Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
EDoS in the Cloud(Economical Denial of Service)
Raluca Stanciu - BullGuard
So…
11 hours 1.2Tbps
Losses???
EDoS?
DDoS – a serious threat. Why?
2016: 1,5 million hijacked wireless
cameras  1-Tbps DDoS attack
In 2017: the first Android ...
Attack numbers?
20,000 daily attacks
source: DDoSMon (2017)
$2.5 million DDoS costs per company
source: Neustar (2016-2017)
Examples:
Victim company When Attack peak size Attack duration Other details
Undisclosed
customer of a U.S.-
based service...
http://www.digitalattackmap.com
Ok. DDoS. Methods?
Log-in attacks Egress data attacks
Reflection attacks
2018 : GitHub attack - 1.35 Tbps
Unprecendented amplication
factor  51,000x
DDoS attack strategy
*source: DDOSMON
DDoS protection in Cloud. How?
1h of downtime = How much revenue loss ?
NO ACCESS to
the physical
network
infrastructure
D...
What’s the best you can do
with DDoSPaaS?
1.Reduce attack surface
2.Be ready to scale
3.Architect for resilience.
4. Regis...
1. Reduce attack surface Expose ONLY if necessary
If exposed, protect, protect,
PROTECT!Cloud storage resources
 Access C...
2. Be ready to scale Elastic Load Balancing
 scales automatically at need => can manage larger volumes
1. Application Loa...
3. Architect for resiliance
Limit, limit, limit!!!
per-IP request count
per-IP connection count
count of users who can make requests to your applicati...
• Understand the differences
between Cloud DDoS
protection services
*Third party DDoSPaaS
Akamai  helped protect against the
2018 1.35 TB attack against GitHub
Blockchain DDoS
mitigation
Conclusion? Anything which has an
IP address CAN and WILL be used
against you!
Nächste SlideShare
Wird geladen in …5
×

Economical Denial of Sustainability in the Cloud (EDOS)

25 Aufrufe

Veröffentlicht am

Raluca Stanciu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.

The videos and other presentations can be found on https://def.camp/archive

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Economical Denial of Sustainability in the Cloud (EDOS)

  1. 1. EDoS in the Cloud(Economical Denial of Service) Raluca Stanciu - BullGuard
  2. 2. So… 11 hours 1.2Tbps Losses???
  3. 3. EDoS?
  4. 4. DDoS – a serious threat. Why? 2016: 1,5 million hijacked wireless cameras  1-Tbps DDoS attack In 2017: the first Android botnet (WireX) = 150.000 infected devices BOTNETS
  5. 5. Attack numbers? 20,000 daily attacks source: DDoSMon (2017) $2.5 million DDoS costs per company source: Neustar (2016-2017)
  6. 6. Examples: Victim company When Attack peak size Attack duration Other details Undisclosed customer of a U.S.- based service provider March 2018 1.7Tbps _ • Largest attack known until now • Amplification attack. GitHub February 2018 1.35Tbps 10 minutes • Memcached-Servers amplification attack Microsoft’s and Sony’s online gaming services (PSN and Xbox) Christmas 2014 _ 2 days for Microsoft 3 days for Sony • The attack took down entirely Microsoft’s and Sony’s online gaming services. • Millions of users were unable to play online games or access entertainment channels Runescape, a gaming platform 2014 _ _ • Spent £6 million trying to defend against the DDOS attack. Rackspace, a Cloud service provider 2014 _ 11 hours
  7. 7. http://www.digitalattackmap.com
  8. 8. Ok. DDoS. Methods? Log-in attacks Egress data attacks
  9. 9. Reflection attacks 2018 : GitHub attack - 1.35 Tbps Unprecendented amplication factor  51,000x
  10. 10. DDoS attack strategy *source: DDOSMON
  11. 11. DDoS protection in Cloud. How? 1h of downtime = How much revenue loss ? NO ACCESS to the physical network infrastructure DDoS Protection as a Service
  12. 12. What’s the best you can do with DDoSPaaS? 1.Reduce attack surface 2.Be ready to scale 3.Architect for resilience. 4. Register for live support service Time-to-mitigation = MONEY
  13. 13. 1. Reduce attack surface Expose ONLY if necessary If exposed, protect, protect, PROTECT!Cloud storage resources  Access Control Lists Ports  Firewall rules Anti-spoofing protection VPC network configuration VPC Administrative Console  Identity Access Management Internal traffic  Isolated: • Public IP only if needed • NAT Gateway • Internal Load Balancing: for your internal client instances accessing internally deployed services thereby avoiding exposure to the external world. You have API Frontend exposed to the public  The API frontend is can be DDoS attacked and expose resources also => use the Cloud provider’s API Gateway as a “front door”
  14. 14. 2. Be ready to scale Elastic Load Balancing  scales automatically at need => can manage larger volumes 1. Application Load Balancer  routes traffic based on its content and accepts only well-formed web requests => it blocks SYN floods, UDP reflection attacks and others 2. Network Load Balancer  For TCP-based applications, you can use NLB to route traffic to Amazon EC2 instances at ultralow latency Elastic IP Addresses  Static IPv4 address designed for dynamic cloud computing. If the assigned instance fails, it is remapped to another instance Proper Elastic Computer type (resources-wise)  ex: 25Gb NIC & Enhanced Networking Choose a SLA with automatic scaling  horizontally: add instances; vertically: use larger instances
  15. 15. 3. Architect for resiliance
  16. 16. Limit, limit, limit!!! per-IP request count per-IP connection count count of users who can make requests to your application Choose a product which can properly protect detect both bad AND GOOD traffic (what if your web service has a legit spike of clients?) Costs!!!! Hidden or not!!! In the Cloud, even a sneeze costs! Cloud-provided regions  performance, data sovereignty, optimal latency Shared Responsibility Model !!! Differences between the DDoS protection products DDoSPaaS – Other MUSTS
  17. 17. • Understand the differences between Cloud DDoS protection services
  18. 18. *Third party DDoSPaaS Akamai  helped protect against the 2018 1.35 TB attack against GitHub Blockchain DDoS mitigation
  19. 19. Conclusion? Anything which has an IP address CAN and WILL be used against you!

×