Upload
ericherrera09
View
218
Download
0
Embed Size (px)
Citation preview
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
1/19
3510
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
2/19
Stemming from the two terms Robot and Network,
Botnets (Zombie Army) are networked devices that
have been taken control by a master.
Control occurs through the use of a malicious
program (initially sent by the master)
The master (bot herder) is a person that dictates
commands to the controlled devices.
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
3/19
Installed without the permission of the
victim
Brought to victims computer by means of
virus/worm/trojan/other
Can go into dormant mode until awakened
by master
Commands may be dictated by Command
and Control server (usually an internet
relay chat)
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
4/19
BM creates controlling software with a means to spread
Gets it out to targeted/unaware victim
Once malware gets installed, computer is under control
Infected computer can infect others by sending spam to
mailbox
BOTNETS can be made to do things without the knowledge
of the victim!
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
5/19
Dont open emails from unknown senders and beweary of all links, even from contacts in mailbox.
Install an antivirus Install updates for programs
Dont install unknown programs
Use strong passwords
Dont turn off your firewall
A computer thats off (no wake-on-lan) cant behacked.
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
6/19
DDOS stands for Distributed Denial Of Service
attack
DDOS is a coordinated attack carried out by
multiple PCs or bots also known as botnets.
A DDoS works by crippling a network or denying
the target from providing it service/resources.
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
7/19
DDoS works by generating so much traffic thatthe target is unable to provide the services thatthey were intended to
Motivation of attack: extortion, politics,competition
Examples of attack: DDoS was used againstonline gambling firms to extort money. DDoSwas conducted as a politically motivated attackagainst the Georgian government.
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
8/19
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
9/19
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
10/19
Attacks specific services within theapplication layer
Consumes lower bandwidth
Targeted towards Web commerce, DNSservice, email, online banking, and datacenters
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
11/19
High volume of valuable sharedresources
Data centers use mission criticalapplications which make them a
target for extortion.
Uses virtualization which has manysecurity challenges
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
12/19
Acronym for Intrusion prevention system
Identifies malicious activity Logs activity information
Attempts to stop intrusion
Stateful solution
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
13/19
Provides policies and rules for network
traffic
Provides an intrusion detection system for
alerting system or network administrators
to suspicious traffic
Signature based detection
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
14/19
Although meant to prevent against
attackers when it comes to DDoS attacks
both the IPS and Firewall are rendered
somewhat ineffective.
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
15/19
Not necessarily designed to stop DDoS
attacks
Only address specific threats
Built to fight known threats
Can actually become the target of DDoS
attacks.
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
16/19
Firewalls do not have the capability to
detect or stop DDoS attacks, which use
open ports and protocols. Due to this
serious weakness firewalls are often the
first victims of DDoS attacks.
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
17/19
The IPS is normally deployed behind the
firewall.
This system inspects every packet and
tracks all connections. This is a
vulnerability because IPS is meant to
prevent malware from spreading across
the network. Due to these jobs the IPS canbecome overwhelmed, exhausting its
resources. Which can lead to latency in
networks.
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
18/19
Ideal solution for DDoS attacks
Stateless
Inline and out-of-band deploymentoptions
Scalable DDoS Mitigation
Stops Distributed Dos attacks
Multiple attack countermeasures
8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e
19/19