Embed Size (px)
DESCRIPTION
Orange Business Services explores DDoS, how to protect your company from and best deal with attacks.
Citation preview
1
under DDoS attack ?call your Internet Service Provider !Vincent MAURINProducts & Services Development - Security Domain Leader
October 7th, 2011
under DDoS attack ? call your Internet Service Provider !France Telecom - Orange
unrestricted2
how the story began ?
comprehensive Arbor deployment
summer 2011 possible attacks
three-way handshake
see it in action
Umbrella by Orange Business Services
under attack ? call your ISP !
under DDoS attack ? call your Internet Service Provider !France Telecom - Orange
unrestricted3
“ from a rising number of attacks …
... and IP services slowdown or unavailability
…
… to a preventive DDoS protection ”
how the story began ?
under DDoS attack ? call your Internet Service Provider !France Telecom - Orange
unrestricted4
network flow analysis
DDoS detection
DDoS mitigation
comprehensive Arbor deployment
under DDoS attack ? call your Internet Service Provider !France Telecom - Orange
unrestricted5
frequency : every 16 hours, every 30 hours
duration : 85% of anomalies < 2 hours, max of
19 hours
throughput : 76 Mbps/179 Kpps (668 Mbps/2,8
Mpps)
targets : 71% are providers, banks, services,
government
summer 2011 possible attacks
under DDoS attack ? call your Internet Service Provider !France Telecom - Orange
unrestricted6
assess your IP services and network
topology
learn from traffic and detect anomalies
mitigate and follow-up the attack
three-way handshake
123
under DDoS attack ? call your Internet Service Provider !France Telecom - Orange
unrestricted7
stateless tracking mode
non-intrusive for customers devices
triggers on customized thresholds
auto-learning network behavior
learn from traffic and detect
anomalies
under DDoS attack ? call your Internet Service Provider !France Telecom - Orange
unrestricted8
selective blackholing or cleaning with
customer
select geo-based traffic (e.g. France or EU)
rate limiting, packets filtering
communication on ongoing attack
your IP services still available
mitigate and follow-up the attack
under DDoS attack ? call your Internet Service Provider !France Telecom - Orange
unrestricted9
customer ITinfrastructure
customer ITinfrastructure
Orange Business ServicesIP backbone
Orange Business ServicesIP backbone
see it in action : peace time
Orange FranceIP backbone
Orange FranceIP backbone
OrangeTransit IP backbone
OrangeTransit IP backbone
Internet Service Provider
Internet Service Provider
ISPISP
ISPISP
ISPISP cleaning center
cleaning center
under DDoS attack ? call your Internet Service Provider !France Telecom - Orange
unrestricted10
customer ITinfrastructure
customer ITinfrastructure
Orange Business ServicesIP backbone
Orange Business ServicesIP backbone
see it in action : under attack
Orange FranceIP backbone
Orange FranceIP backbone
OrangeTransit IP backbone
OrangeTransit IP backbone
Internet Service Provider
Internet Service Provider
ISPISP
ISPISP
ISPISP cleaning center
cleaning center
under DDoS attack ? call your Internet Service Provider !France Telecom - Orange
unrestricted11
customer ITinfrastructure
customer ITinfrastructure
Orange Business ServicesIP backbone
Orange Business ServicesIP backbone
see it in action : traffic off-ramp
Orange FranceIP backbone
Orange FranceIP backbone
OrangeTransit IP backbone
OrangeTransit IP backbone
Internet Service Provider
Internet Service Provider
ISPISP
ISPISP
ISPISP cleaning center
cleaning center
under DDoS attack ? call your Internet Service Provider !France Telecom - Orange
unrestricted12
customer ITinfrastructure
customer ITinfrastructure
Orange Business ServicesIP backbone
Orange Business ServicesIP backbone
see it in action : mitigation
Orange FranceIP backbone
Orange FranceIP backbone
OrangeTransit IP backbone
OrangeTransit IP backbone
Internet Service Provider
Internet Service Provider
ISPISP
ISPISP
ISPISP cleaning center
cleaning center
under DDoS attack ? call your Internet Service Provider !France Telecom - Orange
unrestricted13
customer ITinfrastructure
customer ITinfrastructure
Orange Business ServicesIP backbone
Orange Business ServicesIP backbone
see it in action : rollback
Orange FranceIP backbone
Orange FranceIP backbone
OrangeTransit IP backbone
OrangeTransit IP backbone
Internet Service Provider
Internet Service Provider
ISPISP
ISPISP
ISPISP cleaning center
cleaning center
under DDoS attack ? call your Internet Service Provider !France Telecom - Orange
unrestricted14
covering one of the largest IP backbone
Security Operations Center backed by ASERT
from off-the-shelf to tailored services
Umbrella by Orange Business
Services
under DDoS attack ? call your Internet Service Provider !France Telecom - Orange
unrestricted15
le blog sécurité FR: http://blogs.orange-business.com/securite/security feed to our EN blog:
http://blogs.orange-business.com/live/security/
the Arbor Networks security bloghttp://asert.arbornetworks.com/
further reading
