Sample Presentation Title Placed Here Presentation Author … · 2016-03-16 · DefensePro...

APDoS-高階持續性的癱瘓式攻擊

Radware Taiwan

Benson Chen

DoS/DDoS也有APT???

2

https://en.wikipedia.org/wiki/Denial-of-service_attack#Distributed_attack







標準DDoS和APDoS有何不同??

3

標準DDoS APDoS

Layer4攻擊多數以高速或慢速攻擊造成網路設備無法負荷，而Layer7攻擊多數以高速的方式造成應用服務停擺

包括了常見標準DoS/DDoS攻擊

Layer4或Layer7的攻擊多數針對已知的IP及服務

持續了解並偵查(誘騙及檢測)不同有用的訊息例如: 有效IP、防護設備、L7 Challenge方式、Behavioral計算方式、Threshold計算方式或Byte的限制方式。

運用不同的Mbps、PPS或CPS等不同種類的Layer4或Layer7攻擊

持續攻擊並製作一個或多個不同種類的攻擊方式，想辦法繞過防護設備。攻擊時間也許一週、也許一個月、也許更久。大頻寬式攻擊

標準DDoS攻擊

4 4

APDoS-持續了解、偵查及攻擊

5

IPS/IDS/WAF/Virus Wall

API Cloud Service

Service

Encryption App parameter

IP Address

Internet Pipe Firewall/UTM Load Balancer/ADC Server SQL Server

Standard

DoS/DDoS

Overload/Bypass

Auto-Learning

DoS/DDoS

Behavioral

Challenge

Bypass

Byte/Threshold

Challenge

Bypass

了解自己，提升防護能力

Layer 4 Attack

7 7

• 架構:

– Asymmetric or Symmetric

• Behaviroal 演算方式:

– 防護的演算方式

– 多久能進行防護

– 誤判率及防護率

– 可防護的種類

– 可同時防護的數量

• Stateful及Stateless設備的極限:

– 線上設備哪些是Stateful?哪些是Stateless?


– Threshold/Byte 精準度

• 頻寬的極限:

– 多少頻寬量攻擊會造成滿載

– 頻寬Upgrade及提供清洗服務需花多少時間

• External Router的處理能力:

– 對於不同種類的Layer4攻擊，Router可負荷之能力

• Server的處理能力:

– 對於不同種類的Layer4攻擊，Router可負荷之能力

Layer 7 Attack

8 8

• Security 防護的極限:

– 防護設備於何種狀況會Overload/Bypass


– Threshold/Byte的精準度

– 攻擊採樣的方式

• L7 Challenge 種類方式:

– 有多少Challenge種類及演算方式

– 多久能進行防護，是否容易Bypass

– Challenge是否會影響服務

– 可防護的種類(HTTP/HTTPS/DNS….)

– 如果Challenge失效是否有其它防護方式?

• Server/Business的狀態:

– 是否有服務進行加密或使用API?

– 哪些服務無法中斷?

– Client的連線的流程及所需保護的設備有哪些?

– ADC相關應用??

– 後端DB可負荷之能力?

Radware Attack Mitigation System/Service

Our Track Record

Global Technology Partners

Over 10,000 Customers

10

43.7

54.8

68.4 77.6 81.4

88.6 94.6

108.9

144.1

167.0

189.2 193.0

221.9

1%

25%

25% 13% 5%

9% 7%

15%

32%

16%

13% 2%

15%

50.00

100.00

150.00

200.00

2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014

USD Millions

Company Growth

Our Behavioral protection-3 party certificate & Gartner

11

Multi-vector attacks target all layers of the infrastructure

Radware AMS 彈性的解決方式

IPS/IDS

“Low & Slow” DoS

attacks (e.g.Slowloris)

Large volume network

flood attacks

Syn

Floods

Network

Scan

HTTP Floods

SSL Floods App Misuse

Brute Force

Cloud DDoS protection DoS protection Behavioral analysis IPS WAF SSL protection

Internet Pipe Firewall Load Balancer/ADC Server Under Attack SQL Server

12

XSS, CSRF SQL Injections

DefensePro 多層次防護

Behavioral-based protections

DME DDoS Mitigation Engine

L7 Regex Acceleration

ASIC Multi Purpose Multi Cores CPU’s

& Reputation Engine

Hardware Architecture – Tailored for Attack Mitigation

13 Radware Confidential

讓自動學習防護成為您真正的幫手-Layer 4 Attack

0.0%

100.0%

TCP Flag Distribution Analysis

0.0%

50.0%

100.0%TCP Flag Distribution

Analysis Rate Analysis Flash Crowd

RST Flood

Attack

Rate Analysis

Rate/Rate Invariant Behavioral Technology Real Time Signature Technology

Closed

Feedback

INITIAL FILTER

START

MITIGATION

FINAL FILTER

0 Up to 10 sec 10+X

sec

Best Detection Accuracy Best Mitigation Accuracy Best Time to Protection

六種不同的Challenge幫您辨識駭客

15

302 Redirect、Java、 Advance Java、Cloud Java、Active/Passive Challenge互動服務能針對使用者連線進行確認，提供了更準確及高速度的防範。一旦發現使用者其實為攻擊主機，管理員服務就會即時進行丟棄，確保後端服務的品質及穩定。

Detect & learn Learning stops

Characterization state

Attack detected by

Detection Engines

Detect

Suspicious

Sources

Identify Attack

Sources

Mitigation state

Block HTTP traffic

from attack sources

Attack

Termination

Detect & Learn again

Time

Learning only

HTTP Mitigator 自動化防護技術

Slide 16

DNS自動化防護機制

Perimeter

DefensePro

DNS Firewall IPS

Alteon

Stateless ensure Secure DNS Delivery without compromising high performance and availability

Flood Attacks

Server Brute Force

Stateless Compliance

Tier-1

Statelessness

High Performance

Ensure Availability

Layer 7 採樣技術

Slide 18

Volumetric FTP vulnerability Attacks

FTP Servers Attacker

FTP vulnerability attacks





Suspend

Attack

Source IP

強化您SSL應用的安全

快速佈署，快速防護

最低延遲，最高效能

無需提交真正加密金鑰，確保客戶的個資保密

完全自動，無須人工介入

Radware DefenseSSL進階防護

獨特的SSL攻擊緩解解決方案

19

來源指紋探測系統

Combining all the parameters together to obtain a

unique identifier of the actual device

Independent of the IP Address

Browser Plugins Info OS Info

Canvas Info Fonts Info

Local Network Info

20

效能監控，確保服務品質

Datacenter Application Dashboard View:

Presents current and time-series

application performance data in the

datacenter in the left and right panes,

respectively

Hovering over a transaction

presents the volume and the

%SLA and allows to drill-

down to the transaction

details

APSolute Vision協助IT人員更容易管理:

彈性

即時判別,分類,與反應攻擊事件與風險

靈活性

依照用戶別提供即時監控表與歷史報表功能

效率性

簡易管理資料中心設備

提升IT生產力集中控管政策建立, 管理, 及分派加強政策部署的穩定及速度全面控管並可滿足區域性的管理要求

最簡易的管理

22

Emergency Response Team (ERT)-You’re not alone

Protecting against top

attack campaigns

Emergency Response Team (ERT)

- 24x7 team of security experts for

fast mitigation under attack

23

Distributed Mitigation-AMS

24

Traditional

Protection

New Behavioral

Protection

Clean

Traffic

Attack

Know DoS/DDoS

Tool

TCP Layer attack

UDP Layer attack

Fragment Attack

ICMP network attack

Other: IP flood

DNS attack

HTTP attack

SIP attack

SSL attack

Low and Slow attack

APDoS attack

Connection attack

…….

Signature

Detection

Rate-based Challenge

Application

Behavioral Analysis

Network Behavioral

Analysis

Stateful Inspection

SYN for ACK/Request

Thanks!

Sample Presentation Title Placed Here Presentation Author … · 2016-03-16 · DefensePro...

Documents

Transcript of Sample Presentation Title Placed Here Presentation Author … · 2016-03-16 · DefensePro...