Protecting Your Business From DDoS Attacks

8/3/2019 Protecting Your Business From DDoS Attacks

1/26

Protecting Your Business from

DDoS Attacks

How effect to DOS attach to the company what are the DOS attacks, how it effect

to the company, how to overcome thisproblem etc.

Saptha WanniarachchiMBCS,MCSE


2/26

Introduction

Overview of DDoS Attack ?

How it works

Impact of businessMitigation

Prevention

Challengers

Q&A


3/26

DDoS Attack Overview

Type of attack causes your computer/Networkto crash or to become so busy processing datathat you are unable to use it

Main objective of committing such attacksdoes not provide the attacker with anyescalated system access; it makes a computer

resource unavailable to its intended users.


4/26

What Is a DDoS Attack?

uses a network of zombie computers

tells all the computers on his botnet to

contact a specific server or Web siterepeatedly.

The sudden increase in traffic can cause the

site to load very slowly for legitimate users.


5/26

Types of DDoS Attacks

Direct Attacks - In a DDoS attack there is at least an attacker, a victim, andan amplifying network.

Remote Attacks Organized Attack using botnet

Reflected attack Traffic directed from known host using reflection

machenisum Ping of Death - bots create huge electronic packets and sends them on to

victims

Mailbomb - bots send a massive amount of e-mail, crashing e-mail servers

Smurf Attack - bots send Internet Control Message Protocol (ICMP)messages to reflectors

Teardrop - bots send pieces of an illegitimate packet; the victim systemtries to recombine the pieces into a packet and crashes as a result


6/26

What Is a DDoS Attack?


7/26

How it works

A botnet is a network of computers that have been infected and can be used

remotely by hackers in order to carry out various attacks.

Botnets: nearly 1/4 of all computers have them. They use your computer to

send spam, collect personal information, or take down websites, all without

your knowledge


8/26

Site Before the attack begin


9/26

Attacked


10/26

Server Statistics


11/26

Tools efficiency

HTTP Flood Test Report

Date: 10/13/2011 12:51:31 PM

Target URL: www.srilankatravelhub.com

Target Port: 80

Duration: 4 minutes, 14 seconds

Requests Issued: 81907

Responses Received: 58

Requests Lost: 99.93%

Request Rate: 322.47 requests per second


12/26

Trend of attacks

DDoS Attacks Continue to Grow

Attackers today are a lot more sophisticated

Every organization online is a potential DDoS Target


13/26

Who will conduct DDoS Attacks? & Why?

Personal reasons - target specific computers

for revenge

Prestige - gain respect of hacker community Material gain - damage resources

Political reasons - compromise enemys

resources


14/26

Legal

DDoS is a federal Crime and its illegal in the united states

under national information infrastructure protection act 1996

Its illegal in many countries now

Legal battle to protect DDoS Theres no such thing as a DDoS attack. A DDoS is a protest,

its a digital sit-it. It is no different than physically occupying a

space. Its not a crime, its speech.

Nothing was malicious, there was no malware, no Trojans.This was merely a digital sit-in. It is no different from

occupying the Woolworths lunch counter in the civil rights

era.


15/26

DDOS Tools


16/26

Mobile DDoS


17/26

Business Impact

Business impactSystem Impact

Cost Of Prevention Customer Satisfaction/ Business Connectivity


18/26

Victim

Application - exploit some feature of a specific application on victim host- disables legitimate client use of that application and possibly strains resources- indistinguishable from legitimate packets- semantics of application must be heavily used in detection

Host - disable access to the target machine completely by overloading or disabling

its communication mechanism (ex: TCP SYN attack)- attack packets carry real destination address of target host

Network Attacks - consume incoming bandwidth of a target networks- attack packets have destination addresses within address space of network- high volume makes detection easy

Infrastructure - target some distributed service that is crucial for the globalInternet operation or operation of a sub-network- ex: DNS server attacks


19/26

Protecting Your Business from DDoS

Attacks Business disruptions

Estimates from Forrester, IDC, and the Yankee Group predict the cost of a 24-hour outage for a

large e-commerce company would approach US$30 million.

Capacity

Ensure that you have adequate bandwidth on your Internet connection. You'll be able to foil

many low-scale DDoS attacks by simply having enough bandwidth (and processing power) to

service the requests.

Deploy DDoS Mitigation Plan

Hire Experts , draft and implement plan to mitigate the risk of been attacked Prevention

Deploy an intrusion prevention system


20/26

DDoS Mitigation Plan

Create a DDoS Response team

On-Premises DDoS Defenses are

Imperative Protect Your DNS Servers

Know Your Real Customers

Maintain Continuous Vigilance


21/26

Prevention (Technical)

Proper Firewall Configuration

Accept Only dedicated ports

Such as port 80 is reachable directly

Update Subscription

Class Based Queuing

Function of the Linux kernel

Setup different traffic queues Determines what packets to put in what queue

Assign a bandwidth to each of the queue


22/26

Prevention

Traffic Monitor

Monitor

Monitors in and out packet

Checks the hashtable

Server thread

Manager

Analyzes the supplied data Sorts the IPs in one of several classes


23/26

Prevention

Traffic generated by reflector

Reflector enable filtering

Deploy trace back mechanism

IDS/IPS


24/26

More Tips to prevent.

Keep an audit trail that describes what was changed and why.

Create interdepartmental Standard Operating Procedures (SOPs) and Emergency

Operating Procedures (EOPs).

Network monitoring isn't enough; your administrators must know yourconfiguration in detail.

Test yourself both locally and over the Internet.

Your processes can harm you just like as hackers.

Keep people aware of old configurations and their purpose.

When something is different, ask why.

Know the trade-offs between simplicity, cost, and survivability.

Protect yourself against hackers.


25/26

Practical Challengers

Distributed response needed at many points on Internet

- attacks target more than one host

- wide deployment of any defense system cannot be enforce because Internet is administered in a distributedmanner

Economic and social factors

- distributed response system must be deployed by parties that do not suffer direct damage from DDoS

attacks- many good distributed solutions will achieve only sparse deployment

Lack of detailed attack information

- attacks scenarios are unique

Lack of defense system benchmarks

- currently no benchmark suite of attack scenarios that would enable comparison between defense systems

Difficulty of large-scale testing

- defenses need to be tested in a realistic environment

- lack of large-scale testbeds


26/26

Thank You !

Q&A

Documents

Protecting Your Business From DDoS Attacks