8. DDoS attacks by sector
FE
HEI
School or Council
Science & Research
Other
2016/17 2017/18
DDoS 2018/17 review 8
9. Sector breakdown over the last year
Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18
Attacks
FE HEI School or Council Other Science & Research
DDoS 2018/17 review 9
10. Sector breakdown over the last year
Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Apr-18 May-18 Jun-18 Jul-18 Aug-18 Sep-18 Oct-18
Attacks
FE HEI School or Council Other Science & Research
DDoS 2018/17 review 10
24. Enhanced DDoS Service (Cyber security portal)
• Real-time information on any alerts, attacks and mitigations.
• Network-wide perspective on the frequency and impact of alerts.
• Regular DDoS reporting (PDF via email)
• Download a sample of attack traffic (In development)
cybersecurity.jisc.ac.uk
DDoS 2018/17 review 24
26. Enhanced DDoS service (Response time)
DDoS 2018/17 review 26
Foundation
mitigation
Protecting your network connection.
Mitigation is manually applied by security analysts.
Mon-Fri 9am – midnight. Sat/Sun 9am – 5pm.
Fast Automated mitigation. High level threat alerts trigger rerouting
and mitigation within 4 minutes.
Service available 24/7.
Instant Permanent mitigation. All traffic is permanently routed via
mitigation ensuring no mitigation delay in the event of an attack.
Service available 24/7.
27. Response speed – Fast
DDoS 2018/17 review 27
Time
Mbps
Total Traffic
Filtered Traffic
Passed Traffic
Attack
Launched
Automatic response
~4 mins
28. Response speed – Instant
DDoS 2018/17 review 28
Time
Mbps
Attack
Launched
Total Traffic
Filtered Traffic
Passed Traffic
29. Enhanced DDoS service (Customisation)
DDoS 2018/17 review 29
Foundation
mitigation
Protecting your network connection.
Mitigation is manually applied by security analysts.
Mon-Fri 9am – midnight. Sat/Sun 9am – 5pm.
Pre-
configured
Choose from one of a selection of pre-configured service
profiles. Alert triggers and mitigation responses are designed by
Jisc security analysts to be suitable for many services.
Bespoke With the help of a security analyst adjust parameters of an alert
or mitigation in order to create a bespoke mitigation to protect
your unique services. Advanced reporting via the portal.
31. Enhanced DDoS service (Order process)
DDoS 2018/17 review 31
Assessment call
Proposal and quotation
Acceptance/order
Implementation call
Implement mitigation
32. Enhanced DDoS service
(Assessment call)
DDoS 2018/17 review 32
The mandatory assessment call is essential
for us to understand your concerns,
performance requirements, technical
configurations and work through all the
options to offer the most economic and
appropriate solution.
???
33. If testing or “go-live” isn’t
feasible during normal
working hours we can
arrange an out-of-hours test
and switch on.*
*There is a £500 charge for this service
Enhanced DDoS service (Implementation call)
During the implementation
call we configure the system
using the details you’ve
gathered.
We recommend testing the
mitigation system during this
process to ensure the
configuration is performing
correctly.
DDoS 2018/17 review 33
34. Get in
touch…
Except where otherwise noted,
this work is licensed under CC-BY
Lee Harrigan-Green
chief security architect
Lee.Harrrigan-Green@jisc.ac.uk
Enhanced DDoS enquiries
securityservices@jisc.ac.uk
Editor's Notes
Science & Research councils are made up from this category so this explains why there are so few.
Key points from this slideadsfdsaf
Key points from this slideadsfdsaf
Key points from this slide
The importance of Memcached
15 bytes of data can generate a 750KB response—an amplification of 51000x amplification however we only generally see a 70x amplification factor in the attacks that we have received.
This is the attack vector that generated the 1.3 Tbps attack against Github
And also Arbor confirmed that 1.7 Tbps Attack against a US service provider.
Key points from this slide
3.2 Million Open resolvers currently tracked by shadowserver
Key points from this slide
We are seeing a consistent trend with CLDAP attacks
Key points from this slide
Key points from this slide
Key points from this slide
At first glance it would appear that this attack vector is insignificant.
However this is due to a new method of reflecting attacks via cloud services using TCP and not UDP
This is similar to the description previously.