1 / 18

Internet Security Trends LACNOG 2011

Internet Security Trends LACNOG 2011. Julio Arruda LATAM Engineering Manager. 2010 Infrastructure Security Survey. 6 th Annual Survey Survey conducted in September – October 2010 Diversity Service providers Content/ASPs Enterprises Broadband Mobile DNS Educational.

lavada
Download Presentation

Internet Security Trends LACNOG 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Security TrendsLACNOG 2011 Julio Arruda LATAM Engineering Manager

  2. 2010 Infrastructure Security Survey • 6th Annual Survey • Survey conducted in September – October 2010 • Diversity • Service providers • Content/ASPs • Enterprises • Broadband • Mobile • DNS • Educational

  3. Key Findings of the Survey • Threat severity and complexity continue to increase • Attack size increases dramatically, impacting underlying network infrastructure • Application layer attacks continue with some new applications being targeted more frequently. • The Threat-to-Defense gap is the widest observed to date • DDoS attack capabilities of miscreants are outpacing the defensive measures taken by network service providers • Firewall and IPS equipment represents critical points of failure during DDoS attacks • Mobile network growth is a game changer – availability of limitless botnets with greater bandwidth and few network control points • New technologies affect fragility of Internet Infrastructure

  4. DDoS Attack Sizes Over Time • Over 102% increase YOY in attack size shows resurgence of brute force and volumetric attack techniques • Internet providers have focused on application threats so miscreants turned back towards attacking network capacity

  5. Application Layer Attacks • Application detection is becoming common place • 77% of respondents have successfully detected application layer attacks • Lynchpin service infrastructure remain top targets • Application attacks are advancing to more sophisticated services

  6. Attack Frequency and Targets • Attack frequency is increasing • 69% of respondents see at least 1 DDoS attack per month • 35% of respondents see 10 or more DDoS attacks per month compared to 18% in 2009 • Customers or services comprise 90% of targeted victims • Major collateral events are less common, but drive greater impact

  7. Failure of Firewall and IPS in the IDC • Nearly half of all respondents have experienced a failure of their firewalls or IPS due to DDoS attack

  8. Mobile Provider Security Posture • Roughly 50% report security problems with mobile subscribers • Mobile respondents demonstrate poor visibility into compromised hosts • 56% have no visibility into scale of compromised handsets • Optimistically, 17% say that there are none in the network • And 13% operators say at least 5% of customer base is compromised • Majority use NAT, firewalls and ACLS • 47 to 60% • DDoS mitigation and SMS filtering less common

  9. Mobile Security Incidents • More than half of carriers have had outages in last year due to security incidents! • 79% of mobile respondents say they have not had a DDoS attack explicitly targeting their infrastructure • Over 50% admit they have limited network visibility • How many DDoS events are they having that they simply don’t know about? • Mobile operators are more concerned about DNS, AAA, Mail attacks than fixed line providers • 70% compared to 58% in fixed line

  10. DNSSEC Threats • 24% of respondents have deployed DNSSEC • Already 25% have experienced or expect problems and 31% expect increase in amplification attacks

  11. The IPv6 Security Arms Race • Vendors and network operators are rushing to introduce IPv6 visibility and security as networks scale up

  12. Smaller Attacks Still Make up the Majority • As in 2010 most monitored attacks still small in 2011 : • 78.5% less than 1Gb/sec (down from 93% in 2009 and 79% in 2010) • 63.5% less than 1Mpps (down from 94% in 2009 and 87% in 2010) • Average size of attacks, • Less than 1Mpps: • 2010 is 558.96Mbps / 228.139Kpps • 2011 is 599.2Mbps / 335.7Kpps • Less than 1Gb/sec: • 2010 is 197.41Mbps / 307.72Kpps • 2011 is 332.1Mbps / 739.2Kpps

  13. Attack Sizes have Grown Steadily since 2009 • Average monthly attack size since start of 2009. • Average attack is 1.31Gbps / 1.62Mpps, July 2011 • Average attacks sizes have grown by 40.6% / 165.7% since start of 2010

  14. Large packet per second attacks increasing • Proportion of monitored attacks over 10Gb/sec has dropped by 48% so far in 2011. • Proportion of monitored attacks over 10Mpps has increased by 98.4% so far in 2011, compared to 2010.

  15. Increased Proportion of Attacks Targeting Port 80 • In 2009, 19.6% of monitored attacks targeted port 80. • In 2010 this had increased to 31%, and so far in 2011 we are at 37.3%. • Attacks targeting fewer ports • 80 and 53 most prevalent. • 75% drop in proportion of attacks over 10Gb/sec, from 2010 – still 47% up from 2009.

  16. Proportion of Attacks Over 10Gbps and 10Mpps • Proportion of monitored attacks over 10Gb/sec fell back at the start of the 2011. • Growing again now. • Spikes in number of attacks over 10Mpps in March and July. • March = Belize Attacks

  17. ATLAS LATAM Specifics 2010

  18. Questions? Thank You! Julio Arruda jarruda@arbor.net

More Related