Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)

Published byGwendolyn Doyle Modified over 8 years ago

Similar presentations

Presentation on theme: "By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)"— Presentation transcript:

1 By Steve Shenfield COSC 480

2  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing) Clean Pipes Intrusion Prevention Systems(IPS)  Conclusion

3 Denial-of-Service  A malicious attempt by a single person or a group of people to cause the victim, site, or node to deny service to its customers. ex) inability to login to an account or access a website  Targeted resources: bandwidth, CPU, memory, disk capacity, or any combination

4  September 1996 - the very first DoS attack occurred against Panix(New York ISP) using SYN flood  January 2001 - first major attack involving DNS servers against Register.com  February 2007 - over 10,000 online game servers attacked by group RUS  December 2010 - a group called “Anonymous” successfully attacked Mastercard.com, PayPal, and Visa.com but failed against Amazon.com

5 185 Respondents2009 CSI Computer Crime and Security Survey

6  How much does a successful DoS attack cost? Estimated at $122,000 per attack in 2004 Up to 32 hours for security personal to counteract damages done  Interruption to services may negatively impact customer satisfaction and trust

7 Total Losses ≈45.6 million 194 Respondents Year = 2007 CSI 2007 Computer Crime and Security Survey

8  For Users Install system security mechanisms Protect yourself from being a zombie  For Businesses Security companies can guard a client’s network ex) Prolexis Technologies

9 Firewalls Pros  Will prevent simple flood attacks ex) SYN flood  Able to allow or deny protocols, ports, or IP addresses Cons  Unable to prevent more complex attacks

10 Switches & Routers Pros  Both have the ability to limit data rate  Both have network Access Control Lists ACLs are custom router filters Able to filter both inbound and outbound traffic Cons  Most can be easily overwhelmed

11 Blackholing  Attempts to mitigate the impact of an attack  Redirects traffic from attacked DNS or IP address to a “black hole” Then all traffic will be dropped  Must know IP address of attacker or else legitimate traffic will be dropped as well

12 Sinkholing  Routes suspicious traffic to a valid IP address where it can be analyzed  Capturing traffic and analyzing it can be done with a sniffer Traffic found to be malicious is rejected Cons  Unable to react to severe attacks as effectively as blackholing

13 Clean Pipes  Best used when deployed inside ISP  When an attack occurs, traffic is diverted to a cleaning center in the ISP Here the traffic is “cleaned” by specialized filtering devices and malicious activity is removed Only legitimate traffic is passed to the destination

14 Intrusion Prevention System(IPS)  Monitors network traffic for malicious activity Scans both inbound and outbound Searches for suspicious patterns known as signatures or rules  System logs malicious activity and will attempt to stop it

15  What have we learned? DoS Definition Brief History of Notable Attacks Damages/Losses for a Business Protect yourself from becoming a Zombie Defense Mechanisms

16  http://cisco.com/web/about/ac123/ac147/archived_issued/ipj_7- 4/dos_attacks.html http://cisco.com/web/about/ac123/ac147/archived_issued/ipj_7- 4/dos_attacks.html  http://docs.google.com/viewer?a=v&q=cache:Gs5vmKHFfpUJ:p athmaker.biz/whitepapers/CSISurvey2009.pdf http://docs.google.com/viewer?a=v&q=cache:Gs5vmKHFfpUJ:p athmaker.biz/whitepapers/CSISurvey2009.pdf  http://i.cmpnet.com/v2.gocsi.com/pdf/CSISurvey2007.pdf http://i.cmpnet.com/v2.gocsi.com/pdf/CSISurvey2007.pdf  www.tik.ee.ethz.ch/~ddosvax/talks/ddos_td.pdf www.tik.ee.ethz.ch/~ddosvax/talks/ddos_td.pdf  http://en.wikipedia.org/wiki/Denial-of-service_attack http://en.wikipedia.org/wiki/Denial-of-service_attack  http://www.csoroundtable.org/knowledge/there-business-case- it-security http://www.csoroundtable.org/knowledge/there-business-case- it-security  http://en.wikipedia.org/wiki/Intrusion_prevention_system http://en.wikipedia.org/wiki/Intrusion_prevention_system  http://csdl2.computer.org/comp/mags/ic/2009/06/mic200906001 0.pdf http://csdl2.computer.org/comp/mags/ic/2009/06/mic200906001 0.pdf

17

Download ppt "By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)"

Similar presentations

Denial of Service, Firewalls, and Intrusion Detection

Denial of Service, Firewalls, and Intrusion Detection
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies www.coresecurity.com.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Survey of Distributed Denial of Service Attacks and Popular Countermeasures Andrew Knotts, Kent State University Referenced from: Charalampos Patrikakis,Michalis.

Survey of Distributed Denial of Service Attacks and Popular Countermeasures Andrew Knotts, Kent State University Referenced from: Charalampos Patrikakis,Michalis.
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Similar presentations

Ads by Google