in depth (multi-layer) 10/28/2013 11:58 AM www.securitybootcamp.vn
OS Tuning • *nix is good choice • Rule : If not used, turn off 10/28/2013 11:58 AM www.securitybootcamp.vn
/etc/sysctl.conf tuning • net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 2 net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.tcp_rmem = 4096 87380 1048576 net.ipv4.tcp_wmem = 4096 16384 1048576 net.ipv4.tcp_max_orphans = 2048 10/28/2013 11:58 AM www.securitybootcamp.vn
Layer 3-4 • Stateful Firewall – Iptables – Tuning connections tracking • Rule : Deny all, allow selective 10/28/2013 11:58 AM www.securitybootcamp.vn
Layer 7 • WAF : to filter what firewall missed at IP layer – Mod_security • Why not snort ? 10/28/2013 11:58 AM www.securitybootcamp.vn
Layer 7 • Choosing webserver – Nginx is the best • Tuning webserver – Improve Apache with mod_reqtimeout • Caching is very important – Static cache – memcached 10/28/2013 11:58 AM www.securitybootcamp.vn
Patching • Keep Your System Up-to-date • Example : – Slowloris : based on missing CRLF – Slow Read attack : based on TCP persist timer exploit – Apache Range Header attack 10/28/2013 11:58 AM www.securitybootcamp.vn
Proactive with NSM • Logs is very important • My suggestion : Syslog-ng + Splunk 10/28/2013 11:58 AM www.securitybootcamp.vn
Proactive with NSM 10/28/2013 11:58 AM www.securitybootcamp.vn
Proactive with NSM 10/28/2013 11:58 AM www.securitybootcamp.vn
Proactive with NSM • Alternative : Logstash is a free tool for managing events and logs. It has three primary components, an Input module for collecting logs from various sources 10/28/2013 11:58 AM ElasticSearch is this awesome distributable, RESTful, free Lucene powered search engine/server. Unlike SOLR, ES is very simple to use and maintain and similar to SOLR, indexing is near realtime. www.securitybootcamp.vn Kibana is a presentation layer that sits on top of Elasticsearch to analyze and make sense of logs that logstash throws into Elastic search; Kibana is a highly scalable interface for Logstash and ElasticSearch that allows you to efficiently search, graph, analyze and otherwise make sense of a mountain of logs.
Proactive with NSM 10/28/2013 11:58 AM www.securitybootcamp.vn
[2] Case Study 10/28/2013 11:58 AM www.securitybootcamp.vn
Our suggestion • Diagram 10/28/2013 11:58 AM www.securitybootcamp.vn
Our suggestion • Router with high throughput • reverse proxy servers : – 32Gb RAM, 10Gb NIC, Quad Core I7, SSD disk (for internal I/O better) – Linux OS, running IPTables + apache (worker MPM) + mod_security 10/28/2013 11:58 AM www.securitybootcamp.vn
Our suggestion • cache servers : – Using SSD Disk – Application cache (ex : xcache/APC for PHP, …) – Generic cache : Apache Traffic Server 10/28/2013 11:58 AM www.securitybootcamp.vn
Cloud-based Solutions • For large DDoS attack (e.g Spamhaus was DDoS by 300Gb/s of traffic), we need a third-party : – Incapsula – CloudFlare 10/28/2013 11:58 AM www.securitybootcamp.vn
Cloud-based Solutions 10/28/2013 11:58 AM www.securitybootcamp.vn
Simple but effective • If you can determine C&C servers, just null route them 10/28/2013 11:58 AM www.securitybootcamp.vn
Testing • Test your network and devices by simulating real DoS attack (LOIC/HOIC, hping, slowhttptest, thc-ssl-dos, pktgen, ... ) 10/28/2013 11:58 AM www.securitybootcamp.vn
Conclusion • This approach is not “silver bullet” for preventing DDoS attacks • There isn’t “a technique” for mitigrating DDoS – DDoS Mitigation = Hardened System + Money 10/28/2013 11:58 AM www.securitybootcamp.vn
Thank you ! 10/28/2013 11:58 AM www.securitybootcamp.vn

Recomendados

Performance Engineering Requirements
Performance Engineering RequirementsPerformance Engineering Requirements
Performance Engineering Requirementssrivinayak
 
OpenNebulaConf2015 2.14 Cloud Service Experience in TeideHPC Infrastructure -...
OpenNebulaConf2015 2.14 Cloud Service Experience in TeideHPC Infrastructure -...OpenNebulaConf2015 2.14 Cloud Service Experience in TeideHPC Infrastructure -...
OpenNebulaConf2015 2.14 Cloud Service Experience in TeideHPC Infrastructure -...OpenNebula Project
 
Buffer overflows
Buffer overflowsBuffer overflows
Buffer overflowsSandun Perera
 
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...OpenNebula Project
 
Spanner - Google distributed database
Spanner - Google distributed databaseSpanner - Google distributed database
Spanner - Google distributed databaseAbhra Basak
 
Linux Device Driver v3 [Chapter 1]
Linux Device Driver v3 [Chapter 1]Linux Device Driver v3 [Chapter 1]
Linux Device Driver v3 [Chapter 1]Anupam Datta
 
Linux Locking Mechanisms
Linux Locking MechanismsLinux Locking Mechanisms
Linux Locking MechanismsKernel TLV
 
Linux Device Driver v3 [Chapter 2]
Linux Device Driver v3 [Chapter 2]Linux Device Driver v3 [Chapter 2]
Linux Device Driver v3 [Chapter 2]Anupam Datta
 

Recomendados

Performance Engineering Requirements
Performance Engineering RequirementsPerformance Engineering Requirements
Performance Engineering Requirementssrivinayak
 
OpenNebulaConf2015 2.14 Cloud Service Experience in TeideHPC Infrastructure -...
OpenNebulaConf2015 2.14 Cloud Service Experience in TeideHPC Infrastructure -...OpenNebulaConf2015 2.14 Cloud Service Experience in TeideHPC Infrastructure -...
OpenNebulaConf2015 2.14 Cloud Service Experience in TeideHPC Infrastructure -...OpenNebula Project
 
Buffer overflows
Buffer overflowsBuffer overflows
Buffer overflowsSandun Perera
 
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...OpenNebula Project
 
Spanner - Google distributed database
Spanner - Google distributed databaseSpanner - Google distributed database
Spanner - Google distributed databaseAbhra Basak
 
Linux Device Driver v3 [Chapter 1]
Linux Device Driver v3 [Chapter 1]Linux Device Driver v3 [Chapter 1]
Linux Device Driver v3 [Chapter 1]Anupam Datta
 
Linux Locking Mechanisms
Linux Locking MechanismsLinux Locking Mechanisms
Linux Locking MechanismsKernel TLV
 
Linux Device Driver v3 [Chapter 2]
Linux Device Driver v3 [Chapter 2]Linux Device Driver v3 [Chapter 2]
Linux Device Driver v3 [Chapter 2]Anupam Datta
 
SCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khaiSCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khaiSecurity Bootcamp
 
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp
 
Security Bootcamp 2013 lap trinh web an toan
Security Bootcamp 2013 lap trinh web an toanSecurity Bootcamp 2013 lap trinh web an toan
Security Bootcamp 2013 lap trinh web an toanSecurity Bootcamp
 
Security Bootcamp 2013 - Lap trinh web an toan
Security Bootcamp 2013 - Lap trinh web an toanSecurity Bootcamp 2013 - Lap trinh web an toan
Security Bootcamp 2013 - Lap trinh web an toanSecurity Bootcamp
 
Security Bootcamp 2013 - Timing info-leak made easy - Quan Minh Tâm
Security Bootcamp 2013 - Timing info-leak made easy - Quan Minh TâmSecurity Bootcamp 2013 - Timing info-leak made easy - Quan Minh Tâm
Security Bootcamp 2013 - Timing info-leak made easy - Quan Minh TâmSecurity Bootcamp
 
Security Bootcamp 2013 - Thiết bị không dây không chỉ phát sóng không dây - T...
Security Bootcamp 2013 - Thiết bị không dây không chỉ phát sóng không dây - T...Security Bootcamp 2013 - Thiết bị không dây không chỉ phát sóng không dây - T...
Security Bootcamp 2013 - Thiết bị không dây không chỉ phát sóng không dây - T...Security Bootcamp
 
Security Bootcamp 2013 - Mô hình ứng dụng hội chẩn mã độc trực tuyến trong ...
Security Bootcamp 2013 - Mô hình ứng dụng hội chẩn mã độc trực tuyến trong ...Security Bootcamp 2013 - Mô hình ứng dụng hội chẩn mã độc trực tuyến trong ...
Security Bootcamp 2013 - Mô hình ứng dụng hội chẩn mã độc trực tuyến trong ...Security Bootcamp
 
Security Bootcamp 2013 penetration testing (basic)
Security Bootcamp 2013 penetration testing (basic)Security Bootcamp 2013 penetration testing (basic)
Security Bootcamp 2013 penetration testing (basic)Security Bootcamp
 
Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Ch...
Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Ch...Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Ch...
Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Ch...Security Bootcamp
 
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp
 
Security Bootcamp 2013 - Giải pháp phát hiện xâm nhập mạng không dây - WIDS -...
Security Bootcamp 2013 - Giải pháp phát hiện xâm nhập mạng không dây - WIDS -...Security Bootcamp 2013 - Giải pháp phát hiện xâm nhập mạng không dây - WIDS -...
Security Bootcamp 2013 - Giải pháp phát hiện xâm nhập mạng không dây - WIDS -...Security Bootcamp
 
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)Security Bootcamp
 
SBC 2012 - Một số thuật toán phân lớp và ứng dụng trong IDS (Nguyễn Đình Chiểu)
SBC 2012 - Một số thuật toán phân lớp và ứng dụng trong IDS (Nguyễn Đình Chiểu)SBC 2012 - Một số thuật toán phân lớp và ứng dụng trong IDS (Nguyễn Đình Chiểu)
SBC 2012 - Một số thuật toán phân lớp và ứng dụng trong IDS (Nguyễn Đình Chiểu)Security Bootcamp
 
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)Security Bootcamp
 
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...Security Bootcamp
 
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)Security Bootcamp
 
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...Security Bootcamp
 
SBC 2012 - Linux Hardening (Mẫn Thắng)
SBC 2012 - Linux Hardening (Mẫn Thắng)SBC 2012 - Linux Hardening (Mẫn Thắng)
SBC 2012 - Linux Hardening (Mẫn Thắng)Security Bootcamp
 
SBC 2012 - Database Security (Nguyễn Thanh Tùng)
SBC 2012 - Database Security (Nguyễn Thanh Tùng)SBC 2012 - Database Security (Nguyễn Thanh Tùng)
SBC 2012 - Database Security (Nguyễn Thanh Tùng)Security Bootcamp
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)Security Bootcamp
 
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7allanjude
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.pptEllenSutiyem
 

Más contenido relacionado

Destacado

SCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khaiSCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khaiSecurity Bootcamp
 
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp
 
Security Bootcamp 2013 lap trinh web an toan
Security Bootcamp 2013 lap trinh web an toanSecurity Bootcamp 2013 lap trinh web an toan
Security Bootcamp 2013 lap trinh web an toanSecurity Bootcamp
 
Security Bootcamp 2013 - Lap trinh web an toan
Security Bootcamp 2013 - Lap trinh web an toanSecurity Bootcamp 2013 - Lap trinh web an toan
Security Bootcamp 2013 - Lap trinh web an toanSecurity Bootcamp
 
Security Bootcamp 2013 - Timing info-leak made easy - Quan Minh Tâm
Security Bootcamp 2013 - Timing info-leak made easy - Quan Minh TâmSecurity Bootcamp 2013 - Timing info-leak made easy - Quan Minh Tâm
Security Bootcamp 2013 - Timing info-leak made easy - Quan Minh TâmSecurity Bootcamp
 
Security Bootcamp 2013 - Thiết bị không dây không chỉ phát sóng không dây - T...
Security Bootcamp 2013 - Thiết bị không dây không chỉ phát sóng không dây - T...Security Bootcamp 2013 - Thiết bị không dây không chỉ phát sóng không dây - T...
Security Bootcamp 2013 - Thiết bị không dây không chỉ phát sóng không dây - T...Security Bootcamp
 
Security Bootcamp 2013 - Mô hình ứng dụng hội chẩn mã độc trực tuyến trong ...
Security Bootcamp 2013 - Mô hình ứng dụng hội chẩn mã độc trực tuyến trong ...Security Bootcamp 2013 - Mô hình ứng dụng hội chẩn mã độc trực tuyến trong ...
Security Bootcamp 2013 - Mô hình ứng dụng hội chẩn mã độc trực tuyến trong ...Security Bootcamp
 
Security Bootcamp 2013 penetration testing (basic)
Security Bootcamp 2013 penetration testing (basic)Security Bootcamp 2013 penetration testing (basic)
Security Bootcamp 2013 penetration testing (basic)Security Bootcamp
 
Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Ch...
Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Ch...Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Ch...
Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Ch...Security Bootcamp
 
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp
 
Security Bootcamp 2013 - Giải pháp phát hiện xâm nhập mạng không dây - WIDS -...
Security Bootcamp 2013 - Giải pháp phát hiện xâm nhập mạng không dây - WIDS -...Security Bootcamp 2013 - Giải pháp phát hiện xâm nhập mạng không dây - WIDS -...
Security Bootcamp 2013 - Giải pháp phát hiện xâm nhập mạng không dây - WIDS -...Security Bootcamp
 
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)Security Bootcamp
 
SBC 2012 - Một số thuật toán phân lớp và ứng dụng trong IDS (Nguyễn Đình Chiểu)
SBC 2012 - Một số thuật toán phân lớp và ứng dụng trong IDS (Nguyễn Đình Chiểu)SBC 2012 - Một số thuật toán phân lớp và ứng dụng trong IDS (Nguyễn Đình Chiểu)
SBC 2012 - Một số thuật toán phân lớp và ứng dụng trong IDS (Nguyễn Đình Chiểu)Security Bootcamp
 
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)Security Bootcamp
 
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...Security Bootcamp
 
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)Security Bootcamp
 
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...Security Bootcamp
 
SBC 2012 - Linux Hardening (Mẫn Thắng)
SBC 2012 - Linux Hardening (Mẫn Thắng)SBC 2012 - Linux Hardening (Mẫn Thắng)
SBC 2012 - Linux Hardening (Mẫn Thắng)Security Bootcamp
 
SBC 2012 - Database Security (Nguyễn Thanh Tùng)
SBC 2012 - Database Security (Nguyễn Thanh Tùng)SBC 2012 - Database Security (Nguyễn Thanh Tùng)
SBC 2012 - Database Security (Nguyễn Thanh Tùng)Security Bootcamp
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)Security Bootcamp
 

Destacado (20)

SCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khaiSCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khai
 
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
 
Security Bootcamp 2013 lap trinh web an toan
Security Bootcamp 2013 lap trinh web an toanSecurity Bootcamp 2013 lap trinh web an toan
Security Bootcamp 2013 lap trinh web an toan
 
Security Bootcamp 2013 - Lap trinh web an toan
Security Bootcamp 2013 - Lap trinh web an toanSecurity Bootcamp 2013 - Lap trinh web an toan
Security Bootcamp 2013 - Lap trinh web an toan
 
Security Bootcamp 2013 - Timing info-leak made easy - Quan Minh Tâm
Security Bootcamp 2013 - Timing info-leak made easy - Quan Minh TâmSecurity Bootcamp 2013 - Timing info-leak made easy - Quan Minh Tâm
Security Bootcamp 2013 - Timing info-leak made easy - Quan Minh Tâm
 
Security Bootcamp 2013 - Thiết bị không dây không chỉ phát sóng không dây - T...
Security Bootcamp 2013 - Thiết bị không dây không chỉ phát sóng không dây - T...Security Bootcamp 2013 - Thiết bị không dây không chỉ phát sóng không dây - T...
Security Bootcamp 2013 - Thiết bị không dây không chỉ phát sóng không dây - T...
 
Security Bootcamp 2013 - Mô hình ứng dụng hội chẩn mã độc trực tuyến trong ...
Security Bootcamp 2013 - Mô hình ứng dụng hội chẩn mã độc trực tuyến trong ...Security Bootcamp 2013 - Mô hình ứng dụng hội chẩn mã độc trực tuyến trong ...
Security Bootcamp 2013 - Mô hình ứng dụng hội chẩn mã độc trực tuyến trong ...
 
Security Bootcamp 2013 penetration testing (basic)
Security Bootcamp 2013 penetration testing (basic)Security Bootcamp 2013 penetration testing (basic)
Security Bootcamp 2013 penetration testing (basic)
 
Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Ch...
Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Ch...Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Ch...
Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Ch...
 
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
 
Security Bootcamp 2013 - Giải pháp phát hiện xâm nhập mạng không dây - WIDS -...
Security Bootcamp 2013 - Giải pháp phát hiện xâm nhập mạng không dây - WIDS -...Security Bootcamp 2013 - Giải pháp phát hiện xâm nhập mạng không dây - WIDS -...
Security Bootcamp 2013 - Giải pháp phát hiện xâm nhập mạng không dây - WIDS -...
 
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)
Security Bootcamp 2012 - Bảo vệ Web App với Mod Security (Sử Hoàng Sơn)
 
SBC 2012 - Một số thuật toán phân lớp và ứng dụng trong IDS (Nguyễn Đình Chiểu)
SBC 2012 - Một số thuật toán phân lớp và ứng dụng trong IDS (Nguyễn Đình Chiểu)SBC 2012 - Một số thuật toán phân lớp và ứng dụng trong IDS (Nguyễn Đình Chiểu)
SBC 2012 - Một số thuật toán phân lớp và ứng dụng trong IDS (Nguyễn Đình Chiểu)
 
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)
SBC 2012 - Phát hiện tấn công DDoS sử dụng mạng Neural (Trần Nguyên Ngọc)
 
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...
SBC 2012 - Penetration Testting với Backtrack 5 (Nguyễn Phương Trường Anh + N...
 
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
 
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...
SBC 2012 - Lỗ hổng trong cài đặt giao thức OAuth và nguy cơ với người dùng (N...
 
SBC 2012 - Linux Hardening (Mẫn Thắng)
SBC 2012 - Linux Hardening (Mẫn Thắng)SBC 2012 - Linux Hardening (Mẫn Thắng)
SBC 2012 - Linux Hardening (Mẫn Thắng)
 
SBC 2012 - Database Security (Nguyễn Thanh Tùng)
SBC 2012 - Database Security (Nguyễn Thanh Tùng)SBC 2012 - Database Security (Nguyễn Thanh Tùng)
SBC 2012 - Database Security (Nguyễn Thanh Tùng)
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
 

Similar a Security Bootcamp 2013 mitigate d do-s attack with effective cost

EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7allanjude
 
6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)NAIM Networks, Inc.
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
 
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...Ian Choi
 
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...Imperva Incapsula
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPROIDEA
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Abhishek Kumar
 
An improved ip traceback mechanism for network
An improved ip traceback mechanism for networkAn improved ip traceback mechanism for network
An improved ip traceback mechanism for networkeSAT Publishing House
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Fwdays
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposPriyanka Aash
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsRod Soto
 
ING CoreIntel - collect and process network logs across data centers in near ...
ING CoreIntel - collect and process network logs across data centers in near ...ING CoreIntel - collect and process network logs across data centers in near ...
ING CoreIntel - collect and process network logs across data centers in near ...Evention
 
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18Casey Bisson
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesSagi Brody
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonPavel Odintsov
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesAlexander Penev
 

Similar a Security Bootcamp 2013 mitigate d do-s attack with effective cost (20)

EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.ppt
 
6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
 
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
 
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)
 
IJCSE Paper
IJCSE PaperIJCSE Paper
IJCSE Paper
 
An improved ip traceback mechanism for network
An improved ip traceback mechanism for networkAn improved ip traceback mechanism for network
An improved ip traceback mechanism for network
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
 
ING CoreIntel - collect and process network logs across data centers in near ...
ING CoreIntel - collect and process network logs across data centers in near ...ING CoreIntel - collect and process network logs across data centers in near ...
ING CoreIntel - collect and process network logs across data centers in near ...
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmon
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE Architectures
 

Más de Security Bootcamp

Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfSecurity Bootcamp
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecuritySecurity Bootcamp
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewSecurity Bootcamp
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSecurity Bootcamp
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrSecurity Bootcamp
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-wantSecurity Bootcamp
 
Macro malware common techniques - public
Macro malware common techniques - publicMacro malware common techniques - public
Macro malware common techniques - publicSecurity Bootcamp
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Tim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuTim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuSecurity Bootcamp
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 costSecurity Bootcamp
 
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectorySecurity Bootcamp
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018Security Bootcamp
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksSecurity Bootcamp
 
Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Security Bootcamp
 

Más de Security Bootcamp (20)

Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurity
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
 
Deception change-the-game
Deception change-the-gameDeception change-the-game
Deception change-the-game
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdr
 
Sbc2019 luong-cyber startup
Sbc2019 luong-cyber startupSbc2019 luong-cyber startup
Sbc2019 luong-cyber startup
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-want
 
Macro malware common techniques - public
Macro malware common techniques - publicMacro malware common techniques - public
Macro malware common techniques - public
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Tim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuTim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cu
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 cost
 
Build SOC
Build SOC Build SOC
Build SOC
 
AD red vs blue
AD red vs blueAD red vs blue
AD red vs blue
 
Securitybox
SecurityboxSecuritybox
Securitybox
 
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
 
Api security-present
Api security-presentApi security-present
Api security-present
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
 
Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Último (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Security Bootcamp 2013 mitigate d do-s attack with effective cost

  • 1. Mitigate DDoS attack with effective cost Nguyễn Chấn Việt
  • 2. Đơn vị tổ chức: Đơn vị tài trợ:
  • 3. The Growth of DDoS Attacks • Malware • Exploit 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 4. Classification • Volume Based Attacks –The attacker tries to saturate the bandwidth of the target’s website by flooding it with a huge quantity of data. This category includes ICMP floods, UDP floods and other spoofed-packet floods. The magnitude of Volume Based Attacks is measured in bits per second (Bps). • Protocol Attacks –The attacker’s goal is to saturate the target’s server resources or those of intermediate communication equipment (e.g., Load balancers) by exploiting network protocol flaws. This category includes SYN floods, Ping of Death, fragmented packet attacks, Smurf DDoS and more. The magnitude of Protocol Attacks is measured in Packets per second. • Application Layer (Layer 7) Attacks – Designed to exhaust the resource limits of Web services, application layer attacks target specific web applications, flooding them with a huge quantity of HTTP requests that saturate a target’s resources. Examples of application layer DDoS attacks include Slowloris, as well as DDoS attacks that target Apache, Windows, or OpenBSD vulnerabilities. The magnitude of application layer attacks is measured in Requests per second. 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 5. What we care ? • Exhausting resources like: – CPU – Memory/Buffers – I/O operations – Disk space – Network bandwidth 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 6. Where to start ? • Go through all devices on network, from L2 switches to backend servers and identify possible leaks, bottlenecks, attack vectors, applicable DoS attacks, vulnerabilities ... and mitigate or (rate)limit them 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 7. Infrastructure • Hosting and VM is not good idea 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 9. Architecture • Rule: Defence in depth (multi-layer) 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 10. OS Tuning • *nix is good choice • Rule : If not used, turn off 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 11. /etc/sysctl.conf tuning • net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 2 net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.tcp_rmem = 4096 87380 1048576 net.ipv4.tcp_wmem = 4096 16384 1048576 net.ipv4.tcp_max_orphans = 2048 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 12. Layer 3-4 • Stateful Firewall – Iptables – Tuning connections tracking • Rule : Deny all, allow selective 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 13. Layer 7 • WAF : to filter what firewall missed at IP layer – Mod_security • Why not snort ? 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 14. Layer 7 • Choosing webserver – Nginx is the best • Tuning webserver – Improve Apache with mod_reqtimeout • Caching is very important – Static cache – memcached 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 15. Patching • Keep Your System Up-to-date • Example : – Slowloris : based on missing CRLF – Slow Read attack : based on TCP persist timer exploit – Apache Range Header attack 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 16. Proactive with NSM • Logs is very important • My suggestion : Syslog-ng + Splunk 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 17. Proactive with NSM 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 18. Proactive with NSM 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 19. Proactive with NSM • Alternative : Logstash is a free tool for managing events and logs. It has three primary components, an Input module for collecting logs from various sources 10/28/2013 11:58 AM ElasticSearch is this awesome distributable, RESTful, free Lucene powered search engine/server. Unlike SOLR, ES is very simple to use and maintain and similar to SOLR, indexing is near realtime. www.securitybootcamp.vn Kibana is a presentation layer that sits on top of Elasticsearch to analyze and make sense of logs that logstash throws into Elastic search; Kibana is a highly scalable interface for Logstash and ElasticSearch that allows you to efficiently search, graph, analyze and otherwise make sense of a mountain of logs.
  • 20. Proactive with NSM 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 21. [2] Case Study 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 22. Our suggestion • Diagram 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 23. Our suggestion • Router with high throughput • reverse proxy servers : – 32Gb RAM, 10Gb NIC, Quad Core I7, SSD disk (for internal I/O better) – Linux OS, running IPTables + apache (worker MPM) + mod_security 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 24. Our suggestion • cache servers : – Using SSD Disk – Application cache (ex : xcache/APC for PHP, …) – Generic cache : Apache Traffic Server 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 25. Cloud-based Solutions • For large DDoS attack (e.g Spamhaus was DDoS by 300Gb/s of traffic), we need a third-party : – Incapsula – CloudFlare 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 26. Cloud-based Solutions 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 27. Simple but effective • If you can determine C&C servers, just null route them 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 28. Testing • Test your network and devices by simulating real DoS attack (LOIC/HOIC, hping, slowhttptest, thc-ssl-dos, pktgen, ... ) 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 29. Conclusion • This approach is not “silver bullet” for preventing DDoS attacks • There isn’t “a technique” for mitigrating DDoS – DDoS Mitigation = Hardened System + Money 10/28/2013 11:58 AM www.securitybootcamp.vn
  • 30. Thank you ! 10/28/2013 11:58 AM www.securitybootcamp.vn