SlideShare a Scribd company logo

Janet network DDoS experiences - Networkshop44

Download as PPTX, PDF
Jisc
Jisc

Janet network DDoS experiences - Tim Kidd, Jisc

Education
1 of 15
Janet Network DDoS Experience 23/03/2016 Janet Network DDoS Experience
23/03/2016 Janet Network DDoS Experience Tim Kidd Executive director, Jisc technologies Tim.Kidd@jisc.ac.uk What happened in early December
To set the scene… »I will say more than we have said publicly »There is a police investigation ongoing »Confidentiality 23/03/2016 Janet Network DDoS Experience
Timeline » Tuesday 1 Dec 11:15 - 1 hour Attack directed at NW institution then  infrastructure » Friday 4 Dec 13:58 - 40 minutes Initial blocks in place at 14:35 with attack blocked » Friday 4-Dec 15:54 - 20 minutes Initial blocks at 16:02 but little impact, attack blocked at 16:16 » Monday 7 Dec 09:11 - 1 hour 10 minutes Initial blocks at 09:47 but little impact, attack blocked at 10:18 » Monday 7 Dec 11:17 - 25 minutes Attack blocked at 11:40 » Tuesday 8 Dec 09:10 - 3 hours 30 minutes Blocked at 10:10 but further problems due to defensive blocks 23/03/2016 Janet Network DDoS Experience Engineers prepared next level of blocks to install Monday morning Jisc website hit 11:39 coincidence?
Communication »Declared a major incident; used web page andTwitter @JiscMI »In accordance with major incident procedure, staff were moved from normal duties to bolster the Janet Service Desk but still more calls than we could handle 23/03/2016 Janet Network DDoS Experience
External border protection »≈50 routers to configure »Blocked IP fragments to all infrastructure »PolicedTCP, UDP and ICMP to core infrastructure »Site access link infrastructure under way 23/03/2016 Janet Network DDoS Experience
Lessons Learned »BBC DDoS attack on 31 December caused people to think Janet was being attacked »A malicious attack feels very different from other major incidents »Potential misuse of public updates viaTwitter – use SMS directly to nominated people »A more nuanced response (bronze, silver, gold) and difference between Major Incident and High Impact Incident »Accelerate the DDoS element of our security programme »Secure the infrastructure address space 23/03/2016 Janet Network DDoS Experience
23/03/2016 Janet Network DDoS Experience Steve Kennett Head of operational services Steve.Kennett@jisc.ac.uk Responding to a changing threat landscape
Security programme » Information security management » ISO27001 » DDoS mitigation » Security X-ray » Cybersecurity intelligence » Vulnerability assessment » Phishing mitigation » Malware analysis » Digital forensics » Password managers » Web filtering 23/03/2016 Janet Network DDoS Experience
What’s changing in the threat landscape? »Janet and customer infrastructure has now been directly targeted »Attacks appear to be more reactive to countermeasures we deploy »An effective attack now only requires a credit card »The cost of launching an attack continues to drop 23/03/2016 Janet Network DDoS Experience
The challenge of dealing with large scale DDoS » Requires coordinated action between customer and Janet operations: › Impacts the weakest link between where attacks enter Janet and the target system › Depending on scale can disrupt customer, regional or even national infrastructures › Once customer access link capacity is overloaded you have limited options › Providing advice on likely duration and impact of event(s) › Multiple internet connections do not necessarily help depending on nature and sophistication of attack › Asymmetry of costs between attackers and defenders 23/03/2016 Janet Network DDoS Experience
Impact of mitigation (I) »We have to detect attacks in order to apply mitigation – reactive function »Traffic will have to be re-routed to apply mitigation »Some traffic latency will be introduced »Mitigation is not 100% effective – some ’attack’ traffic will still get through »Can create false positives – blocking genuine traffic »Legitimate traffic flows look similar to large scale DDoS – improved awareness and coordination required 23/03/2016 Janet Network DDoS Experience
Impact of mitigation (II) »Greater automation is required to free up resources, control costs and support response time »Mitigation capacity is expensive to deliver and operate »Organisations under persistent attack can be kept in mitigation - but capacity is limited »Arms race in capacity terms is likely »System complexity 23/03/2016 Janet Network DDoS Experience
23/03/2016 Janet Network DDoS Experience Questions?
jisc.ac.uk 23/03/2016 Janet Network DDoS Experience Tim Kidd Executive director, Jisc technologies Tim.Kidd@jisc.ac.uk

Recommended

Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Jisc
 
Parallel session: mobility
Parallel session: mobilityParallel session: mobility
Parallel session: mobilityJisc
 
Network engineering surgery (part one)
Network engineering surgery (part one)Network engineering surgery (part one)
Network engineering surgery (part one)Jisc
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingJisc
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
Parallel session: campus networking
Parallel session: campus networkingParallel session: campus networking
Parallel session: campus networkingJisc
 
Introducing Jisc's new managed identity provider service
Introducing Jisc's new managed identity provider serviceIntroducing Jisc's new managed identity provider service
Introducing Jisc's new managed identity provider serviceJisc
 
NWCSC March 2022 event.pptx
NWCSC March 2022 event.pptxNWCSC March 2022 event.pptx
NWCSC March 2022 event.pptxCyber Security Partners
 

Recommended

Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Jisc
 
Parallel session: mobility
Parallel session: mobilityParallel session: mobility
Parallel session: mobilityJisc
 
Network engineering surgery (part one)
Network engineering surgery (part one)Network engineering surgery (part one)
Network engineering surgery (part one)Jisc
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingJisc
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
Parallel session: campus networking
Parallel session: campus networkingParallel session: campus networking
Parallel session: campus networkingJisc
 
Introducing Jisc's new managed identity provider service
Introducing Jisc's new managed identity provider serviceIntroducing Jisc's new managed identity provider service
Introducing Jisc's new managed identity provider serviceJisc
 
NWCSC March 2022 event.pptx
NWCSC March 2022 event.pptxNWCSC March 2022 event.pptx
NWCSC March 2022 event.pptxCyber Security Partners
 
Jisc and janet network updates from network operations, operational services ...
Jisc and janet network updates from network operations, operational services ...Jisc and janet network updates from network operations, operational services ...
Jisc and janet network updates from network operations, operational services ...Jisc
 
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdfUsamaBSEBUIC
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.pptEllenSutiyem
 
PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)Pace IT at Edmonds Community College
 
Distributed Denial Of Service ( Ddos )
Distributed Denial Of Service ( Ddos )Distributed Denial Of Service ( Ddos )
Distributed Denial Of Service ( Ddos )Sharon Lee
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016TierPoint
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Cyber Attack Analysis
Cyber Attack AnalysisCyber Attack Analysis
Cyber Attack Analysiscodefortomorrow
 
Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Brian Metzger
 
Nominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportNominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportYuriy Yuzifovich
 
Surviving a DDOS Attack
Surviving a DDOS AttackSurviving a DDOS Attack
Surviving a DDOS AttackEduserv
 
Surviving a DDOS Attack
Surviving a DDOS AttackSurviving a DDOS Attack
Surviving a DDOS AttackJo Bridger
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
 
A041201010
A041201010A041201010
A041201010ijceronline
 
IRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in ManetIRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in ManetIRJET Journal
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014Raleigh ISSA
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacksSaptha Wanniarachchi
 
Master's Thesis
Master's ThesisMaster's Thesis
Master's ThesisG Prachi
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 

More Related Content

Similar to Janet network DDoS experiences - Networkshop44

Jisc and janet network updates from network operations, operational services ...
Jisc and janet network updates from network operations, operational services ...Jisc and janet network updates from network operations, operational services ...
Jisc and janet network updates from network operations, operational services ...Jisc
 
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdfUsamaBSEBUIC
 
Distributed Denial Of Service ( Ddos )
Distributed Denial Of Service ( Ddos )Distributed Denial Of Service ( Ddos )
Distributed Denial Of Service ( Ddos )Sharon Lee
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016TierPoint
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Brian Metzger
 
Nominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportNominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportYuriy Yuzifovich
 
Surviving a DDOS Attack
Surviving a DDOS AttackSurviving a DDOS Attack
Surviving a DDOS AttackEduserv
 
Surviving a DDOS Attack
Surviving a DDOS AttackSurviving a DDOS Attack
Surviving a DDOS AttackJo Bridger
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
 
IRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in ManetIRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in ManetIRJET Journal
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014Raleigh ISSA
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacksSaptha Wanniarachchi
 
Master's Thesis
Master's ThesisMaster's Thesis
Master's ThesisG Prachi
 

Similar to Janet network DDoS experiences - Networkshop44 (20)

Jisc and janet network updates from network operations, operational services ...
Jisc and janet network updates from network operations, operational services ...Jisc and janet network updates from network operations, operational services ...
Jisc and janet network updates from network operations, operational services ...
 
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.ppt
 
PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)
 
Distributed Denial Of Service ( Ddos )
Distributed Denial Of Service ( Ddos )Distributed Denial Of Service ( Ddos )
Distributed Denial Of Service ( Ddos )
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
Cyber Attack Analysis
Cyber Attack AnalysisCyber Attack Analysis
Cyber Attack Analysis
 
Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016
 
Nominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportNominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security Report
 
Surviving a DDOS Attack
Surviving a DDOS AttackSurviving a DDOS Attack
Surviving a DDOS Attack
 
Surviving a DDOS Attack
Surviving a DDOS AttackSurviving a DDOS Attack
Surviving a DDOS Attack
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
 
A041201010
A041201010A041201010
A041201010
 
IRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in ManetIRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in Manet
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacks
 
Master's Thesis
Master's ThesisMaster's Thesis
Master's Thesis
 

More from Jisc

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxJisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxJisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptxJisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxJisc
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxJisc
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxJisc
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJisc
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxJisc
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptxJisc
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptxJisc
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxJisc
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptxJisc
 

More from Jisc (20)

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptx
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptx
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptx
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptx
 

Recently uploaded

Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 

Recently uploaded (20)

Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 

Janet network DDoS experiences - Networkshop44

  • 1. Janet Network DDoS Experience 23/03/2016 Janet Network DDoS Experience
  • 2. 23/03/2016 Janet Network DDoS Experience Tim Kidd Executive director, Jisc technologies Tim.Kidd@jisc.ac.uk What happened in early December
  • 3. To set the scene… »I will say more than we have said publicly »There is a police investigation ongoing »Confidentiality 23/03/2016 Janet Network DDoS Experience
  • 4. Timeline » Tuesday 1 Dec 11:15 - 1 hour Attack directed at NW institution then  infrastructure » Friday 4 Dec 13:58 - 40 minutes Initial blocks in place at 14:35 with attack blocked » Friday 4-Dec 15:54 - 20 minutes Initial blocks at 16:02 but little impact, attack blocked at 16:16 » Monday 7 Dec 09:11 - 1 hour 10 minutes Initial blocks at 09:47 but little impact, attack blocked at 10:18 » Monday 7 Dec 11:17 - 25 minutes Attack blocked at 11:40 » Tuesday 8 Dec 09:10 - 3 hours 30 minutes Blocked at 10:10 but further problems due to defensive blocks 23/03/2016 Janet Network DDoS Experience Engineers prepared next level of blocks to install Monday morning Jisc website hit 11:39 coincidence?
  • 5. Communication »Declared a major incident; used web page andTwitter @JiscMI »In accordance with major incident procedure, staff were moved from normal duties to bolster the Janet Service Desk but still more calls than we could handle 23/03/2016 Janet Network DDoS Experience
  • 6. External border protection »≈50 routers to configure »Blocked IP fragments to all infrastructure »PolicedTCP, UDP and ICMP to core infrastructure »Site access link infrastructure under way 23/03/2016 Janet Network DDoS Experience
  • 7. Lessons Learned »BBC DDoS attack on 31 December caused people to think Janet was being attacked »A malicious attack feels very different from other major incidents »Potential misuse of public updates viaTwitter – use SMS directly to nominated people »A more nuanced response (bronze, silver, gold) and difference between Major Incident and High Impact Incident »Accelerate the DDoS element of our security programme »Secure the infrastructure address space 23/03/2016 Janet Network DDoS Experience
  • 8. 23/03/2016 Janet Network DDoS Experience Steve Kennett Head of operational services Steve.Kennett@jisc.ac.uk Responding to a changing threat landscape
  • 9. Security programme » Information security management » ISO27001 » DDoS mitigation » Security X-ray » Cybersecurity intelligence » Vulnerability assessment » Phishing mitigation » Malware analysis » Digital forensics » Password managers » Web filtering 23/03/2016 Janet Network DDoS Experience
  • 10. What’s changing in the threat landscape? »Janet and customer infrastructure has now been directly targeted »Attacks appear to be more reactive to countermeasures we deploy »An effective attack now only requires a credit card »The cost of launching an attack continues to drop 23/03/2016 Janet Network DDoS Experience
  • 11. The challenge of dealing with large scale DDoS » Requires coordinated action between customer and Janet operations: › Impacts the weakest link between where attacks enter Janet and the target system › Depending on scale can disrupt customer, regional or even national infrastructures › Once customer access link capacity is overloaded you have limited options › Providing advice on likely duration and impact of event(s) › Multiple internet connections do not necessarily help depending on nature and sophistication of attack › Asymmetry of costs between attackers and defenders 23/03/2016 Janet Network DDoS Experience
  • 12. Impact of mitigation (I) »We have to detect attacks in order to apply mitigation – reactive function »Traffic will have to be re-routed to apply mitigation »Some traffic latency will be introduced »Mitigation is not 100% effective – some ’attack’ traffic will still get through »Can create false positives – blocking genuine traffic »Legitimate traffic flows look similar to large scale DDoS – improved awareness and coordination required 23/03/2016 Janet Network DDoS Experience
  • 13. Impact of mitigation (II) »Greater automation is required to free up resources, control costs and support response time »Mitigation capacity is expensive to deliver and operate »Organisations under persistent attack can be kept in mitigation - but capacity is limited »Arms race in capacity terms is likely »System complexity 23/03/2016 Janet Network DDoS Experience
  • 14. 23/03/2016 Janet Network DDoS Experience Questions?
  • 15. jisc.ac.uk 23/03/2016 Janet Network DDoS Experience Tim Kidd Executive director, Jisc technologies Tim.Kidd@jisc.ac.uk

Editor's Notes

  1. 1/12: Affected global transit in the North. Started as standard DDoS then moved to infrastructure as we blocked the attack. 01-12-15 11:15 1 hour Attack was directed through global transit links into Telecity Manchester. Blocks in place by 12:13 UTC with connectivity stabilising throughout network. This attack mainly affected NNW, CNL and YHR. 04-12-15 13:58 40 min & 04-12-15 15:54 20 min Attack starts at 13:58 UTC on Friday 4th December. All sites using Northern Global Connectivity were affected. First blocks implemented at 14:35 with connectivity restored. Second attack starts via changed vector at 15:54 UTC. Further blocks in place at 16:02 but have little effect. Attack stops at 16:16 UTC 07-12-15 09:11 1 hr 10 min & 07-12-15 11:17 25 min Attack starts at 09:11 UTC on Monday 7th December. All sites using Northern Global Connectivity were affected. Blocks placed at 09:47 have little impact. Further blocks placed at 10:18 UTC which stabilises connectivity. 08-12-15 09:10 3 hr 30 min Attack starts at 09:10 UTC on Tuesday 8th December. Attack via global transit links into Telehouse North and Telecity Manchester. Whole network affected. First blocks identified at 09:20 Attack stopped at 10:10 UTC but connectivity issues remained due to defensive blocks that we had put in place. These blocks were inspected and modified a number of times and finally restored connectivity at 12:40 UTC. Web Submit advise JISC main website is also a target and is offline from 11:39 UTC. 08-12-15 13:47 10 min Attack directed at West Notts College affecting the whole of the East Midlands Region at 13:47 UTC. Blocks applied by 13:54 UTC. Connectivity stable.
  2. Expect to secure infrastructure address space by the end of March. We will be writing to sites that appear to be using it very shortly and will help them to move off this.
  3. As we heard in the introduction from Bob we are not having to deal with a changing threat landscape
  4. If your being targeted then multiple connections does not necessary help – if an attacker knows you have two or three connections these can be targeted If your organisation is near an attack targeting an organisation or regional infrastructure then multiple connection might help if your infrastructure is sufficiently resilient
  5. Be clear that traffic needs to be re-routed Data centre access and cloud services
  6. Expect to be able to fund capital for this exercise from available funds – but are recurrent costs that will go into overall operating costs