SlideShare una empresa de Scribd logo

Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Chấn Việt

Security Bootcamp
Security Bootcamp
Tecnología
1 de 30
Descargar para leer sin conexión
Mitigate DDoS attack with effective cost Nguyễn Chấn Việt
Đơn vị tổ chức: Đơn vị tài trợ:
The Growth of DDoS Attacks • Malware • Exploit 10/29/2013 11:16 AM www.securitybootcamp.vn
Classification • Volume Based Attacks –The attacker tries to saturate the bandwidth of the target’s website by flooding it with a huge quantity of data. This category includes ICMP floods, UDP floods and other spoofed-packet floods. The magnitude of Volume Based Attacks is measured in bits per second (Bps). • Protocol Attacks –The attacker’s goal is to saturate the target’s server resources or those of intermediate communication equipment (e.g., Load balancers) by exploiting network protocol flaws. This category includes SYN floods, Ping of Death, fragmented packet attacks, Smurf DDoS and more. The magnitude of Protocol Attacks is measured in Packets per second. • Application Layer (Layer 7) Attacks – Designed to exhaust the resource limits of Web services, application layer attacks target specific web applications, flooding them with a huge quantity of HTTP requests that saturate a target’s resources. Examples of application layer DDoS attacks include Slowloris, as well as DDoS attacks that target Apache, Windows, or OpenBSD vulnerabilities. The magnitude of application layer attacks is measured in Requests per second. 10/29/2013 11:16 AM www.securitybootcamp.vn
What we care ? • Exhausting resources like: – CPU – Memory/Buffers – I/O operations – Disk space – Network bandwidth 10/29/2013 11:16 AM www.securitybootcamp.vn
Where to start ? • Go through all devices on network, from L2 switches to backend servers and identify possible leaks, bottlenecks, attack vectors, applicable DoS attacks, vulnerabilities ... and mitigate or (rate)limit them 10/29/2013 11:16 AM www.securitybootcamp.vn
Infrastructure • Hosting and VM is not good idea 10/29/2013 11:16 AM www.securitybootcamp.vn
[1] 10/29/2013 11:16 AM www.securitybootcamp.vn
Architecture • Rule: Defence in depth (multi-layer) 10/29/2013 11:16 AM www.securitybootcamp.vn
OS Tuning • *nix is good choice • Rule : If not used, turn off 10/29/2013 11:16 AM www.securitybootcamp.vn
/etc/sysctl.conf tuning • net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 2 net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.tcp_rmem = 4096 87380 1048576 net.ipv4.tcp_wmem = 4096 16384 1048576 net.ipv4.tcp_max_orphans = 2048 10/29/2013 11:16 AM www.securitybootcamp.vn
Layer 3-4 • Stateful Firewall – Iptables – Tuning connections tracking • Rule : Deny all, allow selective 10/29/2013 11:16 AM www.securitybootcamp.vn
Layer 7 • WAF : to filter what firewall missed at IP layer – Mod_security • Why not snort ? 10/29/2013 11:16 AM www.securitybootcamp.vn
Layer 7 • Choosing webserver – Nginx is the best • Tuning webserver – Improve Apache with mod_reqtimeout • Caching is very important – Static cache – memcached 10/29/2013 11:16 AM www.securitybootcamp.vn
Patching • Keep Your System Up-to-date • Example : – Slowloris : based on missing CRLF – Slow Read attack : based on TCP persist timer exploit – Apache Range Header attack 10/29/2013 11:16 AM www.securitybootcamp.vn
Proactive with NSM • Logs is very important • My suggestion : Syslog-ng + Splunk 10/29/2013 11:16 AM www.securitybootcamp.vn
Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
Proactive with NSM • Alternative : Logstash is a free tool for managing events and logs. It has three primary components, an Input module for collecting logs from various sources 10/29/2013 11:16 AM ElasticSearch is this awesome distributable, RESTful, free Lucene powered search engine/server. Unlike SOLR, ES is very simple to use and maintain and similar to SOLR, indexing is near realtime. www.securitybootcamp.vn Kibana is a presentation layer that sits on top of Elasticsearch to analyze and make sense of logs that logstash throws into Elastic search; Kibana is a highly scalable interface for Logstash and ElasticSearch that allows you to efficiently search, graph, analyze and otherwise make sense of a mountain of logs.
Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
[2] Case Study 10/29/2013 11:16 AM www.securitybootcamp.vn
Our suggestion • Diagram 10/29/2013 11:16 AM www.securitybootcamp.vn
Our suggestion • Router with high throughput • reverse proxy servers : – 32Gb RAM, 10Gb NIC, Quad Core I7, SSD disk (for internal I/O better) – Linux OS, running IPTables + apache (worker MPM) + mod_security 10/29/2013 11:16 AM www.securitybootcamp.vn
Our suggestion • cache servers : – Using SSD Disk – Application cache (ex : xcache/APC for PHP, …) – Generic cache : Apache Traffic Server 10/29/2013 11:16 AM www.securitybootcamp.vn
Cloud-based Solutions • For large DDoS attack (e.g Spamhaus was DDoS by 300Gb/s of traffic), we need a third-party : – Incapsula – CloudFlare 10/29/2013 11:16 AM www.securitybootcamp.vn
Cloud-based Solutions 10/29/2013 11:16 AM www.securitybootcamp.vn
Simple but effective • If you can determine C&C servers, just null route them 10/29/2013 11:16 AM www.securitybootcamp.vn
Testing • Test your network and devices by simulating real DoS attack (LOIC/HOIC, hping, slowhttptest, thc-ssl-dos, pktgen, ... ) 10/29/2013 11:16 AM www.securitybootcamp.vn
Conclusion • This approach is not “silver bullet” for preventing DDoS attacks • There isn’t “a technique” for mitigrating DDoS – DDoS Mitigation = Hardened System + Money 10/29/2013 11:16 AM www.securitybootcamp.vn
Thank you ! 10/29/2013 11:16 AM www.securitybootcamp.vn

Recomendados

Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp
 
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
Security Bootcamp
 
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat Security Conference
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
Security Bootcamp
 
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Security Bootcamp
 
Масштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google ChromeМасштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google Chrome
Positive Hack Days
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Tamas K Lengyel
 

Recomendados

Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp
 
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
Security Bootcamp
 
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat v17 || Mitigations for the Masses: From EMET to Windows Defender Exp...
BlueHat Security Conference
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
Security Bootcamp
 
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Security Bootcamp
 
Масштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google ChromeМасштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google Chrome
Positive Hack Days
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Tamas K Lengyel
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
Jason Choi
 
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Igor Korkin
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng Dương
Security Bootcamp
 
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue AgainKernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Igor Korkin
 
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat Security Conference
 
Linux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningLinux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardening
Mender.io
 
Catching fileless attacks
Catching fileless attacksCatching fileless attacks
Catching fileless attacks
Balaji Rajasekaran
 
Egress-Assess and Owning Data Exfiltration
Egress-Assess and Owning Data ExfiltrationEgress-Assess and Owning Data Exfiltration
Egress-Assess and Owning Data Exfiltration
CTruncer
 
Password cracking
Password crackingPassword cracking
Password cracking
Ilan Mindel
 
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Igor Korkin
 
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware AnalysisIstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
BGA Cyber Security
 
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
RootedCON
 
Cloud Service Provider (Csp) internal threats
Cloud Service Provider (Csp) internal threats Cloud Service Provider (Csp) internal threats
Cloud Service Provider (Csp) internal threats
Ahmed EL-KOSAIRY
 
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
OWASP Russia
 
Fosdem10
Fosdem10Fosdem10
Fosdem10
wremes
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
wremes
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
CODE BLUE
 
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGiUsers
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
Positive Hack Days
 
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat Security Conference
 
Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp
 
Basic Security Training day 2
Basic Security Training day 2Basic Security Training day 2
Basic Security Training day 2
Tu Khiem
 

Más contenido relacionado

La actualidad más candente

Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue AgainKernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Igor Korkin
 
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat Security Conference
 
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Igor Korkin
 
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
RootedCON
 
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
OWASP Russia
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
CODE BLUE
 
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGiUsers
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
Positive Hack Days
 
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat Security Conference
 

La actualidad más candente (20)

Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
 
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge (lightning t...
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng Dương
 
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue AgainKernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
Kernel Hijacking Is Not an Option: MemoryRanger Comes to The Rescue Again
 
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
 
Linux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningLinux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardening
 
Catching fileless attacks
Catching fileless attacksCatching fileless attacks
Catching fileless attacks
 
Egress-Assess and Owning Data Exfiltration
Egress-Assess and Owning Data ExfiltrationEgress-Assess and Owning Data Exfiltration
Egress-Assess and Owning Data Exfiltration
 
Password cracking
Password crackingPassword cracking
Password cracking
 
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
Hypervisor-Based Active Data Protection for Integrity and Confidentiality of ...
 
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware AnalysisIstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
IstSec'14 - İbrahim BALİÇ - Automated Malware Analysis
 
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
 
Cloud Service Provider (Csp) internal threats
Cloud Service Provider (Csp) internal threats Cloud Service Provider (Csp) internal threats
Cloud Service Provider (Csp) internal threats
 
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
 
Fosdem10
Fosdem10Fosdem10
Fosdem10
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
 
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
OSGi als App-Plattform - Ein Ausflug durch den Security-Layer
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and well
 

Destacado

Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp
 
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
Giang Văn
 
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
Security Bootcamp
 

Destacado (12)

Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013Security Bootcamp 2013 - OWASP TOP 10- 2013
Security Bootcamp 2013 - OWASP TOP 10- 2013
 
Basic Security Training day 2
Basic Security Training day 2Basic Security Training day 2
Basic Security Training day 2
 
Slide 06
Slide 06Slide 06
Slide 06
 
Ch16
Ch16Ch16
Ch16
 
Isas semina
Isas seminaIsas semina
Isas semina
 
Slide 00 gioi thieu
Slide 00 gioi thieuSlide 00 gioi thieu
Slide 00 gioi thieu
 
Lương Trung Thành - Cloud Control Matrix
Lương Trung Thành - Cloud Control MatrixLương Trung Thành - Cloud Control Matrix
Lương Trung Thành - Cloud Control Matrix
 
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
Pham Van Giang - Lop 10 - Chuong 2 - Bai 12
 
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
SBC 2012 - Tổng quan về bảo mật trong Cloud (Lê Vĩnh Đạt)
 
Bài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPT
Bài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPTBài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPT
Bài 4: Triển khai Active Directory: Quản trị nhóm - Giáo trình FPT
 
Chương 6 Bảo mật - Giáo trình FPT
Chương 6 Bảo mật - Giáo trình FPTChương 6 Bảo mật - Giáo trình FPT
Chương 6 Bảo mật - Giáo trình FPT
 
Lập trình sáng tạo creative computing textbook mastercode.vn
Lập trình sáng tạo creative computing textbook mastercode.vnLập trình sáng tạo creative computing textbook mastercode.vn
Lập trình sáng tạo creative computing textbook mastercode.vn
 

Similar a Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Chấn Việt

Security Bootcamp 2013 mitigate d do-s attack with effective cost
Security Bootcamp 2013 mitigate d do-s attack with effective costSecurity Bootcamp 2013 mitigate d do-s attack with effective cost
Security Bootcamp 2013 mitigate d do-s attack with effective cost
Security Bootcamp
 
PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services.
yeung2000
 
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
Ian Choi
 
Run MongoDB with Confidence: Backing up and Monitoring with MMS
Run MongoDB with Confidence: Backing up and Monitoring with MMSRun MongoDB with Confidence: Backing up and Monitoring with MMS
Run MongoDB with Confidence: Backing up and Monitoring with MMS
MongoDB
 

Similar a Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Chấn Việt (20)

Security Bootcamp 2013 mitigate d do-s attack with effective cost
Security Bootcamp 2013 mitigate d do-s attack with effective costSecurity Bootcamp 2013 mitigate d do-s attack with effective cost
Security Bootcamp 2013 mitigate d do-s attack with effective cost
 
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
EuroBSDCon 2013 - Mitigating DDoS Attacks at Layer 7
 
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
 
6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
 
IJCSE Paper
IJCSE PaperIJCSE Paper
IJCSE Paper
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.ppt
 
Defensive information warfare on open platforms
Defensive information warfare on open platformsDefensive information warfare on open platforms
Defensive information warfare on open platforms
 
DDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptxDDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptx
 
PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services.
 
Deploy secure, scalable, and highly available web apps with Azure Front Door ...
Deploy secure, scalable, and highly available web apps with Azure Front Door ...Deploy secure, scalable, and highly available web apps with Azure Front Door ...
Deploy secure, scalable, and highly available web apps with Azure Front Door ...
 
Codefest2015
Codefest2015Codefest2015
Codefest2015
 
2013 april-screen
2013 april-screen2013 april-screen
2013 april-screen
 
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
 
QA: Базовое тестирование защищенности веб-приложений в рамках QA
QA: Базовое тестирование защищенности веб-приложений в рамках QAQA: Базовое тестирование защищенности веб-приложений в рамках QA
QA: Базовое тестирование защищенности веб-приложений в рамках QA
 
Run MongoDB with Confidence: Backing up and Monitoring with MMS
Run MongoDB with Confidence: Backing up and Monitoring with MMSRun MongoDB with Confidence: Backing up and Monitoring with MMS
Run MongoDB with Confidence: Backing up and Monitoring with MMS
 
D108636GC10_les01.pptx
D108636GC10_les01.pptxD108636GC10_les01.pptx
D108636GC10_les01.pptx
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
 

Más de Security Bootcamp

GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
Security Bootcamp
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
Security Bootcamp
 

Más de Security Bootcamp (20)

Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurity
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
 
Deception change-the-game
Deception change-the-gameDeception change-the-game
Deception change-the-game
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdr
 
Sbc2019 luong-cyber startup
Sbc2019 luong-cyber startupSbc2019 luong-cyber startup
Sbc2019 luong-cyber startup
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-want
 
Macro malware common techniques - public
Macro malware common techniques - publicMacro malware common techniques - public
Macro malware common techniques - public
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Tim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuTim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cu
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 cost
 
Build SOC
Build SOC Build SOC
Build SOC
 
AD red vs blue
AD red vs blueAD red vs blue
AD red vs blue
 
Securitybox
SecurityboxSecuritybox
Securitybox
 
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
 
Api security-present
Api security-presentApi security-present
Api security-present
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
 
Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Último (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Chấn Việt

  • 1. Mitigate DDoS attack with effective cost Nguyễn Chấn Việt
  • 2. Đơn vị tổ chức: Đơn vị tài trợ:
  • 3. The Growth of DDoS Attacks • Malware • Exploit 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 4. Classification • Volume Based Attacks –The attacker tries to saturate the bandwidth of the target’s website by flooding it with a huge quantity of data. This category includes ICMP floods, UDP floods and other spoofed-packet floods. The magnitude of Volume Based Attacks is measured in bits per second (Bps). • Protocol Attacks –The attacker’s goal is to saturate the target’s server resources or those of intermediate communication equipment (e.g., Load balancers) by exploiting network protocol flaws. This category includes SYN floods, Ping of Death, fragmented packet attacks, Smurf DDoS and more. The magnitude of Protocol Attacks is measured in Packets per second. • Application Layer (Layer 7) Attacks – Designed to exhaust the resource limits of Web services, application layer attacks target specific web applications, flooding them with a huge quantity of HTTP requests that saturate a target’s resources. Examples of application layer DDoS attacks include Slowloris, as well as DDoS attacks that target Apache, Windows, or OpenBSD vulnerabilities. The magnitude of application layer attacks is measured in Requests per second. 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 5. What we care ? • Exhausting resources like: – CPU – Memory/Buffers – I/O operations – Disk space – Network bandwidth 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 6. Where to start ? • Go through all devices on network, from L2 switches to backend servers and identify possible leaks, bottlenecks, attack vectors, applicable DoS attacks, vulnerabilities ... and mitigate or (rate)limit them 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 7. Infrastructure • Hosting and VM is not good idea 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 9. Architecture • Rule: Defence in depth (multi-layer) 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 10. OS Tuning • *nix is good choice • Rule : If not used, turn off 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 11. /etc/sysctl.conf tuning • net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 2 net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.tcp_rmem = 4096 87380 1048576 net.ipv4.tcp_wmem = 4096 16384 1048576 net.ipv4.tcp_max_orphans = 2048 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 12. Layer 3-4 • Stateful Firewall – Iptables – Tuning connections tracking • Rule : Deny all, allow selective 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 13. Layer 7 • WAF : to filter what firewall missed at IP layer – Mod_security • Why not snort ? 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 14. Layer 7 • Choosing webserver – Nginx is the best • Tuning webserver – Improve Apache with mod_reqtimeout • Caching is very important – Static cache – memcached 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 15. Patching • Keep Your System Up-to-date • Example : – Slowloris : based on missing CRLF – Slow Read attack : based on TCP persist timer exploit – Apache Range Header attack 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 16. Proactive with NSM • Logs is very important • My suggestion : Syslog-ng + Splunk 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 17. Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 18. Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 19. Proactive with NSM • Alternative : Logstash is a free tool for managing events and logs. It has three primary components, an Input module for collecting logs from various sources 10/29/2013 11:16 AM ElasticSearch is this awesome distributable, RESTful, free Lucene powered search engine/server. Unlike SOLR, ES is very simple to use and maintain and similar to SOLR, indexing is near realtime. www.securitybootcamp.vn Kibana is a presentation layer that sits on top of Elasticsearch to analyze and make sense of logs that logstash throws into Elastic search; Kibana is a highly scalable interface for Logstash and ElasticSearch that allows you to efficiently search, graph, analyze and otherwise make sense of a mountain of logs.
  • 20. Proactive with NSM 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 21. [2] Case Study 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 22. Our suggestion • Diagram 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 23. Our suggestion • Router with high throughput • reverse proxy servers : – 32Gb RAM, 10Gb NIC, Quad Core I7, SSD disk (for internal I/O better) – Linux OS, running IPTables + apache (worker MPM) + mod_security 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 24. Our suggestion • cache servers : – Using SSD Disk – Application cache (ex : xcache/APC for PHP, …) – Generic cache : Apache Traffic Server 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 25. Cloud-based Solutions • For large DDoS attack (e.g Spamhaus was DDoS by 300Gb/s of traffic), we need a third-party : – Incapsula – CloudFlare 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 26. Cloud-based Solutions 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 27. Simple but effective • If you can determine C&C servers, just null route them 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 28. Testing • Test your network and devices by simulating real DoS attack (LOIC/HOIC, hping, slowhttptest, thc-ssl-dos, pktgen, ... ) 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 29. Conclusion • This approach is not “silver bullet” for preventing DDoS attacks • There isn’t “a technique” for mitigrating DDoS – DDoS Mitigation = Hardened System + Money 10/29/2013 11:16 AM www.securitybootcamp.vn
  • 30. Thank you ! 10/29/2013 11:16 AM www.securitybootcamp.vn