Description: Abstract:
One of Hercules' first challenges was his battle with the Lernean Hydra, the many-headed mythological serpent who sprouted two new heads every time one was removed. Hercules would feel right at home in today's datacenters, where mitigation of distributed denial-of-service (DDoS) attacks can feel like an unwinnable game of Whack-A-Mole.
In the past few years, the magnitude of DDoS attacks has grown at a disconcerting pace. The largest DDoS attack in 2012 peaked at 100Gbps; the first quarter of 2014 brought a 400Gbps NTP amplification attack. Despite the security industry's best efforts to encourage protection of the end-user systems and patching of the vulnerable servers that enable these assaults, successful attacks seem to be taking place with increasing regularity and volume.
Denial of service is not a new problem; simplistic attacks such as ping floods and syn floods have been around almost as long as the Internet has existed. The rise of botnets, vast collections of malware-infected zombie systems, led inexorably to the appearance of distributed denial-of-service attacks. Attackers, too, have evolved: script kiddies harnessing the power of Metasploit, Anonymous launching the Low Orbit Ion Cannon (LOIC) against targets ranging from the US Copyright Office to the Motion Picture Association of America (MPAA) to PayPal, cyber-criminals using threats of DDoS as a method of extortion...
This session will provide an overview of the various forms of DDoS attack active today, who is launching them, and why. We will then review mitigation techniques that reduce the impact of and potentially stop the attacks entirely, and discuss social and cultural responses.
Bio:
Lisa Lorenzin is a Principal Solutions Architect with Pulse Secure, specializing in security and mobility solutions, and co-chair of Trusted Network Connect, a work group of the Trusted Computing Group that defines an open architecture and standards for endpoint integrity and network security. She has worked in a variety of Internet-related roles since 1994, with more than a decade of that focused on network and information security, and is currently concentrating on enterprise security including network segmentation, end-to-end identity-based access control, and integration of mobile security.
For More Information please visit:- http://bsidesraleigh.org
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.