DDoS Attacks on Financial Institutions Presentation

Slides:

Advertisements

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Advertisements

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.

CISCO NETWORKING ACADEMY PROGRAM (CNAP)

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Computer Security and Penetration Testing

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Lance West.  Just what is a Denial of Service (DoS) attack, and just how can it be used to attack a network.  A DoS attack involves exploiting operating.

Lecture 15 Denial of Service Attacks

DENIAL OF SERVICE ATTACK

Evil DDos Attacks and Strong Defenses Group 6: Yisi Lu, YuanTong Lu, Hao Wu, YuChen Liu, Hua Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.

1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

The Transmission Control Protocol (TCP) TCP is a protocol that specifies: –How to distinguish among multiple destinations on a given machine –How to initiate.

Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.

EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.

DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.

Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.

Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.

DoS/DDoS attack and defense

Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.

SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

Denial of Service Attacks Simulating Strategic Firewall Placement By James Box, J.A. Hamilton Jr., Adam Hathcock, Alan Hunt.

Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.

Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.

Denial-of-Service Attacks

Computer Network Security Dr. X. OSI stack… again.

AP Waseem Iqbal.  DoS is an attack on computer or network that reduces, restricts or prevents legitimate of its resources  In a DoS attack, attackers.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

An Introduction To ARP Spoofing & Other Attacks

Introduction to Information Security

CITA 352 Chapter 5 Port Scanning.

Instructor Materials Chapter 7 Network Security

Domain 4 – Communication and Network Security

Port Scanning (based on nmap tool)

Introduction to Networking

Network Security: DoS Attacks, Smurf Attack, & Worms

Network Security: IP Spoofing and Firewall

CS4622 Team 4 Worms, DoS, and Smurf Attacks

Intro to Denial of Serice Attacks

What Makes a Network Vulnerable?

Red Team Exercise Part 3 Week 4

Presentation transcript:

DDoS Attacks on Financial Institutions Presentation By: Chandler Strouse

What is DDoS? DDoS stands for Distributed Denial of Service Attempts to make an online service unavailable by overwhelming it with traffic Different types of attacks: Volumetric Protocol (State-Exhaustion) Application-Layer

Volumetric Attack Most common form of DDoS Floods network layer with traffic that appears legitimate Examples of Volumetric attacks: UDP Flood ICMP (Ping) Flood

Volumetric Attack: UDP Flood Floods random ports on a remote host with a huge number of UDP packets Causes host to constantly check for application listening at the port No application is found, replies with “Destination Unreachable” packet

Volumetric Attack: ICMP (Ping) Flood Similar to UDP Flood Sends vast numbers of ping packets without waiting for reply Host attempts to respond to all pings, consuming both incoming and outgoing bandwidth

Protocol Attack Also called state exhaustion, targets connection state tables in firewalls, app servers, etc. Consumes server resources and works to exhaust the limited number of concurrent connections device can support Examples of Protocol Attacks: Ping of Death SYN Flood

Protocol Attack: Ping of Death Defragments large ping packet and sends to server as fast as possible Target reassembles packet, causing a buffer overload Target tries to respond to ping packet and crashes

Protocol Attack: SYN Flood Exploits weakness in TCP Connection TCP uses three-way handshake: Request Host ACK Requester ACK SYN Flood sends multiple requests but doesn’t respond to ACKs Host system waits for ACK, binding resources and blocking traffic

Application-Layer Attack Attack targets weaknesses in an application or server Attempts to monopolize its processes and transactions Hardest to detect Mimics human behavior Can originate from single machine, generating less traffic Examples of Application-layer attacks: HTTP Flood Slowloris

Application-Layer Attack: HTTP Flood Sends seemingly harmless HTTP GET or HTTP POST requests to app Huge volumes of requests are sent and as app responds to each, resources are consumed Ideally, application will be manipulated into using the maximum possible resources to respond to each request

Application-Layer Attack: Slowloris Attacker sends partial request to target, however request is never completed and false connection is kept open Eventually, max concurrent connection limit is reached Effective because partial packets are used, rather than malformed packets, making it harder to detect Can prevent creation of log files

Botnets DDoS attacks are more effective with more computers Botnets are an interconnected network of infected computers Can be used to send spam emails, transmit viruses, or join in DDoS attacks Can in size range from a couple of computers to hundreds of thousands

Why Do People Use DDoS Attacks? Most common reason is money Extortion Heist Bank of the West Sabotage Rival Competitors Also used as a form of protest Anonymous CIA, Vatican, ISIS

Why are Financial Institutions Targeted? They control large amounts of money Large user base Support entire economy, other companies rely on them

Why are DDoS attacks so common? Number and Severity of DDoS attacks been constantly rising over past couple years Availability of powerful, free tools requiring minimal computer knowledge HOIC Relative cheapness of botnets

DDoS Defense? Impossible to prevent DDoS attacks Mitigate effects Increase capabilities of system, Ex: more server processing power ISPs can provide “burst” bandwidth Configure router or switch to filter nonessential protocols and stop invalid IPs

DDoS Response Plan Preparation During attack Post-Attack Create a team Role’s for each team member during an attack Asses Risks and vulnerabilities that could be exploited During attack Analyze network to differentiate DDoS traffic from real users Respond to attack by configuring filters to discard incoming packets or avoid sending unnecessary response packets Post-Attack Analyze damages Adapt plan to better deal with next attack

Conclusion DDoS attacks are becoming more common and more severe Must prepare for attacks Response plan Many reasons for attacks, but money is the most common reason Because of this, Financial Institutions must take extra precaution to prepare for inevitable attacks