internet security trends lacnog 2011
Download
Skip this Video
Download Presentation
Internet Security Trends LACNOG 2011

Loading in 2 Seconds...

play fullscreen
1 / 18

Internet Security Trends LACNOG 2011 - PowerPoint PPT Presentation


  • 87 Views
  • Uploaded on

Internet Security Trends LACNOG 2011. Julio Arruda LATAM Engineering Manager. 2010 Infrastructure Security Survey. 6 th Annual Survey Survey conducted in September – October 2010 Diversity Service providers Content/ASPs Enterprises Broadband Mobile DNS Educational.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Internet Security Trends LACNOG 2011' - lavada


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
internet security trends lacnog 2011

Internet Security TrendsLACNOG 2011

Julio Arruda

LATAM Engineering Manager

2010 infrastructure security survey
2010 Infrastructure Security Survey
  • 6th Annual Survey
  • Survey conducted in September – October 2010
  • Diversity
    • Service providers
    • Content/ASPs
    • Enterprises
    • Broadband
    • Mobile
    • DNS
    • Educational
key findings of the survey
Key Findings of the Survey
  • Threat severity and complexity continue to increase
    • Attack size increases dramatically, impacting underlying network infrastructure
    • Application layer attacks continue with some new applications being targeted more frequently.
  • The Threat-to-Defense gap is the widest observed to date
    • DDoS attack capabilities of miscreants are outpacing the defensive measures taken by network service providers
  • Firewall and IPS equipment represents critical points of failure during DDoS attacks
  • Mobile network growth is a game changer – availability of limitless botnets with greater bandwidth and few network control points
  • New technologies affect fragility of Internet Infrastructure
ddos attack sizes over time
DDoS Attack Sizes Over Time
  • Over 102% increase YOY in attack size shows resurgence of brute force and volumetric attack techniques
  • Internet providers have focused on application threats so miscreants turned back towards attacking network capacity
application layer attacks
Application Layer Attacks
  • Application detection is becoming common place
    • 77% of respondents have successfully detected application layer attacks
    • Lynchpin service infrastructure remain top targets
    • Application attacks are advancing to more sophisticated services
attack frequency and targets
Attack Frequency and Targets
  • Attack frequency is increasing
    • 69% of respondents see at least 1 DDoS attack per month
    • 35% of respondents see 10 or more DDoS attacks per month compared to 18% in 2009
  • Customers or services comprise 90% of targeted victims
    • Major collateral events are less common, but drive greater impact
failure of firewall and ips in the idc
Failure of Firewall and IPS in the IDC
  • Nearly half of all respondents have experienced a failure of their firewalls or IPS due to DDoS attack
mobile provider security posture
Mobile Provider Security Posture
  • Roughly 50% report security problems with mobile subscribers
  • Mobile respondents demonstrate poor visibility into compromised hosts
    • 56% have no visibility into scale of compromised handsets
    • Optimistically, 17% say that there are none in the network
    • And 13% operators say at least 5% of customer base is compromised
  • Majority use NAT, firewalls and ACLS
    • 47 to 60%
  • DDoS mitigation and SMS filtering less common
mobile security incidents
Mobile Security Incidents
  • More than half of carriers have had outages in last year due to security incidents!
  • 79% of mobile respondents say they have not had a DDoS attack explicitly targeting their infrastructure
    • Over 50% admit they have limited network visibility
    • How many DDoS events are they having that they simply don’t know about?
  • Mobile operators are more concerned about DNS, AAA, Mail attacks than fixed line providers
      • 70% compared to 58% in fixed line
dnssec threats
DNSSEC Threats
  • 24% of respondents have deployed DNSSEC
  • Already 25% have experienced or expect problems and 31% expect increase in amplification attacks
the ipv6 security arms race
The IPv6 Security Arms Race
  • Vendors and network operators are rushing to introduce IPv6 visibility and security as networks scale up
slide12

Smaller Attacks Still Make up the Majority

  • As in 2010 most monitored attacks still small in 2011 :
    • 78.5% less than 1Gb/sec (down from 93% in 2009 and 79% in 2010)
    • 63.5% less than 1Mpps (down from 94% in 2009 and 87% in 2010)
  • Average size of attacks,
  • Less than 1Mpps:
  • 2010 is 558.96Mbps / 228.139Kpps
  • 2011 is 599.2Mbps / 335.7Kpps
  • Less than 1Gb/sec:
  • 2010 is 197.41Mbps / 307.72Kpps
  • 2011 is 332.1Mbps / 739.2Kpps
slide13

Attack Sizes have Grown Steadily since 2009

  • Average monthly attack size since start of 2009.
  • Average attack is 1.31Gbps / 1.62Mpps, July 2011
  • Average attacks sizes have grown by 40.6% / 165.7% since start of 2010
slide14

Large packet per second attacks increasing

  • Proportion of monitored attacks over 10Gb/sec has dropped by 48% so far in 2011.
  • Proportion of monitored attacks over 10Mpps has increased by 98.4% so far in 2011, compared to 2010.
slide15

Increased Proportion of Attacks Targeting Port 80

  • In 2009, 19.6% of monitored attacks targeted port 80.
  • In 2010 this had increased to 31%, and so far in 2011 we are at 37.3%.
  • Attacks targeting fewer ports
    • 80 and 53 most prevalent.
  • 75% drop in proportion of attacks over 10Gb/sec, from 2010 – still 47% up from 2009.
slide16

Proportion of Attacks Over 10Gbps and 10Mpps

  • Proportion of monitored attacks over 10Gb/sec fell back at the start of the 2011.
  • Growing again now.
  • Spikes in number of attacks over 10Mpps in March and July.
    • March = Belize Attacks
slide18

Questions?

Thank You!

Julio Arruda

[email protected]

ad