410 likes | 528 Vues
This presentation on "What is a DDoS attack?" will help you understand all about a DDoS attack. Distributed Denial of Service (DDoS) attack is one of the most dangerous forms of cyberattacks. In this video, we will start with a few real-life scenarios of DDoS attacks and then learn about a DDoS attack in-depth. We will also look into the types of DDoS attacks and how you can prevent a DDoS attack. So, get started and learn all about DDoS!<br><br>A distributed denial-of-service attack, or DDoS, is a specific type of DoS attack. The major objective of this attack is to prevent the victimized system from executing a valid activity or responding to valid traffic. A DDoS attack compromises one or more intermediary systems. Then, the attacker installs remote-control like bots, Zombies, or agents into these systems. After that, at a certain point, the attacker conducts a DoS attack against the victim. Here, the victim may be able to discover the zombies causing the DoS attack but probably wonu2019t be able to track down the actual attacker. Join our YouTube live session to understand DDos in detail.<br><br>The Cyber Security Expert Masteru2019s Program will equip you with the skills needed to become an expert in this rapidly growing domain. You will learn comprehensive approaches to protecting your infrastructure, including securing data and information, running risk analysis and mitigation, architecting cloud-based security, achieving compliance and much more with this best-in-class program.<br><br>Simplilearnu2019s Cyber Security Expert Masteru2019s Program provides cybersecurity professionals with foundational, intermediate, and advanced security skills through industry-leading certification courses, including CompTIA Security , CEH, CISM, CISSP and CCSP. The program begins with introductory-level cybersecurity skills training, then progresses to advanced cybersecurity technologies such as reverse engineering, penetration testing techniques, and many more. This training program will enable you to: <br><br>Implement technical strategies, tools, and techniques to secure data and information for your organization<br>1. Adhere to ethical security behaviour for risk analysis and mitigation<br>2. Understand security in cloud computing architecture in depth<br>3. Comprehend legal requirements, privacy issues and audit process methodologies within the cloud environment<br>4. Focus on IT compliance and the integrity of enterprise systems to establish a more secure enterprise IT framework<br><br>At the end of this Masteru2019s Program, you will be equipped with the following skillsets:<br>1. Install, configure and deploy public key infrastructure and network components while assessing and troubleshooting issues to support organizational security<br>2. Master advanced hacking concepts to manage information security efficiently<br>3. Design security architecture and framework for a secure IT operation<br>4. Frame cloud data storage architectures and security strategies, and utilize them to analyze risks<br>5. Protect data movement, perform disaster recovery, access CSP security and manage client databases<br> <br>Learn more at: https://bit.ly/37ipT6o
E N D
1. Research About the Company Did You Know?
Did You Know? 1. Research About the Company • “The total number of DDoS attacks are anticipated to double to 14.5 million by 2022” • “A DDoS attack can cost up to $120,000 and $2 million for a small company or an enterprise organization respectively” Source: Cybercrime Magazine
1. Research About the Company DDoS Attack Examples
DDoS Attack Examples 1. Research About the Company Victim: Date: October 21, 2016
DDoS Attack Examples 1. Research About the Company Attack:Mirai botnets were used to launch the attack Impact: services were affected
DDoS Attack Examples 1. Research About the Company Victim: Date: February 2020
DDoS Attack Examples 1. Research About the Company Attack:CLDAP web servers were used. A peak traffic of 2.3 Tbps was recorded Result: The AWS Shield service very well mitigated the attack
1. Research About the Company What Is a DDoS Attack?
What Is a DDoS Attack? 1. Research About the Company A Denial of Service (DoS) attack floods networks with traffic in order to exhaust its bandwidth and resources DoS Attack Attacker Server
What Is a DDoS Attack? 1. Research About the Company Multiple systems can be used launch this attack, and that is known as Distributed Denial of Service (DDOS) attack DDoS Attack Server
1. Research About the Company Motives Behind a DDoS Attack
Motives Behind a DDoS Attack 1. Research About the Company Ransom
Motives Behind a DDoS Attack 1. Research About the Company Hacktivism or Protest
Motives Behind a DDoS Attack 1. Research About the Company Targeted Attacks
1. Research About the Company How Does a DDoS Attack Work?
How Does a DDoS Attack Work? 1. Research About the Company • Attackers infect IoT devices with malware in order to turn each of them into a bot . . . Botnet
How Does a DDoS Attack Work? 1. Research About the Company • The botnet then starts sending service requests to the victim. By doing so, the target’s resources are depleted . . . Target Botnet
1. Research About the Company Types of DDoS Attacks
Types of DDoS Attacks 1. Research About the Company DDoS Attacks can be categorized into three categories • Volume Based Attacks • Protocol Attacks • Application Layer Attacks
Volume-Based Attacks 1. Research About the Company • Volume-Based attacks work on saturating the target network’s bandwidth with heavy volumes of traffic • Ping (ICMP) Flood and UDP floods are two examples of volume-based attacks
Ping(ICMP) Flood 1. Research About the Company In this type of attack, the attacker sends several ICMP echo-requests to the target device. By default, the target device must reply with an ICMP echo reply packet ICMP Echo Request (Spoofed) ICMP Echo Request (Spoofed) ? ICMP Echo Reply . . . ? ICMP Echo Reply
Protocol Attacks 1. Research About the Company • This attack targets the networking layer of the target device. A protocol attack focuses on exploiting firewalls and other server resources • Types of protocol attacks are Ping of Death, SYN floods, and Smurf DDoS to name a few
SYN Flood Attack 1. Research About the Company In a SYN Flood attack, the attacker sends several SYN packets with spoofed IP addresses to the target. The target sends the response to the dummy address and then exhausts its resources by waiting for an acknowledgement SYN-ACK SYN-ACK Spoofed SYN Packet Spoofed SYN Packet SYN-ACK ? SYN-ACK ? ? ?
Application Layer Attacks 1. Research About the Company • Application layer attacks, focus on crashing the web servers. These attacks are comparatively sophisticated • Types of application layer attacks are HTTP(/s) Flooding, Slowloris, Low and Slow attack, to name a few
HTTP Flood 1. Research About the Company A huge number of legitimate looking HTTP GET, or POST requests are used to flood the server in this type of an attack. This in return causes a denial of service HTTP GET/ POST HTTP GET/ POST . . . Target HTTP GET/ POST Botnet
1. Research About the Company DDoS Attack Prevention
DDoS Attack Prevention 1. Research About the Company • Acquire more Bandwidth
DDoS Attack Prevention 1. Research About the Company • Have a Response plan ready
DDoS Attack Prevention 1. Research About the Company • Configure Network Hardware against an attack
DDoS Attack Prevention 1. Research About the Company • Make use of Cloud
DDoS Attack Prevention 1. Research About the Company • Monitor your website traffic
DDoS Attack Prevention 1. Research About the Company • Be aware of the warning signs
DDoS Attack Prevention 1. Research About the Company • Have everything up to date
DDoS Attack Prevention 1. Research About the Company • Use DDoS prevention tools like Imperva, Cloudfare, F5 Networks, Arbor DDoS
1. Research About the Company Digital Attack Map
1. Research About the Company How Can Simplilearn Help You?
How Can Simplilearn Help You? 1. Research About the Company