Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg

Published byVernon West Modified over 8 years ago

Similar presentations

Presentation on theme: "Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg"— Presentation transcript:

1 Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg
Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg. F5 Networks Andrzej Kroczek

2 “Software defined” everything
Technology Shifts Are Creating Opportunity Advanced threats “Software defined” everything Internet of Things SDDC/Cloud Mobility HTTP is the new TCP

3 Frequency of attacks - 2014 Script kiddies The rise of hacktivism
Feb 05 Bitly – Outage as result of DDoS attack Feb 11 Elance Freelance Job Site – NTP Reflection Attack; temporary website disruption Feb 11 oDesk – Temporary website disruption as result of DDoS attack Feb 20 Namecheap – Simultaneous attack on 300 websites it registers Mar 04 Meetup Event Planning – NTP Amplification attack carried out by extortionists Mar 11 GitHub Code Host – UDP based Amplification attack Mar 17 Royalty Free Stock Images – DDoS attack by extortionists Mar 20 Hootsuite – DDoS attack by extortionists Mar 24 Basecamp – DDoS attack by extortionists Mar 27 SurveyGizmo – DDoS attack; Site down 2 days; ISP abandoned recovery 2014 Script kiddies The rise of hacktivism Cyber war

4 The business impact of DDoS
Cost of corrective action Reputation management

5 Which DDoS technology to use?
Cloud/Hosted Service Completely off-premises so DDoS attacks can’t reach you Amortized defense across thousands of customers DNS anycast and multiple data centers protect you Strengths On-Premises Defense Direct control over infrastructure Immediate mitigation with instant response and reporting Solutions can be architected to independently scale of one another Strengths Customers pay, whether attacked or not Bound by terms of service agreement Solutions focus on specific layers (not all layers) Weaknesses Many point solutions in market, few comprehensive DDoS solutions Can only mitigate up to max inbound connection size No other value. Only providing benefit when you get attacked. (excludes F5)

6 Which DDoS technology to use?
HyBRID Model Cloud and On-Prem Combined on-premises and cloud solution to stop all attacks Amortized defense across thousands of customers DNS anycast and multiple data centers protect you Immediate mitigation with instant response and reporting Direct control over on-premises infrastructure Solutions can be architected to independently scale of one another Strengths

7 Securing applications can be complex
Ownership Challenges with security team making the dev team fix vulnerabilities Attack visibility Is often lacking details to truly track and identify attacks and their source, and ensure compliance and forensics Changing threats increasing in complexity that requires intelligence and on- going learning Webification Impossible to build safeguards into applications in a timely manner Scalability and performance Needed to ensure services are available during the onset of aggressive attacks Compliance Maintaining compliance with government standards

8 F5 Offers Comprehensive DDoS Protection
Threat Intelligence Feed Next-Generation Firewall Corporate Users Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Cloud Network Application Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood Financial Services Multiple ISP strategy Legitimate Users Cloud Scrubbing Service E-Commerce ISPa/b Network and DNS Application DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning HTTP attacks: Slowloris, slow POST, recursive POST/GET DDoS Attackers Volumetric attacks and floods, operations center experts, L3-7 known signature attacks Subscriber IPS Strategic Point of Control

9 Consolidated datacenter protection
Use case Before f5 Network DDoS Protection Application DDoS Protection Web Access Management Attackers Load Balancing Load Balancing w/ SSL User Firewalls DNSSEC Rising Security Threats/Attacks with f5 Load balancing multiple firewalls Load balancing application s Separate approaches to securing against attacks

10 Consolidated datacenter protection
App Servers Classic Server Network DDoS Application DDoS Web Access Management Before f5 Firewall Load Balancer & SSL Load Balancer with f5 DNS Security Web Application Firewall Access Security App Servers Classic Server Data Center Firewall Application  Security User Consolidation of firewall, app security, traffic management Protection for data centers and application servers High scale for the most common inbound protocols

11

Download ppt "Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg"

Similar presentations

© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.

© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
Akamai DNS Offerings RSA © Conference 2013. ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.

Akamai DNS Offerings RSA © Conference ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Domain Name System (DNS) Network Security Asset or Achilles.

1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Domain Name System (DNS) Network Security Asset or Achilles.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
With the Help of the Microsoft Azure Platform, Devbridge Group Provides Powerful, Flexible, and Scalable Responsive Web Solutions MICROSOFT AZURE ISV PROFILE:

With the Help of the Microsoft Azure Platform, Devbridge Group Provides Powerful, Flexible, and Scalable Responsive Web Solutions MICROSOFT AZURE ISV PROFILE:
Arbor Multi-Layer Cloud DDoS Protection

Arbor Multi-Layer Cloud DDoS Protection
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
Worldwide Infrastructure Security Report C F Chui, Arbor Networks.

Worldwide Infrastructure Security Report C F Chui, Arbor Networks.
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager
Beyond DDoS: Case Studies on Attack Mitigation for Financial Services Mike Kun and Patrick Laverty, Akamai CSIRT.

Beyond DDoS: Case Studies on Attack Mitigation for Financial Services Mike Kun and Patrick Laverty, Akamai CSIRT.
ISSA Nashville Chapter, May 17 th 2013 Alexander Karstens Senior Systems Engineer IXIA Communications Preparing your organization for DDoS.

ISSA Nashville Chapter, May 17 th 2013 Alexander Karstens Senior Systems Engineer IXIA Communications Preparing your organization for DDoS.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.

Similar presentations

Ads by Google