Internet security trends lacnog 2011
Download
1 / 18

Internet Security Trends LACNOG 2011 - PowerPoint PPT Presentation


  • 87 Views
  • Uploaded on

Internet Security Trends LACNOG 2011. Julio Arruda LATAM Engineering Manager. 2010 Infrastructure Security Survey. 6 th Annual Survey Survey conducted in September – October 2010 Diversity Service providers Content/ASPs Enterprises Broadband Mobile DNS Educational.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Internet Security Trends LACNOG 2011' - lavada


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Internet security trends lacnog 2011

Internet Security TrendsLACNOG 2011

Julio Arruda

LATAM Engineering Manager


2010 infrastructure security survey
2010 Infrastructure Security Survey

  • 6th Annual Survey

  • Survey conducted in September – October 2010

  • Diversity

    • Service providers

    • Content/ASPs

    • Enterprises

    • Broadband

    • Mobile

    • DNS

    • Educational


Key findings of the survey
Key Findings of the Survey

  • Threat severity and complexity continue to increase

    • Attack size increases dramatically, impacting underlying network infrastructure

    • Application layer attacks continue with some new applications being targeted more frequently.

  • The Threat-to-Defense gap is the widest observed to date

    • DDoS attack capabilities of miscreants are outpacing the defensive measures taken by network service providers

  • Firewall and IPS equipment represents critical points of failure during DDoS attacks

  • Mobile network growth is a game changer – availability of limitless botnets with greater bandwidth and few network control points

  • New technologies affect fragility of Internet Infrastructure


Ddos attack sizes over time
DDoS Attack Sizes Over Time

  • Over 102% increase YOY in attack size shows resurgence of brute force and volumetric attack techniques

  • Internet providers have focused on application threats so miscreants turned back towards attacking network capacity


Application layer attacks
Application Layer Attacks

  • Application detection is becoming common place

    • 77% of respondents have successfully detected application layer attacks

    • Lynchpin service infrastructure remain top targets

    • Application attacks are advancing to more sophisticated services


Attack frequency and targets
Attack Frequency and Targets

  • Attack frequency is increasing

    • 69% of respondents see at least 1 DDoS attack per month

    • 35% of respondents see 10 or more DDoS attacks per month compared to 18% in 2009

  • Customers or services comprise 90% of targeted victims

    • Major collateral events are less common, but drive greater impact


Failure of firewall and ips in the idc
Failure of Firewall and IPS in the IDC

  • Nearly half of all respondents have experienced a failure of their firewalls or IPS due to DDoS attack


Mobile provider security posture
Mobile Provider Security Posture

  • Roughly 50% report security problems with mobile subscribers

  • Mobile respondents demonstrate poor visibility into compromised hosts

    • 56% have no visibility into scale of compromised handsets

    • Optimistically, 17% say that there are none in the network

    • And 13% operators say at least 5% of customer base is compromised

  • Majority use NAT, firewalls and ACLS

    • 47 to 60%

  • DDoS mitigation and SMS filtering less common


Mobile security incidents
Mobile Security Incidents

  • More than half of carriers have had outages in last year due to security incidents!

  • 79% of mobile respondents say they have not had a DDoS attack explicitly targeting their infrastructure

    • Over 50% admit they have limited network visibility

    • How many DDoS events are they having that they simply don’t know about?

  • Mobile operators are more concerned about DNS, AAA, Mail attacks than fixed line providers

    • 70% compared to 58% in fixed line


Dnssec threats
DNSSEC Threats

  • 24% of respondents have deployed DNSSEC

  • Already 25% have experienced or expect problems and 31% expect increase in amplification attacks


The ipv6 security arms race
The IPv6 Security Arms Race

  • Vendors and network operators are rushing to introduce IPv6 visibility and security as networks scale up


Smaller Attacks Still Make up the Majority

  • As in 2010 most monitored attacks still small in 2011 :

    • 78.5% less than 1Gb/sec (down from 93% in 2009 and 79% in 2010)

    • 63.5% less than 1Mpps (down from 94% in 2009 and 87% in 2010)

  • Average size of attacks,

  • Less than 1Mpps:

  • 2010 is 558.96Mbps / 228.139Kpps

  • 2011 is 599.2Mbps / 335.7Kpps

  • Less than 1Gb/sec:

  • 2010 is 197.41Mbps / 307.72Kpps

  • 2011 is 332.1Mbps / 739.2Kpps


Attack Sizes have Grown Steadily since 2009

  • Average monthly attack size since start of 2009.

  • Average attack is 1.31Gbps / 1.62Mpps, July 2011

  • Average attacks sizes have grown by 40.6% / 165.7% since start of 2010


Large packet per second attacks increasing

  • Proportion of monitored attacks over 10Gb/sec has dropped by 48% so far in 2011.

  • Proportion of monitored attacks over 10Mpps has increased by 98.4% so far in 2011, compared to 2010.


Increased Proportion of Attacks Targeting Port 80

  • In 2009, 19.6% of monitored attacks targeted port 80.

  • In 2010 this had increased to 31%, and so far in 2011 we are at 37.3%.

  • Attacks targeting fewer ports

    • 80 and 53 most prevalent.

  • 75% drop in proportion of attacks over 10Gb/sec, from 2010 – still 47% up from 2009.


Proportion of Attacks Over 10Gbps and 10Mpps

  • Proportion of monitored attacks over 10Gb/sec fell back at the start of the 2011.

  • Growing again now.

  • Spikes in number of attacks over 10Mpps in March and July.

    • March = Belize Attacks



Questions?

Thank You!

Julio Arruda

[email protected]


ad