• No results found

Introduction about DDoS. Security Functional Requirements

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Introduction about DDoS. Security Functional Requirements"

Copied!
16
0
0

Loading.... (view fulltext now)

Download now ( 16 Page )

Full text

(1)

S

W

G

IT P

Security Functional Requirements

S

tandard

W

ins

G

lobal

IT P

ower

Security Functional Requirements

for Anti-DDoS Products

Jun Woo Park

([email protected])

TTA, Korea

Global Leader of ICT Standardization & Certification

(2)

Introduction about DDoS

Security Functional Requirements

(3)

I.

Introduction about DDoS

Standard

Wins

Global

IT Power

I.

Introduction about DDoS

01

Introduction about DDoS

02

DDoS Attack Process

03

Methods of DDoS Attack

04

Operating Environment

(4)

S

tandard

W

ins

G

lobal

IT P

ower

01. Introduction about DDoS

DDoS(Distributed Denial of Service)

• Multiple systems flood the bandwidth or resources of a

• Multiple systems flood the bandwidth or resources of a

target system

Multiple systems(computers) attempt to access a particular

Multiple systems(computers) attempt to access a particular

server a lot at the same time

The attack depletes resources of a target server or floods

The attack depletes resources of a target server or floods

the network bandwidth

• Symptoms

• Symptoms

Unusually slow network performance

– Opening files or accessing web sites

– Opening files or accessing web sites

(5)

S

tandard

W

ins

G

lobal

IT P

ower

02. DDoS Attack Process

(6)

S

tandard

W

ins

G

lobal

IT P

ower

03. Methods of DDoS Attack

The

attacks

are

generally

classified

into

flood

and

application level.

Method

DDoS Attack

Method

DDoS Attack

Single

- TCP Syn Flood

- TCP Ack Flood

- ICMP Flood

- TCP Syn-Ack Flood

- TCP Fin Flood

Flood

Single

- ICMP Flood

- TCP Multi-connection

- TCP Fin Flood

- UDP Flood

- ICMP+UDP Flood

- ICMP+TCP Flood

Mixture

- UDP+TCP Flood

(7)

S

tandard

W

ins

G

lobal

IT P

ower

03. Methods of DDoS Attack

Method

DDoS Attack

Single

- TCP Syn Flood

- TCP Ack Flood

- ICMP Flood

-TCP Syn-Ack Flood

- TCP Fin Flood

- UDP Flood

Flood

- TCP Multi-connection

- UDP Flood

- ICMP+UDP Flood

- UDP+TCP Flood

Mixture

- UDP+TCP Flood

- ICMP+UDP+TCP

Flood

- ICMP+TCP Flood

- Valid HTTP GET Flood

Application Level

Single

- Valid HTTP GET Flood

- Invalid HTTP GET Flood

- CC(Cache Control)

- DNS Query Flood

Application Level

- DNS Query Flood

- Low bandwidth HTTP DoS

Mixture

- CC+TCP Flood

(8)

S

tandard

W

ins

G

lobal

IT P

ower

04. Operating Environment

Inline(In-Path) Configuration

• Inline appliances are Generally deployed near the

• Inline appliances are Generally deployed near the

network firewall and in the direct flow of network traffic.

• And also have the beneficial property of viewing all

inbound traffic perspective.

inbound traffic perspective.

(9)

S

tandard

W

ins

G

lobal

IT P

ower

04. Operating Environment

Out-of-Path Configuration

• Anti-DDoS is not in the direct path of the network traffic.

• Anti-DDoS is not in the direct path of the network traffic.

• A network traffic redirection technique is used to forward

traffic to the appliance.

• Consist of mirroring device, detection sense, and

blocking device

(10)

II.

Security Functional Requirements

Standard

Wins

Global

IT Power

II.

Security Functional Requirements

01

Security Functional Requirements

02

Testing Anti-DDoS Products

(11)

S

tandard

W

ins

G

lobal

IT P

ower

01. Security Functional Requirements

Security Functions against DDoS attack

Security Functions

Contents

Security Functions

Contents

Detection/Block

- Countermeasure against the DDoS

attacks such as Flood , Fragmentation,

Detection/Block

attacks such as Flood , Fragmentation,

Application Level

- Audit generation of the detected and

blocked traffic

Trace

blocked traffic

- Alarm

- Traffic monitoring

Identification &

- Identification and authentication for an

Identification &

Authentication

- Identification and authentication for an

administrator

Security Management

- Policy setting and audit view

(12)

S

tandard

W

ins

G

lobal

IT P

ower

02. Testing Anti-DDoS Products

The throughput capacity should be considered unlike

other network security products.

• DDoS attack has properties of flooding network

bandwidth and depleting resources of a target system.

The throughput capacity of the products has to be verified.

• Security functions are affected by the throughput.

• Security functions are affected by the throughput.

And also, security functions(Detecting and Blocking) have

to be tested.

(13)

S

tandard

W

ins

G

lobal

IT P

ower

02. Testing Anti-DDoS Products

Testing traffic for throughput capacity of the product

Method

Target

Traffic

Load

Method

Target

Traffic

Load

Normal Traffic

Sever

Fragmented UDP

100% of the throughput

capacity

Testing traffic for security functions(Detecting & Blocking)

Method

Target

Traffic

Load

Method

Target

Traffic

Load

Attack Traffic

Victim

All methods of DDoS

attack

90% of the throughput

capacity

attack

capacity

Checking

Victim

Victim

HTTP

1 tps

5~10% of the

Normal Traffic

Server

HTTP

5~10% of the

throughput capacity

(14)

S

tandard

W

ins

G

lobal

IT P

ower

02. Testing Anti-DDoS Products

Test cases

Test

Test Items

- Throughput

- Packet Latency

Verification of throughput

- Packet Latency

- Max Connection

- Packet Loss

- Detection time of attack packet

- Blocking time of attack packet

Detection / Block

- Blocking time of attack packet

- Blocking rate of attack packet

- Success rate of normal packet

- Connection with victim server

(15)

S

tandard

W

ins

G

lobal

IT P

ower

03. Certified Products

Certified Products (Domestic)

Company

Product

EAL

Secui.com

SECUI NXG D V1.0

EAL4

Secui.com

SECUI NXG D V1.0

EAL4

Nowcom

SNIPER DDX V5.0.xg

EAL3

Nowcom

SNIPER DDX V5.1

EAL4

COMTRUE

DDoSCop-v2.0

EAL2

COMTRUE

(16)

S

tandard

W

ins

G

lobal

IT P

ower

Thank You

Global Leader of ICT Standardization & Certification

References

Download now ( PDF - 16 Page - 3.31 MB )

Related documents

LEP NOTES – Succession

Since the disinherited heir loses not only his legitime but any share in the free portion, again divide the P100,000 estate equally among the 4 instituted children.. (c) T has

HIGHEST PRIORITY CHALLENGE TOPICS

autism, comparative effectiveness trials of treatments for autism spectrum disorders (ASD) provide significant recruitment challenges to include well-phenotyped samples. Autism

Palliative Care in Heart Failure: Rationale, Evidence, and Future Priorities

Yet, an increase in attention to primary palliative care (e.g., basic physical and emotional symptom management, advance care planning), provided by primary care and

JESSICA BETH RODELL EDUCATION. University of Florida, 2006

 Hierarchical   representations  of  the  five-­‐factor  model  of  personality  in  predicting  job   performance:  Integrating  three  organizing

J. RONALD HOFFMEISTER

College of Business Summer Research Grant Program, 1988-1989 College of Business Summer Research Grant Program, 1987-1998 College of Business, Council of 100 Summer Grant Program,

The formation of traditional music and regional pop music community in popular social media

Besides employing the Pahang dialect into the lyrics, Anok Semantan also displays visual images of local element by wearing traditional fashions on music covers and in some

instructorsmanualforprinciplesofeconometricsfourtheditionwilliame-150910183908-lva1-app6892.pdf

However, from a statistical point of view, all the estimated coefficients are not significantly different from zero; the large standard errors suggest the estimates are

(The English Language Series) Gunnel Melchers, Philip Shaw-World Englishes-Routledge (2011).pdf

In most West African countries pidgin is widely spoken between speakers of different African languages, although in Northern Nigeria, Hau- sa, rather than pidgin, functions as a