Andrzej Kroczek

a.kroczek@f5.com

Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg. F5 Networks

© F5 Networks, Inc 2

Mobility

SDDC/Cloud

Advanced threats

Internet ofThings

“Software defined”everything

HTTP is the new TCP

Technology Shifts Are Creating Opportunity

© F5 Networks, Inc 3

Frequency of attacks - 2014

Script kiddies

2014

The rise of hacktivism

Cyber war

Mar 04Meetup Event Planning – NTP Amplification attack carried out by extortionists

Feb 11oDesk – Temporary website disruption as result of DDoS attack

Feb 05Bitly – Outage as result of DDoS attack

Mar 24Basecamp – DDoS attack by extortionists

Mar 27SurveyGizmo – DDoS attack; Site down 2 days; ISP abandoned recovery

Mar 20Hootsuite – DDoS attack by extortionists

Mar 17Royalty Free Stock Images – DDoS attack by extortionists

Mar 11GitHub Code Host – UDP based Amplification attack

Feb 11Elance Freelance Job Site – NTP Reflection Attack; temporary website disruption

Feb 20Namecheap – Simultaneous attack on 300 websites it registers

© F5 Networks, Inc 4

The business impact of DDoS

Cost of corrective

action

Reputation management

The business impact of

DDoS

© F5 Networks, Inc 5

Which DDoS technology to use?

CLOUD/HOSTED SERVICE

• Completely off-premises so DDoS attacks can’t reach you

• Amortized defense across thousands

of customers• DNS anycast and multiple data

centers protect you

STRENGTHS

ON-PREMISES DEFENSE

• Direct control over infrastructure• Immediate mitigation with instant

response and reporting• Solutions can be architected to

independently scale of one another

STRENGTHS

• Customers pay, whether attacked or not

• Bound by terms of service agreement

• Solutions focus on specific layers (not all layers)

WEAKNESSES

• Many point solutions in market, few comprehensive DDoS solutions

• Can only mitigate up to max inbound connection size

• No other value. Only providing benefit when you get attacked. (excludes F5)

WEAKNESSES

© F5 Networks, Inc 6

Which DDoS technology to use?HYBRID MODEL CLOUD AND ON-PREM

• Combined on-premises and cloud solution to stop all attacks

• Amortized defense across thousands

of customers• DNS anycast and multiple data

centers protect you

• Immediate mitigation with instant response and reporting

• Direct control over on-premises infrastructure

• Solutions can be architected to independently scale of one another

STRENGTHS

© F5 Networks, Inc 7

Changing threatsincreasing in complexity that requires intelligence and on-going learning

Scalability and performanceNeeded to ensure

services are available during the onset of aggressive attacks

WebificationImpossible to build

safeguards into applications in a timely

manner

OwnershipChallenges with security

team making the dev team fix vulnerabilities

Attack visibilityIs often lacking details to truly track and identify

attacks and their source, and ensure compliance and

forensics

ComplianceMaintaining compliance

with government standards

Securing applications can be complex

© F5 Networks, Inc 8

F5 Offers Comprehensive DDoS Protection

Scanner Anonymous Proxies

Anonymous Requests

Botnet Attackers

Threat Intelligence Feed

Cloud Network Application

Legitimate

Users

DDoS Attackers

CloudScrubbing Service

Volumetric attacks and floods, operations

center experts, L3-7 known signature attacks

ISPa/b

Multiple ISP strategy

Network attacks:ICMP flood,UDP flood,SYN flood

DNS attacks:DNS amplification,

query flood,dictionary attack,

DNS poisoning

IPS

Networkand DNS

ApplicationHTTP attacks:

Slowloris,slow POST,

recursive POST/GET

Next-Generation

FirewallCorporate

Users

SSL attacks:SSL renegotiation,

SSL floodFinancialServices

E-Commerce

Subscriber

Strategic Point of Control

© F5 Networks, Inc 9

Use case

Load balancing multiple firewalls

Before f5

with f5

Consolidated datacenter protection

User

Attackers

Rising Security

Threats/Attacks

Load Balancing

Firewalls

Load Balancing w/

SSL

Network DDoS

Protection

Application DDoS

Protection

DNSSEC

Web Access Managemen

t

© F5 Networks, Inc 10

App Servers

ClassicServer

• Consolidation of firewall, app security, traffic management• Protection for data centers and application servers• High scale for the most common inbound protocols

Before f5

with f5

LoadBalancer

DNS Security

Network DDoS

Web Application Firewall

Web AccessManagement

LoadBalancer & SSL

Application DDoS

Firewall

Application Security

Data CenterFirewall

AccessSecurity

App Servers

ClassicServer

User

Consolidated datacenter protection