ADF – Erhöhen der Verfügbarkeit von Anwendungen im
Transcription
ADF – Erhöhen der Verfügbarkeit von Anwendungen im
ADF – Erhöhen der Verfügbarkeit von Anwendungen im Internet - Aktuelle Bedrohungsszenarien für Anwendungen und RZ Peter Held P.Held@F5.com Advanced threats SDDC/Cloud Mobility © F5 Networks, Inc “Software defined” everything Internet of Things HTTP is the new TCP 2 Cyber-attacks in the News for 2014 Sampling of 2014 security incidents by attack type, time and impact conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses Size of circle estimates relative impact of incident in terms of cost to business © F5 Networks, Inc IBM X-Force Threat Intelligence Quarterly - 1Q 2015 3 DDoS attacks …. http://winfuture.de/special/dos-attacken/ © F5 Networks, Inc 4 Sipgate – DDoS in Deutschland Wie hoch war der Schaden? Der Schaden für unsere Kunden war erheblich. Fast alle Kunden waren kurzzeitig nicht erreichbar und das teilweise sogar mehrfach. Das war für Privatkunden auf jeden Fall unangenehm, aber für unsere Business-Kunden teilweise existenzbedrohend. Wir bieten mit sipgate team eine Web-Telefonanlage mit Mobilfunkintegration an, die allein in Deutschland mehr als 10.000 Unternehmen einsetzen. Daher war der indirekte Schaden vermutlich enorm. Ein Spediteur schrieb, dass er seine Fahrer zeitweise nicht erreichen konnte und Aufträge ablehnen musste. Eine andere Firma berichtete von einer verpassten Telefonkonferenz, bei der Wenige Tage Großauftrag zuvor versendeten Kriminelle eine Phishing-Mail an Hunderttausende E-Mail ist es um einen hätte gehen sollen. Den gesamten Schaden in Euro zu beziffern Konten. Diese Mail gab vor, sipgate zu stammen lockteeine die ziemlich Opfer unter einem leider nicht möglich, aber wirvon gehen davon aus, dass und es schon hohe Zahl wäre. Vorwand auf eine präparierte Webseite. Ziel war es, die Zugangsdaten zu stehlen. Ob eine Verbindung zwischen den beiden Taten besteht – und es sich vielleicht sogar um dieselben Täter handelt – ist derzeit noch unklar. https://medium.com/@sipgate/ddos-attacke-auf-sipgate-a7d18bf08c03 © F5 Networks, Inc 5 Real-time DDoS attacks in the World ! http://www.digitalattackmap.com © F5 Networks, Inc 6 Layer 2-7 DDoS Mitigation OSI stack Increasing difficulty of attack detection Application attacks © F5 Networks, Inc Application (7) Presentation (6) Session (5) Transport (4) Network (3) OWASP Top 10 (SQL Injection, XSS, CSRF, etc.), Slowloris, Slow Post, HashDos, GET Floods Session attacks DNS UDP Floods, DNS Query Floods, DNS NXDOMAIN Floods, SSL Floods, SSL Renegotiation Network attacks SYN Flood, Connection Flood, UDP Flood, Push and ACK Floods, Teardrop, ICMP Floods, Ping Floods and Smurf Attacks Data Link (2) Physical (1) 7 Firewall Comparison © F5 Networks, Inc 8 Introducing F5’s Application Delivery Firewall Aligning applications with firewall security One platform Traffic management Network firewall Application security Access control DDoS mitigation SSL inspection DNS security EAL2+ EAL4+ (in process) © F5 Networks, Inc 9 “Next generation” firewall (users) Characteristics • • • • • Outbound user inspection UserID and AppID Who is doing what? 1K users to 10K web sites Broad but shallow © F5 Networks, Inc BIFURCATION OF FIREWALLS Corporate F5 Application Delivery Firewall Internet Datacenter (servers) Characteristics • • • • • Inbound application protection Application delivery focus 1M users to 100 apps Narrow but deep 12 protocols (HTTP, SSL, etc.) 10 PROTECTING THE DATA CENTER Use case Network DDoS Before f5 Application DDoS Web Access Management Firewall Load Balancer & SSL Load Balancer DNS Security Web Application Firewall with f5 • © F5 Networks, Inc Consolidation of • firewall, app security, traffic management Protection for data centers and application servers • High scale for the most common inbound protocols 11 PROTECTING THE DATA CENTER Use case Network DDoS Before f5 Application DDoS Web Access Management Firewall Load Balancer & SSL Load Balancer DNS Security Web Application Firewall with f5 • © F5 Networks, Inc Consolidation of • firewall, app security, traffic management Protection for data centers and application servers • High scale for the most common inbound protocols 12 One Solu)on for Hacking Protec)on Hack Examples © F5 Networks, Inc Application Application Presentation Standard Set of APIs Form attack, Parameter change, Data obj. ref. Client / Server Programmable Platform XSS, CSRF, SQL Injection, Client / Server Presentation SSL/TLS BEAST Session DNS Poisoning, DNS Spoof Protocol IP spoof, Network MAC spoof, VLAN hoping Data Link Data Link Physical Physical Session Protocol Network 13 Leading Web Attack Protection BIG-IP Application Security Manager Big-IP - Local Traffic Manager Big-IP – Application Delivery Firewall • Protect from latest web threats • Meet PCI compliance © F5 Networks, Inc • Out-of-the-box deployment • Quickly resolve vulnerabilities • Improve site performance 14 DNS Flood DNS Performance Synopsys Many attackers or botnets flood an authoritative name server, attempting to exceed its capacity. Dropped responses = reduced or no site availability. [Target Site] Mitigation - DNS - Express BIG-IP offers exceptional capacity, per appliance, to over 2M RPS and to over 10M RPS per chassis. Big-IP can also identify unusually high traffic patterns to specific clients via DNS DoS Profiles. DNS Requests © F5 Networks, Inc DNS Responses 15 iRules with Security: Example - HashDos—Post of Doom - React quickly to zero day threats “HashDos—Post of Doom” vulnerability affects all major web servers and application platforms. VIPRION 11.6 Deliver the strongest & most efficient zero-day attack protection -Richer iRules interaction that enable detection of L2-L4 attacks © F5 Networks, Inc 16 Enable Simplified Application Access with BIG-IP Access Policy Manager (APM) © F5 Networks, Inc SaaS resources 17 Authentication All in One and Fast SSO F5 BIG-IP Access Policy Manager Dramatically reduce infrastructure costs; increase productivity © F5 Networks, Inc 18 One Access Solution – BIG-IP APM Remote Access: • SSL VPN – Network Access – App Tunnels – Portal Access – Edge Client – Windows, Mac, Linux – SmartPhones – Tablets Application Access Control: • Proxy to Non-HTTP apps – VDI – Citrix (ICA Proxy) – VMware View (PCoIP) – MS Terminal Services/RDS – Exchange – ActiveSync – Outlook Anywhere © F5 Networks, Inc Web Access Management: All Access Use Cases BIG-IP Access Policy Manager • Proxy to HTTP apps – Outlook Web Access – SharePoint – Custom – Single Sign On – Internal Applications – SaaS Applications (SAML) Security: – Endpoint Scanning – Endpoint Cleanup – Multi-factor authentication with several directories and methods 19 IP INTELLIGENCE Botnet Restricted region or country IP intelligence service IP address feed updates every 5 min Attacker Custom application Financial application Anonymous requests Anonymous proxies Scanner Geolocation database Internally infected devices and servers © F5 Networks, Inc 20 © F5 Networks, Inc. 21 One Solu)on for DDOS Protec)on DOS, DDOS, Examples Application Application Presentation Standard Set of APIs Slowloris, XML DTD, External Ent., JSON Client / Server Programmable Platform SLOW POST/GET, HTTP FLOOD, Large POST, Client / Server Presentation SSL Re-negotiation Session Syn, ICMP, TCP, UDP Fragmentation (LOIC) Protocol SynFlood, IP flood, Network ARP, MAC flood Data Link Data Link Physical Physical © F5 Networks, Inc Session Protocol Network 22 AFM: DOS Detection & Mitigation 11.5 MITIGATE 50+ VECTORS Flood • • • • • • • • • • • • ARP Flood DNS Response Flood Ethernet Broadcast Packet Ethernet Multicast Packet ICMP Flood IPV6 Fragment Flood IP Fragment Flood Routing Header Type 0 TCP ACK Flood TCP RST Flood TCP SYN ACK Flood TCP SYN Flood Fragmentation • • • • • • • ICMP Fragment IPV6 Fragment IPV6 Fragment Overlap IPV6 Fragment Too Small IP Fragment IP Fragment Overlap IP Fragment Too Small Bad Header – IPv4 • • • • • • • • • • • • Bad IP Option Bad IP TTL Value Bad IP Version Header Length > L2 Length Header Length Too Short IP Error Checksum IP Length > L2 Length IP Option Frames IP Source Address == Destination Address L2 Length >> IP Length No L4 TTL <= 1 Bad Header – IPv6 • • • • • • • • Bad IPV6 Hop Count Bad IPV6 Version IPV6 Extended Header Frames IPV6 Length > L2 Length IPV6 Source Address == Destination Address Payload Length < L2 Length Too Many Extended Headers No L4 (Extended Headers Go To Or Past End of Frame) Bad Header – L2 § Ethernet MAC Source Address == Destination Address Bad Header – TCP § § § § § § § § § § § Bad TCP Checksum Bad TCP Flags (All Cleared and SEQ# == 0) Bad TCP Flags (All Flags Set) FIN Only Set Option Present With Illegal Length SYN && FIN Set TCP Header Length > L2 Length TCP Header Length Too Short (Length < 5) TCP LAND TCP Option Overruns TCP Header Unknown TCP Option Type Bad Header – UDP § § § Bad UDP Checksum UDP LAND Bad UDP Header (UDP Length > IP Length or L2 Length) Other Bad Header – ICMP • Host Unreachable • TIDCMP § § Bad ICMP Frame ICMP Frame Too Large 11.6 Ensure the most comprehensive highest performing DDoS protection -- 50 new vectors / 64 HW based and a variety of enhancement that improve granularity and provide better context © F5 Networks, Inc 23 DDoS protection reference architecture Next-Generation Firewall Tier 2 Tier 1 Network attacks: ICMP flood, UDP flood, SYN flood Multiple ISP strategy Corporate Users Financial Services SSL attacks: SSL renegotiation, SSL flood Legitimate Users E-Commerce ISPa/b DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning DDoS Attacker Cloud Scrubbing Service Network and DNS Application HTTP attacks: Slowloris, slow POST, recursive POST/GET Subscriber IPS Threat Feed Intelligence Scanner Anonymous Proxies © F5 Networks, Inc Anonymous Requests Botnet Attackers Strategic Point of Control 24 DDoS reference architecture Next-Generation Firewall Corporate Users TIER 1 KEY FEATURES Tier 2 • The first tier at the perimeter is layer 3 and 4 network firewall services Tier 1 Network attacks: ICMP flood, UDP flood, SYN flood Multiple ISP strategy SSL attacks: SSL renegotiation, SSL flood Legitimate Users ISPa/b DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning DDoS Attacker Cloud Scrubbing Service Anonymous Proxies © F5 Networks, Inc Anonymous Requests • Simple load balancing Application to a second tier HTTP attacks: Slowloris, slow POST, recursive POST/GET • IP reputation database E-Commerce Subscriber • Mitigates volumetric and DNS DDoS attacks IPS Threat Feed Intelligence Scanner Network and DNS Financial Services Botnet Attackers Strategic Point of Control 25 DDoS reference architecture Next-Generation Firewall Corporate Users TIER 2 KEY FEATURES • The second tier is for application-aware, CPU-intensive defense Legitimate mechanisms Users Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood Attacker Cloud • MitigateScrubbing asymmetric and Service SSL-based DDoS attacks Financial Services SSL attacks: SSL renegotiation, SSL flood E-Commerce ISPa/b • SSL termination • DDoS Web application firewall Tier 2 Tier 1 DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS Application HTTP attacks: Slowloris, slow POST, recursive POST/GET Subscriber IPS Threat Feed Intelligence Scanner Anonymous Proxies © F5 Networks, Inc Anonymous Requests Botnet Attackers Strategic Point of Control 26 DDoS Protection - SMB data center deployment Next-Generation Firewall Customers DDoS Attack Employees Protecting L3–7 and DNS ISPa DDoS Attack Partners Users leverage NGFW for outbound protection ISPb Network Firewall Services + DNS Services + Web Application Firewall Services + Compliance Control BIG-IP Platform ISP provides volumetric DDoS service BIG-IP Advanced Firewall Manager BIG-IP Local Traffic Manager BIG-IP Global Traffic Manager BIG-IP Access Policy Manager Simplified Business Models GOOD BETTER BEST BIG-IP Application Security Manager © F5 Networks, Inc 27 F5 Offers Comprehensive ‘Hybrid’ DDoS Protection Threat Intelligence Feed Strategic Point of Control Next-Generation Firewall Scanner Anonymous Proxies Anonymous Requests Botnet Cloud Attackers Network Multiple ISP strategy Corporate Users Application Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood Financial Services Legitimate Users Silverline DDoS Scrubbing DDoS Attackers Volumetric attacks and floods, operations center experts, L3-7 known signature attacks E-Commerce ISPa/b DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS Application HTTP attacks: Slowloris, slow POST, recursive POST/GET Subscriber IPS F5 Silverline subscrip0on service © F5 Networks, Inc LTM, AFM, DNS & IP Intelligence subscrip0on service LTM, ASM 28 Cloud-Based Scrubbing with On-Premises Defenses Threat Intelligence Feed Next-Generation Firewall Scanner Anonymous Proxies Anonymous Requests Botnet Cloud Attackers Network • Legitimate Users Cloud Scrubbing Service DDoS Attackers Volumetric attacks and floods, operations center experts, L3-7 known signature attacks ISPa/b • • • © F5 Networks, Inc Application CLOUD KEY FEATURES Multiple ISP strategy Corporate Users Network attacks: ICMP flood, UDP flood, SYN flood Real-time volumetric DDoS attack detection and mitigation in the cloud Multi-layered L3-L7 DDoS Network attack DNS attacks: protection and DNS DNS amplification, query flood, dictionary attack, DNS poisoning 24x7 expert Security Operations Center services SSL attacks: SSL renegotiation, SSL flood Financial Services E-Commerce Application HTTP attacks: Slowloris, slow POST, recursive POST/GET Subscriber IPS Transparent attack reporting via customer portal Strategic Point of Control 29 Cloud-Based Scrubbing with On-Premises Defenses Threat Intelligence Feed Next-Generation Firewall Scanner Anonymous Proxies Anonymous Requests Botnet Cloud Attackers Network Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood Application NETWORK KEY FEATURES • Legitimate Users Cloud Scrubbing Service DDoS Attackers Volumetric attacks and floods, operations center experts, L3-7 known signature attacks ISPa/b DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS • SSL attacks: SSL renegotiation, SSL flood The network tier at the perimeter is L3 and L4 network firewall services Simple load balancing to a second tier Application HTTP attacks: Slowloris, slow POST, recursive POST/GET Financial Services E-Commerce Subscriber • IP reputation database • Mitigation of transient and low-volume attacks Strategic Point of Control IPS © F5 Networks, Inc Corporate Users 30 Cloud-Based Scrubbing with On-Premises Defenses Threat Intelligence Feed Next-Generation Firewall Scanner Anonymous Proxies Anonymous Requests Botnet Cloud Network Legitimate Users Cloud Scrubbing Service DDoS Attackers Volumetric attacks and floods, operations center experts, L3-7 known signature attacks Attackers Application APPLICATION KEY FEATURES Multiple ISP strategy ISPa/b Corporate Users Network attacks: ICMP flood, UDP flood, SYN flood • Application-aware, CPUintensive defense mechanisms • SSL termination • Network Web application firewall • Mitigation of asymmetric and SSL-based DDoS attacks DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning SSL attacks: SSL renegotiation, SSL flood Financial Services E-Commerce Application and DNS HTTP attacks: Slowloris, slow POST, recursive POST/GET Subscriber IPS Strategic Point of Control © F5 Networks, Inc 31 Global Coverage 24/7 Support F5 Security Operations Center (SOC) is available 24/7 with security experts ready to respond to DDoS attacks within minutes – Seattle, WA US Global Coverage Fully redundant and globally distributed data centers world wide in each geographic region – – – – San Jose, CA US Ashburn, VA US Frankfurt, DE Singapore, SG Industry-Leading Bandwidth • • • Attack mitigation bandwidth capacity over 2.0 Tbps Scrubbing capacity of over 1.0 Tbps Guaranteed bandwidth with Tier 1 carriers Multiple Ways to Direct Traffic to our Massive Scrubbing Centers BGP (BORDER GATEWAY PROTOCOL) ANYCAST DNS / ANYCAST Multiple Ways to Return Clean Traffic GRE TUNNELS PROXY IP REFLECTION ™ AMAZON (AWS) DIRECT CONNECT FIBER INTERCONNECT © F5 Networks, Inc 33 DDoS Architecture Scrubbing Center Inspection Tools provide input on attacks for Traffic Actioner & SOC Traffic Actioner injects blackhole routes and steers traffic Flow collection aggregates attack data from all sources Scrubbing Center Inspection Plane Inspection Toolsets Traffic Actioner Route Management Flow Collection Portal provides real-time reporting and configuration Portal Visibility Signaling Cloud Management Data Plane Copied traffic for inspection Netflow Netflow GRE Tunnel BGP signaling Legitimate Users Proxy Cloud Scrubbing Service DDoS Attackers IP Reflection Switching Routing/ACL Network Mitigation Proxy Mitigation Routing (Customer VRF) X-Connect Customer Volumetric attacks and floods, operations center experts, L3-7 known signature attacks Switching mirrors traffic to Inspection Toolsets and Routing layer © F5 Networks, Inc Ingress Router applies ACLs and blackholes traffic Network Mitigation removes advanced L4 attacks Proxy Mitigation removes L7 Application attacks Egress Routing returns good traffic back to customer 34 F5 Silverline DDoS Protection - Service Options Always On Always Available Ready Defense Primary protection as the first line of defense The Always On subscription stops bad traffic from ever reaching your network by continuously processing all traffic through the cloudscrubbing service and returning only legitimate traffic to your network. Primary protection available on-demand The Always Available subscription runs on stand-by and can be initiated when under attack. Secondary protection for additional capacity The Ready Defense service runs on stand-by and can be initiated when under attack as a secondary line of defense in addition to a primary DDoS mitigation solution. © F5 Networks, Inc 35 F5 Silverline AttackView Portal Unprecedented Transparency Attack Data • Instant inspection on the filters and countermeasures used for mitigation • Detailed timeline analysis on type, size, origin, and attack vector Configuration and Provisioning • Configure/ review/ modify settings for both Proxy and GRE mode through the portal Detailed Communication • Real time attack communications • © F5 Networks, Inc Detailed events showing attack attributes and SOC mitigations applied 36 Portal Customer Configuration Status In the portal you can: • see current IP Configurations • Quickly configure new services • Manage whitelist and blacklist IPs • Etc Proxy and GRE configuration and provisioning are available within the portal for ease of management. © F5 Networks, Inc 37 Unparalleled Visibility and Reporting Before, During, and After a DDoS Attack Securely set up and manage SOC services, configure proxy and routing, and receive unparalleled visibility and reporting of attack mitigation in real time with the F5 Customer Portal. Get Instant Details As An Attack Occurs • • • • • • © F5 Networks, Inc Type and size of the attack IP origin Attack vectors Mitigation process Yellow-flagged comments of the SOC communications Packet capture reports (PCAPs) available for download 38 Portal: F5 customer portal™ Timeline of events Event Detail Real time “F5 customer portal” shows: • Type of attack • IP origin • Mitigation process • Yellow flagged annotations of SOC communications © F5 Networks, Inc 39 Portal: Real-Time Information SOC Chat: • Coordinate directly with the F5 SOC • Share attack details • Define exact mitigations needed Directly chat with the F5 SOC Application Fluency & Detail Application View: • Protocol inspection and statistics • Mitigation actions • Flagged annotations of SOC communications © F5 Networks, Inc 40 F5 Silverline DDoS Protection Attack Reporting Downloadable PDFs for internal reporting © F5 Networks, Inc 41 Current DDoS Solution Market http://ddos-protection-services-review.toptenreviews.com/ © F5 Networks, Inc 42 “The attacks are definitely getting larger and we know that trend will continue as the number of websites we support increases. That is why we are working with F5. When the big attacks come, we’ll be ready.” F5 Silverline DDoS Protection -- Chris Fanini, Co-Founder and CTO, Weebly Key benefits of F5 • • • • Protection against the largest attacks Advanced and unique DDoS mitigation techniques Team of industry expert DDoS fighters Simple installation process F5 Reference Architectures • DDoS Protection View on F5.com © F5 Networks, Inc 43 “We chose F5 Silverline DDoS Protection because of the breakthrough new technology developed by Barrett Lyon and its ability to provide DDoS mitigation without the damaging side effects of legacy mitigation solutions.” F5 Silverline DDoS Protection -- Tim Turner, CIO of the Afisha Rambler SUP Holding Key benefits of F5 • • • • Simple installation process No upfront investment in on-premise equipment Continuous DDoS mitigation and analysis Advanced and unique DDoS mitigation techniques F5 Reference Architectures • DDoS Protection View on F5.com © F5 Networks, Inc 44 Silverline - Web Application Firewall Silverline Web Application Firewall Proven security effectiveness as a convenient cloud-based service Protect web applications and data from layer 7 attacks, and enable compliance, such as PCI DSS, with the Silverline Web Application Firewall service which is built on BIG-IP Application Security Manager and backed by 24x7x365 support from F5 experts. Cloud L7 Protection: Geolocation attacks, DDoS, SQL injection, OWASP Top Ten attacks, zero-day threats, AJAX applications, JSON payloads Legitimate User Attackers Private Cloud Hosted Web App Web Application Firewall Services WAWAF F F5 Silverline Physical Hosted Web App VA/DAST Scans Policy can be built from 3rd Party DAST © F5 Networks, Inc Public Cloud Hosted Web App 46 Key benefits Leverage proven security efficacy Reduce operating costs Protect web apps, anywhere Protect against critical web attacks with an enterprisegrade service built on BIG-IP ASM which is recommended by NSS Labs with 99.89% overall security effectiveness*. Rapidly deploy WAF protections and drive operational and cost efficiencies by outsourcing WAF policy management to F5 security experts. Protect web apps, no matter where they reside with consistent policies across hybrid environments in conjunction with BIG-IP deployments. Source: NSS Labs Web Application Firewall Product Analysis. F5 BIG-IP ASM 10200 V11.4.0. https://interact.f5.com/2015ALLF-NSS-Web-App-Firewall--Analysis-for-BIG-IP-ASM_2---Reg.html © F5 Networks, Inc 47 Complete DDoS Protection Solution On-premises and cloud-based services for comprehensive DDoS Protection Network firewall Web application firewall SSL inspection DNS security ON-PREMISES DDOS PROTECTION AND CLOUD SCRUBBING © F5 Networks, Inc 48 Networkworld - F5 Firewall test http://www.networkworld.com/reviews/2013/072213-firewall-test-271877.html © F5 Networks, Inc 49 F5 DDoS Protection – Recommended Practices https://f5.com/solutions/architectures/ddos-protection/ddos-exclusive https://f5.com/solutions/architectures/ddos-protection Application Delivery Firewall Network firewall Traffic management Application security Access control DDoS mitigation SSL inspection DNS security Products Advanced Firewall Manager Local Traffic Manager Application Security Manager • Stateful full-proxy firewall • #1 application delivery controller • Leading web application firewall • Flexible logging and reporting • Application fluency • PCI compliance • App-specific health monitoring • Virtual patching for vulnerabilities • • Native TCP, SSL and HTTP proxies Network and Session anti-DDoS • HTTP anti-DDoS • IP protection • • • Access Policy Manager Global Traffic Manager & DNSSEC Dynamic, identitybased access control • Huge scale DNS solution • Context-aware security • Global server load balancing • IP address categorization • Signed DNS responses • IP address geolocation • Offload DNS crypto Simplified authentication infrastructure Endpoint security, secure remote access IP Intelligence iRules extensibility everywhere © F5 Networks, Inc 51 We’re built for speed Concurrent user sessions © F5 Networks, Inc 100K Concurrent logins 1,500/second Throughput 320 Gbps Concurrent connections 192 million Connections per second 5.6 million SSL (1K keys) 600,000/second DNS query response 6 million/second 52 Hardware-based DDoS Protection Newest platforms • BIG-IP 5000s: 20 Million SYN Cookies per second • BIG-IP 5250s: 40 Million SYN Cookies per second • BIG-IP 7000s: 20 Million SYN Cookies per second • BIG-IP 7250v: 40 Million SYN Cookies per second • BIG-IP 10000s: 40 Million SYN Cookies per second • BIG-IP 10250v: 80 Million SYN Cookies per second • VIPRION 2250 Blade: 60 Million SYN Cookies per second • VIPRION 2150 Blade: 40 Million SYN Cookies per second • VIPRION 4300 Blade: 80 Million SYN Cookies per second • 8xVIPRION 4300 Blade: © F5 Networks, Inc 640 Million SYN Cookies per second! 53 Key customer benefits Maintain application availability Safeguard your brand reputation Protect network infrastructure Defend against targeted attacks Stay one step ahead Save money for your company ALL BACKED BY WORLD-CLASS SUPPORT AND PROFESSIONAL SERVICES DDoS MITIGATION Use case Increasing difficulty of attack detection Physical (1) Data Link (2) Network (3) Transport (4) Session (5) F5 mitigation technologies Network attacks Presentation (6) Session attacks Application (7) Application attacks SYN Flood, Connection Flood, UDP Flood, Push and ACK Floods, Teardrop, ICMP Floods, Ping Floods and Smurf Attacks DNS UDP Floods, DNS Query Floods, DNS NXDOMAIN Floods, SSL Floods, SSL Renegotiation Slowloris, Slow Post, HashDos, GET Floods BIG-IP AFM SynCheck, default-deny posture, high-capacity connection table, full-proxy traffic visibility, rate-limiting, strict TCP forwarding. BIG-IP LTM and GTM High-scale performance, DNS Express, SSL termination, iRules, SSL renegotiation validation BIG-IP ASM Positive and negative policy reinforcement, iRules, full proxy for HTTP, server performance anomaly detection Packet Velocity Accelerator (PVA) is a purpose-built, customized hardware solution that increases scale by an order of magnitude above software-only solutions. • © F5 Networks, Inc Protect against DDoS • at all layers – 38 vectors covered Withstand the largest attacks • Gain visibility and detection of SSL encrypted attacks OSI stack F5 Mitigation Technologies OSI stack 56