Professional Documents
Culture Documents
Defesa Cibernética e Redução de Custos de Conexão - A Tecnologia de Operadoras Globais Ao Alcance Dos ISPs
Defesa Cibernética e Redução de Custos de Conexão - A Tecnologia de Operadoras Globais Ao Alcance Dos ISPs
Eduardo Maffessoni
Consulting Engineer - Instructor
CURIOSIDADES
DE POSSUIR
VISIBILIDADE
Tráfego na cidade do RJ durante as Olimpiadas, subiu ~50%
3
Tráfego total NETFLIX Brasil, durante os jogos:
4
Total do tráfego interno do Brasil, aumenta 40% durante as Olimpiadas
5
Tráfego de Internet no Brasil, cai ~20% durante a abertura
dos jogos Olímpicos
6
Tráfego do Google sobe ~500% no RJ
7
Monitoramento da BotNet IoT – constante a 18 meses
8
Monitoramento global de TELNET
Utilizado para
Padrão de
manutenção,
comunicação da
descoberta,
Bot
infecção
9
Aproximadamente, 500.000 devices na Internet
10
O que é ter visibilidade de seu tráfego?
11
O QUE A ARBOR PROVÊ
100% dos T1 de Internet
8 dos 10 maiores bancos do planeta
3 das 5 maiores redes sociais
5 das 5 maiores operadoras de cartões globais
5 últimos jogos Olímpicos
(FORMER PEAKFLOW)
Comprehensive Dashboards
TCP Applications
18
IPv6 Reports and Dashboard
Benefits
Understand IPv6 Usage
Better IPv6 planning
19 Identify potential misuse of tunnels
Peer Reports & Tools: Peering Evaluation
Find best candidates for new peering and visualize
savings against existing transit connections
20
Peer Reports & Tools: Transit Reports
Ensure peering
and transit
arrangements
are as cost
effective as
possible
– Assure that existing peering agreements are being used to their full potential
• Ensure that transit customers are abiding service agreements like no-
resell agreements
21
Route and VPN Analytics
• VPN Analytics
– MPLS in/out per router, per interface
– QoS in/out per router / interface
– MPLS egress PE per router / interface
Benefits
Improved Operations Management
Enhance MPLS Service Revenue
Manage Service Level Agreements
Optimize capital spend
22
Arbor’s Peakflow Solution for Service Providers
You Can’t Protect What You Can’t See…We See Things Others
Can’t.
Public Private
BUSINESS
CUSTOMERS
Attack Traffic
CUSTOMER
Legit Traffic Transit Peer Edge EDGE
INTERNET BACKBONE
BROADBAND
SUBSCRIBERS
MOBILE
SUBSCRIBERS
& DEVICES
MOBILE NETWORK
27
Service Protection with Peakflow SP
HTTP / Web 2.0 Protection
– Block malformed HTTP
– Rate-limit HTTP requests
– Stop “low and slow” attacks
SSL Protection
– Neutralize SSL signaling protocol attacks
VoIP Protection
– Block malformed SIP packets
– SIP request limiting
DNS Protection
– DNS Regular Expressions (RegEx)
– DNS Authentication/Anti-Spoofing
– DNS Query Rate Limiting
– DNS Non-Existent Domain (NXDOMAIN)
– Rate Limiting
Benefits
IP-based Protection Protect business critical applications
– Packet scrubbing (TCP / UDP/ ICMP) from targeted attacks
– TCP Connection reset
– White list / black list
28
Threat Detection Methods
• Misuse Anomaly
– Thresholds for potentially
malicious traffic (TCP SYN, IP
Frag, DNS malformed, etc)
• Profiled Anomaly
– Legitimate traffic that exceeds
normal patterns (e,g, http flood
attacks, amplification attacks)
• Fingerprint Anomaly
– Known attack signatures
– Auto updates – ATF, FSA
– Custom
• IP Location Anomaly
– Alert on Traffic Spikes from
unexpected countries
• Cloud Signaling
– Cloud signaling alerts from
registered Pravail APS devices
30
Obrigado