Защита от DDoS-атак. Сегодня. В России

  • Published on
    25-Jul-2015

  • View
    65

  • Download
    0

Embed Size (px)

Transcript

<p> 1. DDoS-. . , CISSP Systems Engineer, RCIS Arbor Networks EMEA 17 2015 www.USSC.ru www.arbornetworks.com VII 2. 1. DDoS: 2. . 3. Arbor Networks 4. . 17 2015 www.USSC.ru www.arbornetworks.com VII 3. 17 2015 www.USSC.ru www.arbornetworks.com VII 4. 17 2015 www.USSC.ru www.arbornetworks.com VII 5. 17 2015 www.USSC.ru www.arbornetworks.com VII 6. 17 2015 www.USSC.ru www.arbornetworks.com VII 7. 17 2015 www.USSC.ru www.arbornetworks.com VII 8. 17 2015 www.USSC.ru www.arbornetworks.com VII 9. 17 2015 www.USSC.ru www.arbornetworks.com VII 10. 17 2015 www.USSC.ru www.arbornetworks.com VII 11. 17 2015 www.USSC.ru www.arbornetworks.com VII 12. 17 2015 www.USSC.ru www.arbornetworks.com VII 13. 17 2015 www.USSC.ru www.arbornetworks.com VII 14. 17 2015 www.USSC.ru www.arbornetworks.com VII 15. 17 2015 www.USSC.ru www.arbornetworks.com VII 16. 17 2015 www.USSC.ru www.arbornetworks.com VII (Customers) Reflection/Amplification . 400 /, 2014 . 10 &gt; 100 / 65% - Volumetric, Application Application 29% Customers, 17% ; Application 42% , DDoS-, Firewall, Application Firewall IPS , IDMS (Intelligent DDoS Mitigation System) () Worldwide Infrastructure Security Report. Arbor Networks, 2015 17. 17 2015 www.USSC.ru www.arbornetworks.com VII Netflow , Firewall logs , IDMS (Intelligent DDoS Mitigation System) DDoS, , , 50% 33% - DDoS- DNS, , ( 20 ) DDoS- : 2013 60%, 2014 68% () Worldwide Infrastructure Security Report. Arbor Networks, 2015 18. 17 2015 www.USSC.ru www.arbornetworks.com VII 19. 2010 Cisco Cisco Guard Anomaly Detector. Cisco Arbor Networks Peakflow SP Clean Pipes 2.0 Cisco Arbor. Cisco Arbor Networks : http://www.cisco.com/web/about/ciscoitatwork/network_s ystems/network_data_monitoring_and_reporting_web.ht ml http://www.arbornetworks.com/cleanpipes Cisco Clean Pipes 17 2015 www.USSC.ru www.arbornetworks.com VII 20. Peakflow SP Peakflow SP ISP Network DARKNET ATLAS SENSOR Peakflow SP Peakflow SP ISP Network DARKNET ATLAS SENSOR Peakflow SP Peakflow SP ISP Network DARKNET ATLAS SENSOR ATLAS DATA CENTER ATLAS ANALYSIS SYSTEMS ATLAS ATLAS central repository Arbor Peakflow ASERT Fingerprint 1 2 3 300 120 / Active Threat Level Analysis System 17 2015 www.USSC.ru www.arbornetworks.com VII 21. DDoS 17 2015 www.USSC.ru www.arbornetworks.com VII 1- 2014: 10622 124,9 / 33,4 / 2- 2014 9296 83,025 / 25,3 / 3- 2014 8093 121,3 / 50,0 / 4- 2014 14600 64,045 / 92,91 / 22. Honeypots &amp; SPAM Traps Security Community 2.2M + samples DDoS Family 100,000+ ( , ) Fingerprint PCAP 24 Active Threat Level Analysis System 17 2015 www.USSC.ru www.arbornetworks.com VII 23. ASERT IP , ATLAS Intelligence Feed (AIF) 17 2015 www.USSC.ru www.arbornetworks.com VII 24. 24 Pravail APS, NSI, SA -&gt; : . Pravail APS -&gt; : . Pravail APS, NSI, SA -&gt; : . 1 2 3 DDoS 17 2015 www.USSC.ru www.arbornetworks.com VII 25. 17 2015 www.USSC.ru www.arbornetworks.com VII Arbor: 100% Tier-1 60% Tier-2 DDoS- - ATLAS : Peakflow Pravail ( ISP Enterprise), + Cloud Signalling DDoS , SSL ( , ByPass, RAID) RFC 5575 (FlowSpec) Peakflow Pravail Arbor Pravail L2 - Stateless Pravail State Exhausting GEO IP, , , 26. 17 2015 www.USSC.ru www.arbornetworks.com VII : &gt;2 / &gt;300 IPv6 Arbor Peakflow 27. 17 2015 www.USSC.ru www.arbornetworks.com VII : 2 Arbor Peakflow TMS 160 / : Arbor Peakflow Flowspec 28. : Cloud Signalling 29. Arbor Pravail Application ( Netflow) , ( ) + Arbor Pravail : Application, State-Exhausting, Volumetric Volumetric ( ) 17 2015 www.USSC.ru www.arbornetworks.com VII 30. ! , CISSP +7 912 607 55 66 IYablonko@USSC.ru , RCIS Arbor Networks EMEA +7 916 671 78 38 akholmov@arbor.net 17 2015 www.USSC.ru www.arbornetworks.com VII </p>