SlideShare ist ein Scribd-Unternehmen logo

DDoS Attack Preparation and Mitigation

Jerod Brennen
Jerod Brennen

Layered controls to help you prepare for and defend yourself from a distributed denial of service (DDoS) attack.

Technologie
1 von 20
Downloaden Sie, um offline zu lesen
DDoS Attack Preparation and Mitigation Presented by Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis
Overview • What is a DDoS attack? • Why are these attacks launched? • How do we prepare? • How do we respond? • Resources
In the News… http://money.cnn.com/2012/09/27/technology/bank-cyberattacks/
DoS Attacks • Denial of Service o Network resources o Host resources o Application resources • Types o ICMP Flood • Smurf attack • Ping flood • Ping of death o SYN Flood • SYN – SYN/ACK… Wait. Where’s my ACK? • Unending knock-knock joke o Teardrop Attack o Low and Slow
DDoS Attacks • Distributed Denial of Service o Simultaneous attacks from multiple sources o Traditional countermeasures don’t work • Examples o Botnet downloads entire site, repeats ad nauseum o Abuse SSL negotiation phase
Why Launch a DDoS Attack? • Motive o Extortion o Revenge o Hacktivism o Unintentional (@feliciaday) • Means o Botnet • Infected machines • Voluntary (mobile devices?) o Availability of tools • Low Orbit Ion Cannon (LOIC) – TCP/UDP • slowhttptest – HTTP • Slowloris – HTTP • Opportunity o We’re talking about the INTERNET…
Preparation • Technical: Defense-in-Depth o Network o Operating System o Web/Application Server o Application • Procedural: Security Incident Response o Policy o Procedures o Tabletop Exercises
Preparation – Network Architecture • Align with Cisco SAFE security reference architecture o Redundancy • Deploy and tune tools o Intrusion Prevention System (IPS) o Security Information Event Management (SIEM) o Bandwidth Monitoring and Management o Anti-DDoS Hardware (*) • Cisco Guard / PrevenTier (Rackspace) • DOSarrest • RioRey • Evaluate IPv6 configurations
Preparation – Network Router • Enable Reverse Path Forwarding o ip verify unicast reverse path • Filter all RFC-1918 address spaces o 10.0.0.0 - 10.255.255.255 (10/8 prefix) o 169.254.0 – 169.254.255.255 (169.254/16 prefix) o 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) o 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) • Network Ingress Filtering, per RFC-2827 o Drop forged packets • Enforce rate limiting for ICMP and SYN packets
Preparation – Network Firewall • Deny private, illegal, and routable source IP’s o 0.0.0.0 o 10.0.0.0-10.255.255.255 o 127.0.0.0 o 172.16.0.0-172.31.255.255 o 192.168.0.0-192.168.255.255 o 240.0.0.0 o 255.255.255.255
Preparation - Operating System • Harden the Host o Center for Internet Security o DISA STIG’s • Defense Information Systems Agency Security Technical Implementation Guides o Vendor guides • Patch o Automate the process o Trust, but verify • Host Vulnerability Scans o DoS vulnerabilities
Preparation – Apache on Linux • Advanced Policy Firewall (APF) o iptables (netfilter) • (D)DoS Deflate o netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort –n o Automatically block attacking IP’s o Automatically unblock IP’s after x seconds • Apache modules o mod_evasive o mod_security
Preparation – IIS on Windows • UrlScan o Integrate with IIS o Mitigate SQL injection attacks o Restrict potentially malicious HTTP requests (web app firewall function) • Dynamic IP Restrictions o Requests over time o Deny action o Logging
Preparation - Application • Third Party Services o Akamai – Web Application Acceleration o Prolexic – Pipe Cleaner • Web App Firewall o Hosted o Cloud • Load Balancers o Take advantage of virtualization • Baseline Your Performance o Thresholds (Load Testing) o Source IP reports • Web Application Vulnerability Scan o DoS vulnerabilities o Vulnerable forms (CAPTCHA)
Mitigation - Network • Log analysis o Understand the attack o netstat, awk, grep • Contact your ISP o Drop attacking traffic before it hits any of your resources • Null route attackers o Example: ip route 192.168.0.0 255.255.0.0 Null0 • Implement yourgeographic IP rules o Deny all traffic from non-customer IP blocks • Enable third party services/solutions o Temporary o Cost
Mitigation – Host and App • Add additional servers o Temporary (co$t) o Again, take advantage of virtualization • Tighten web app firewall rules o Based on attack pattern
Contact Law Enforcement? • Pros o Prevent future attacks against your org o Prevent future attacks against other orgs • Cons o Attack becomes public record o Additional resources = time + money • Decide in writing what action you will take before an incident occurs.
Resources • Denial of Service Attacks Explained o CERT • http://www.cert.org/tech_tips/denial_of_service.html o Wikipedia • http://en.wikipedia.org/wiki/Denial-of-service_attack • RFC’s o RFC-1918 – Address Allocation for Private Internets • http://tools.ietf.org/html/rfc1918 o RFC-2827 – Network Ingress Filtering • http://www.ietf.org/rfc/rfc2827.txt • HardeningInformation o Center for Internet Security • http://www.cisecurity.org/ o Cisco SAFE • http://www.cisco.com/en/US/netsol/ns954/index.html o Country IP Blocks • http://www.countryipblocks.net/ o DISA STIG’s • http://iase.disa.mil/stigs/ o How to Protect Against Slow HTTP Attacks (via @Qualys) • https://community.qualys.com/blogs/securitylabs/2011/11/02/how-to-protect-against-slow-http- attacks
Resources (cont’d) • Tools o Low Orbit Ion Cannon • http://sourceforge.net/projects/loic/ • Installed on your iPhone: http://www.youtube.com/watch?v=9VxA_DSflG0 o slowhttptest • http://code.google.com/p/slowhttptest/ o Slowloris • http://ha.ckers.org/slowloris/ o Advanced Policy Firewall (APF) • http://www.rfxn.com/projects/advanced-policy-firewall/ o (D)DoS Deflate • http://deflate.medialayer.com/ o UrlScan • http://technet.microsoft.com/en-us/security/cc242650 o Dynamic IP Restrictions • http://www.iis.net/download/DynamicIPRestrictions • Apache Modules o Mod_evasive • http://www.topwebhosts.org/articles/mod_evasive.php o Mod_security • http://www.topwebhosts.org/articles/mod_security.php
Questions / Contact Info Jerod Brennen, CISSP http://www.linkedin.com/in/slandail http://twitter.com/#!/slandail http://www.jacadis.com/ contact@jacadis.com

Empfohlen

Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)btpsec
 
DDoS Protection
DDoS ProtectionDDoS Protection
DDoS ProtectionAmazon Web Services
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 

Empfohlen

Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)btpsec
 
DDoS Protection
DDoS ProtectionDDoS Protection
DDoS ProtectionAmazon Web Services
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationCloudflare
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacksHaltdos
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
Ddos attacks
Ddos attacksDdos attacks
Ddos attackscommunication-eg
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onJustin Henderson
 
Dns security
Dns securityDns security
Dns securityDhaval Kapil
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Felicia Pillay CV
Felicia Pillay CVFelicia Pillay CV
Felicia Pillay CVFelicia Pillay
 
DDoS Attack illustration
DDoS Attack illustrationDDoS Attack illustration
DDoS Attack illustrationMarcelo Silva
 

Weitere ähnliche Inhalte

Was ist angesagt?

KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationCloudflare
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacksHaltdos
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onJustin Henderson
 

Was ist angesagt? (20)

KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and Mitigation
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacks
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
Ddos attacks
Ddos attacksDdos attacks
Ddos attacks
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoS
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
 
Dns security
Dns securityDns security
Dns security
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 

Andere mochten auch

DDoS Attack illustration
DDoS Attack illustrationDDoS Attack illustration
DDoS Attack illustrationMarcelo Silva
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacksRollingsherman
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 

Andere mochten auch (8)

Felicia Pillay CV
Felicia Pillay CVFelicia Pillay CV
Felicia Pillay CV
 
DDoS Attack illustration
DDoS Attack illustrationDDoS Attack illustration
DDoS Attack illustration
 
Immune Attack
Immune AttackImmune Attack
Immune Attack
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 

Ähnlich wie DDoS Attack Preparation and Mitigation

DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
Combating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and AutomationCombating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and AutomationSagi Brody
 
DDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring ProjectDDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring ProjectAPNIC
 
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupWeapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupmichaelxin2015
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationWilson Rogerio Lopes
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Eradicate the Bots in the Belfry - Information Security Summit - Eric Vanderburg
Eradicate the Bots in the Belfry - Information Security Summit - Eric VanderburgEradicate the Bots in the Belfry - Information Security Summit - Eric Vanderburg
Eradicate the Bots in the Belfry - Information Security Summit - Eric VanderburgEric Vanderburg
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talkkieranjacobsen
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
Network security basics
Network security basicsNetwork security basics
Network security basicsSkillspire LLC
 
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019kieranjacobsen
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasuresdkaya
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDebra Baker, CISSP CSSP
 
Secure 2013 Poland
Secure 2013 PolandSecure 2013 Poland
Secure 2013 PolandCloudflare
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
 

Ähnlich wie DDoS Attack Preparation and Mitigation (20)

DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
Combating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and AutomationCombating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and Automation
 
DDoS - unstoppable menace
DDoS - unstoppable menaceDDoS - unstoppable menace
DDoS - unstoppable menace
 
DDoS - unstoppable menace
DDoS - unstoppable menaceDDoS - unstoppable menace
DDoS - unstoppable menace
 
DDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring ProjectDDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring Project
 
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupWeapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and Mitigation
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
Eradicate the Bots in the Belfry - Information Security Summit - Eric Vanderburg
Eradicate the Bots in the Belfry - Information Security Summit - Eric VanderburgEradicate the Bots in the Belfry - Information Security Summit - Eric Vanderburg
Eradicate the Bots in the Belfry - Information Security Summit - Eric Vanderburg
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talk
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
 
Network security basics
Network security basicsNetwork security basics
Network security basics
 
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
 
Security attacks
Security attacksSecurity attacks
Security attacks
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasures
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
Secure 2013 Poland
Secure 2013 PolandSecure 2013 Poland
Secure 2013 Poland
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018
 

Mehr von Jerod Brennen

Embedding Security in the SDLC
Embedding Security in the SDLCEmbedding Security in the SDLC
Embedding Security in the SDLCJerod Brennen
 
The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM MaturityJerod Brennen
 
Hacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMHacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMJerod Brennen
 
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)Jerod Brennen
 
Automating Security Testing with the OWTF
Automating Security Testing with the OWTFAutomating Security Testing with the OWTF
Automating Security Testing with the OWTFJerod Brennen
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the thingsJerod Brennen
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINTJerod Brennen
 
Running Your Apps Through the "Gauntlt"
Running Your Apps Through the "Gauntlt"Running Your Apps Through the "Gauntlt"
Running Your Apps Through the "Gauntlt"Jerod Brennen
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security FrameworkJerod Brennen
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Jerod Brennen
 
Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development processJerod Brennen
 
Bridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit GapBridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit GapJerod Brennen
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsJerod Brennen
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 

Mehr von Jerod Brennen (15)

Embedding Security in the SDLC
Embedding Security in the SDLCEmbedding Security in the SDLC
Embedding Security in the SDLC
 
The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM Maturity
 
Hacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAMHacking identity: A Pen Tester's Guide to IAM
Hacking identity: A Pen Tester's Guide to IAM
 
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
 
Automating Security Testing with the OWTF
Automating Security Testing with the OWTFAutomating Security Testing with the OWTF
Automating Security Testing with the OWTF
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the things
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
 
Running Your Apps Through the "Gauntlt"
Running Your Apps Through the "Gauntlt"Running Your Apps Through the "Gauntlt"
Running Your Apps Through the "Gauntlt"
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security Framework
 
Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!Please, Please, PLEASE Defend Your Mobile Apps!
Please, Please, PLEASE Defend Your Mobile Apps!
 
Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development process
 
Bridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit GapBridging the Social Media Implementation/Audit Gap
Bridging the Social Media Implementation/Audit Gap
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile Applications
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
 

Kürzlich hochgeladen

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Kürzlich hochgeladen (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

DDoS Attack Preparation and Mitigation

  • 1. DDoS Attack Preparation and Mitigation Presented by Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis
  • 2. Overview • What is a DDoS attack? • Why are these attacks launched? • How do we prepare? • How do we respond? • Resources
  • 4. DoS Attacks • Denial of Service o Network resources o Host resources o Application resources • Types o ICMP Flood • Smurf attack • Ping flood • Ping of death o SYN Flood • SYN – SYN/ACK… Wait. Where’s my ACK? • Unending knock-knock joke o Teardrop Attack o Low and Slow
  • 5. DDoS Attacks • Distributed Denial of Service o Simultaneous attacks from multiple sources o Traditional countermeasures don’t work • Examples o Botnet downloads entire site, repeats ad nauseum o Abuse SSL negotiation phase
  • 6. Why Launch a DDoS Attack? • Motive o Extortion o Revenge o Hacktivism o Unintentional (@feliciaday) • Means o Botnet • Infected machines • Voluntary (mobile devices?) o Availability of tools • Low Orbit Ion Cannon (LOIC) – TCP/UDP • slowhttptest – HTTP • Slowloris – HTTP • Opportunity o We’re talking about the INTERNET…
  • 7. Preparation • Technical: Defense-in-Depth o Network o Operating System o Web/Application Server o Application • Procedural: Security Incident Response o Policy o Procedures o Tabletop Exercises
  • 8. Preparation – Network Architecture • Align with Cisco SAFE security reference architecture o Redundancy • Deploy and tune tools o Intrusion Prevention System (IPS) o Security Information Event Management (SIEM) o Bandwidth Monitoring and Management o Anti-DDoS Hardware (*) • Cisco Guard / PrevenTier (Rackspace) • DOSarrest • RioRey • Evaluate IPv6 configurations
  • 9. Preparation – Network Router • Enable Reverse Path Forwarding o ip verify unicast reverse path • Filter all RFC-1918 address spaces o 10.0.0.0 - 10.255.255.255 (10/8 prefix) o 169.254.0 – 169.254.255.255 (169.254/16 prefix) o 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) o 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) • Network Ingress Filtering, per RFC-2827 o Drop forged packets • Enforce rate limiting for ICMP and SYN packets
  • 10. Preparation – Network Firewall • Deny private, illegal, and routable source IP’s o 0.0.0.0 o 10.0.0.0-10.255.255.255 o 127.0.0.0 o 172.16.0.0-172.31.255.255 o 192.168.0.0-192.168.255.255 o 240.0.0.0 o 255.255.255.255
  • 11. Preparation - Operating System • Harden the Host o Center for Internet Security o DISA STIG’s • Defense Information Systems Agency Security Technical Implementation Guides o Vendor guides • Patch o Automate the process o Trust, but verify • Host Vulnerability Scans o DoS vulnerabilities
  • 12. Preparation – Apache on Linux • Advanced Policy Firewall (APF) o iptables (netfilter) • (D)DoS Deflate o netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort –n o Automatically block attacking IP’s o Automatically unblock IP’s after x seconds • Apache modules o mod_evasive o mod_security
  • 13. Preparation – IIS on Windows • UrlScan o Integrate with IIS o Mitigate SQL injection attacks o Restrict potentially malicious HTTP requests (web app firewall function) • Dynamic IP Restrictions o Requests over time o Deny action o Logging
  • 14. Preparation - Application • Third Party Services o Akamai – Web Application Acceleration o Prolexic – Pipe Cleaner • Web App Firewall o Hosted o Cloud • Load Balancers o Take advantage of virtualization • Baseline Your Performance o Thresholds (Load Testing) o Source IP reports • Web Application Vulnerability Scan o DoS vulnerabilities o Vulnerable forms (CAPTCHA)
  • 15. Mitigation - Network • Log analysis o Understand the attack o netstat, awk, grep • Contact your ISP o Drop attacking traffic before it hits any of your resources • Null route attackers o Example: ip route 192.168.0.0 255.255.0.0 Null0 • Implement yourgeographic IP rules o Deny all traffic from non-customer IP blocks • Enable third party services/solutions o Temporary o Cost
  • 16. Mitigation – Host and App • Add additional servers o Temporary (co$t) o Again, take advantage of virtualization • Tighten web app firewall rules o Based on attack pattern
  • 17. Contact Law Enforcement? • Pros o Prevent future attacks against your org o Prevent future attacks against other orgs • Cons o Attack becomes public record o Additional resources = time + money • Decide in writing what action you will take before an incident occurs.
  • 18. Resources • Denial of Service Attacks Explained o CERT • http://www.cert.org/tech_tips/denial_of_service.html o Wikipedia • http://en.wikipedia.org/wiki/Denial-of-service_attack • RFC’s o RFC-1918 – Address Allocation for Private Internets • http://tools.ietf.org/html/rfc1918 o RFC-2827 – Network Ingress Filtering • http://www.ietf.org/rfc/rfc2827.txt • HardeningInformation o Center for Internet Security • http://www.cisecurity.org/ o Cisco SAFE • http://www.cisco.com/en/US/netsol/ns954/index.html o Country IP Blocks • http://www.countryipblocks.net/ o DISA STIG’s • http://iase.disa.mil/stigs/ o How to Protect Against Slow HTTP Attacks (via @Qualys) • https://community.qualys.com/blogs/securitylabs/2011/11/02/how-to-protect-against-slow-http- attacks
  • 19. Resources (cont’d) • Tools o Low Orbit Ion Cannon • http://sourceforge.net/projects/loic/ • Installed on your iPhone: http://www.youtube.com/watch?v=9VxA_DSflG0 o slowhttptest • http://code.google.com/p/slowhttptest/ o Slowloris • http://ha.ckers.org/slowloris/ o Advanced Policy Firewall (APF) • http://www.rfxn.com/projects/advanced-policy-firewall/ o (D)DoS Deflate • http://deflate.medialayer.com/ o UrlScan • http://technet.microsoft.com/en-us/security/cc242650 o Dynamic IP Restrictions • http://www.iis.net/download/DynamicIPRestrictions • Apache Modules o Mod_evasive • http://www.topwebhosts.org/articles/mod_evasive.php o Mod_security • http://www.topwebhosts.org/articles/mod_security.php
  • 20. Questions / Contact Info Jerod Brennen, CISSP http://www.linkedin.com/in/slandail http://twitter.com/#!/slandail http://www.jacadis.com/ contact@jacadis.com