Will you fear me –...
3
First, who is this group called Anonymous? Put simply, it is an international cabal of criminal hackers dating back to 2003, who have shut down the websites of the U.S. Department of Justice and the F.B.I. They have hacked into the phone lines of Scotland Yard. They are responsible for attacks against MasterCard, Visa, Sony and the Governments of the U.S., U.K., Turkey, Australia, Egypt, Algeria, Libya, Iran, Chile, Colombia and New Zealand. (Source: Wikipedia)
Disruption and Denial of Service
– caused by hundreds of thousands of computers
May I be your nightmare....
4 Ever read about your own death on your Website?
Security Attacks and Damage Increasing Rapidly
6
Exponential growth in new threats
Number of vulnerabilities discovered in apps is far greater
than in OS
Hacking changed from “Hobby” to prosperous Business!
Cybercrime economy estimated at $ 1 trillion in 2009!
The Source(s) of the Problem
The Internet
Flawed software
Known vulnerabilities
Unknown (zero-day)
vulnerabilities
Misconfiguration
Network
Servers
Clients
The Damage
Loss of data
Loss of time
Monetary loss
Disabled/crippled
services
Legal exposure
Loss of reputation
Types of Vulnerabilities
Network Security Threats
Malware
•
Viruses
•
Worms
•
Trojans
•
Rootkits
•
Spyware
•
Spam
•
Malicious
adware/scareware
Evasion techniques
All of them are
malicious…..
It
´
s all about – “Making Money”
Unauthorized bank, credit card transactions
Advance fees (Nigeria)
Product sales
Scareware adware
Criminal services
Toolkits
Stolen account information
CAPTCHA-breaking services
Virus testing
The solution:
Security Appliances (?)
Security Mechanisms/Devices
Firewall
VPN gateway
Intrusion prevention (IPS)
URL filtering
Anti-virus
Anti-spam
Individual devices or combined
Unified Threat Management
(UTM)
Feb 11, 2010
Fortinet ships 500,000th ISA
SonicWall NSA Series (now Dell)
Network Security Devices
Measuring Security Devices
Effectiveness
Accuracy
Performance
•
Full load
•
Real-world multiplay traffic
Network Security Testing
24
Known Vulnerabilities
Unknown
Vulnerabilities
Massive DDoS
Line-rate multiplay
traffic
Encrypted traffic
• Viruses
• Spam
• Trojans
• Rootkits
• Spyware
• Adware
• Network attacks
• Many thousands of
vulnerabilities (CVE)
• Dozens of evasion
techniques
Network Security Testing
25
Known
vulnerabilities
(BPS/Ixia)
Unknown
vulnerabilities
(BreakingPoint)
Massive DDoS
Line-rate multiplay
traffic
Encrypted traffic
• ARP flood • PING
• Ping of death • Smurf
• Unreachable host • Land
• Teardrop • SYN flood • SYN/ACK • FIN flood
• UDP fragment flood • ACK fragment flood • DNS flood
• Evasive UDP • PING sweek • Xmas tree • …
Network Security Testing
26
Known vulnerabilities
Unknown
Vulnerabilities (BPS)
Massive DDoS
Line-rate multiplay
traffic
Encrypted traffic
•
IPSec
Trade-offs: DoS Attack Impact on Performance
Results from an actual firewall test
DoS Attack begins DoS Attack ends
Customer traffic degradation
IPsec performance degradation
Distributed
What Motivates DDoS Attackers?
Illegal, yet happen frequently
Easy to implement, easy to
hide
Monetary gain
DDoS as a service
DDoS blackmail
Payback and revenge
Take down competitive websites
Personal attack
Political
Practicing DDoS attacks
For fun
Botnets
What are botnets? Automated software that controls a collection of zombie machines How big are they?
100,000+ zombies in large botnets
Generate DDoS traffic at rates of 10 Gbps to 100 Gbps
Unexpected Peak Hours
DDoS attacks can be the result of an
overwhelming number of legitimate
Google recognized a DDoS pattern when
millions of search queries for Michael J. death
had an unexpected peak for several hours
Security in the Cloud
Cloud Service Providers
Cloud Service Providers Say Data Security “Not My
Job”: eWeek.com May, 2010
•
Ponemon Institute survey:
103 US providers, 24 European providers
73% of U.S. providers: services did not substantially
secure sensitive information
69% didn’t believe securing data was their responsibility.
Majority don’t have dedicated security personnel
Cloud providers are least confident in their ability to:
•
Restrict privileged user access to sensitive data
•
Ensure proper data segregation requirements
Virtualization Vulnerabilities
Hyper-jacking
VM escape
VM hopping
VM theft
VM sprawl
VM Migration Vulnerability
Mobile Security
Wireless Network Security
Air interface
Applications
•
Thousands each day
•
Often written by novice programmers
•
Vendors can’t review everything
Anti-virus often not installed
Smartphone OS targets
•
iPhone
•
Android
Testing Network Security Devices
Testing Network Security Devices
Security effectiveness
•
Ability to detect and block malicious traffic
•
Effectiveness = blocked attacks / attempted attacks
Detection accuracy
•
False positives
•
Blocking legitimate traffic = denial of service
Scale and performance
•
Application delivery performance
•
QoE impact when handling attacks
•
Resistance against high rates or volumes of attacks
•
IPsec performance, especially for wireless gateways
Availability
Vendors Test Individual Components
40
Enterprises need to test Entire Networks
IxLoad-Attack
Ixia’s comprehensive network security solution that
validates:
Security effectiveness
Security accuracy
Performance impact
IxLoad-Attack test modules
Vulnerabilities and malware
DoS and DDoS
Multiplay traffic generator
Data theft simulation
IPsec, SSL and GTP
Vulnerabilities & Malware Data Leakage SSN, Credit Cards Data, Classified Information Distributed Denial of Service Effectiveness Accuracy Performance Real-world multiplay traffic IPsec, SSL & GTP
What is it all about?
43 • Making sure you can defend against the broad range of Threats
• Making sure you are supporting the „real“ Traffic Mix
• Making sure the Evolution of Applications are safe / secure against the Evolution of Threats
• Every IT-Infrastructure is UNIQUE Vendor´s datasheets will never show the real world! They just show a small part of their secure Lab environment.
What type of Stability Test do we offer ?
With BreakingPoint: IPv4 and IPv6 Fuzzing Tests
44
L3 Fuzzing - Stack Scrambler – Malformed IP Frames
L4 Fuzzing - Stack Scrambler – Malformed TCP and UDP Flows L7 Fuzzing - Application Simulator – Malformed Applications
• IPv4 and IPv6 Traffic Impairment Test
- Drop packet - Frack packet
- Corrupt packet in bytes 1-64 - Corrupt packet in bytes 65-256 - Corrupt packet in bytes 257-end - Randomly corrupt packet
- Corrupt IP checksum
Targeted Security Devices
Targets a broad array of threat management devices:
Intrusion prevention systems (IPS)
Unified threat management (UTM)
Firewalls
VPN Gateways
Data Leakage Prevention
Content Filtering
URL Filtering
Anti-Virus
IxLoad-Attack Delivers
Vulnerability & Malware
Testing
9,000+ unique attacks
Evasion techniques
Bidirectional attacks
Frequent attack updates
Attacks over IPsec
Security effectiveness under Load
Attack injection with legitimate traffic
Detailed user QoE measurements
Vulnerabilities and malware injected over IPsec
DoS and DDoS
Line rate 1GE and 10GE
26 DDoS attacks layer
2/4
Data leakage prevention
Transmission of confidential data
Email, HTTP, FTP, IM
ZIP Archive, PDF, XLS, DOC
Performance benchmarking
UDP and TCP performance
Test Results
Firewall performance while enabling network
security services
•
42Gbps firewall mode, 32 Gbps IPS, 12 Gbps GAV
Effectiveness of threat detection and prevention
•
Stateful TCP application traffic @10 Gbps
•
200 high severity attacks blocked @ 99%
•
No appreciable CPU utilization impact with full DPI
Security performance while under massive attacks
1Gbps DDoS, vulnerability attacks, 10Gbps application
traffic
1,200,000 DDoS packets per second
CPU utilization increased 30%, no appreciable HTTP
The right gear – delivered by Ixia
52 Network- and Security Test
Equipment and Services for known and unknown Security Threats in Wired, Wireless, Virtual and Mobile
Most efficient Security Monitoring
Sie finden uns in Halle 12 -Stand 12.0-118 IXIA / BreakingPoint -Stand 12.0-543 IXIA / Anue
-Stand 12.0-449 IXIA
IXIA / Anue
iPhone5 – Ziehung um 15:00 UHR
Stand 449 – Halle 12
Thank You
Any questions feel free to contact me at [email protected]
