Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e

8/12/2019 Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e

1/19

3510


2/19

Stemming from the two terms Robot and Network,

Botnets (Zombie Army) are networked devices that

have been taken control by a master.

Control occurs through the use of a malicious

program (initially sent by the master)

The master (bot herder) is a person that dictates

commands to the controlled devices.


3/19

Installed without the permission of the

victim

Brought to victims computer by means of

virus/worm/trojan/other

Can go into dormant mode until awakened

by master

Commands may be dictated by Command

and Control server (usually an internet

relay chat)


4/19

BM creates controlling software with a means to spread

Gets it out to targeted/unaware victim

Once malware gets installed, computer is under control

Infected computer can infect others by sending spam to

mailbox

BOTNETS can be made to do things without the knowledge

of the victim!


5/19

Dont open emails from unknown senders and beweary of all links, even from contacts in mailbox.

Install an antivirus Install updates for programs

Dont install unknown programs

Use strong passwords

Dont turn off your firewall

A computer thats off (no wake-on-lan) cant behacked.


6/19

DDOS stands for Distributed Denial Of Service

attack

DDOS is a coordinated attack carried out by

multiple PCs or bots also known as botnets.

A DDoS works by crippling a network or denying

the target from providing it service/resources.


7/19

DDoS works by generating so much traffic thatthe target is unable to provide the services thatthey were intended to

Motivation of attack: extortion, politics,competition

Examples of attack: DDoS was used againstonline gambling firms to extort money. DDoSwas conducted as a politically motivated attackagainst the Georgian government.


8/19


9/19


10/19

Attacks specific services within theapplication layer

Consumes lower bandwidth

Targeted towards Web commerce, DNSservice, email, online banking, and datacenters


11/19

High volume of valuable sharedresources

Data centers use mission criticalapplications which make them a

target for extortion.

Uses virtualization which has manysecurity challenges


12/19

Acronym for Intrusion prevention system

Identifies malicious activity Logs activity information

Attempts to stop intrusion

Stateful solution


13/19

Provides policies and rules for network

traffic

Provides an intrusion detection system for

alerting system or network administrators

to suspicious traffic

Signature based detection


14/19

Although meant to prevent against

attackers when it comes to DDoS attacks

both the IPS and Firewall are rendered

somewhat ineffective.


15/19

Not necessarily designed to stop DDoS

attacks

Only address specific threats

Built to fight known threats

Can actually become the target of DDoS

attacks.


16/19

Firewalls do not have the capability to

detect or stop DDoS attacks, which use

open ports and protocols. Due to this

serious weakness firewalls are often the

first victims of DDoS attacks.


17/19

The IPS is normally deployed behind the

firewall.

This system inspects every packet and

tracks all connections. This is a

vulnerability because IPS is meant to

prevent malware from spreading across

the network. Due to these jobs the IPS canbecome overwhelmed, exhausting its

resources. Which can lead to latency in

networks.


18/19

Ideal solution for DDoS attacks

Stateless

Inline and out-of-band deploymentoptions

Scalable DDoS Mitigation

Stops Distributed Dos attacks

Multiple attack countermeasures


19/19

Documents

Bot Threats and Why IPS Devices and Firewalls Fail to Stop DDoS Threats e