lightning talks - cyber security congres 2016

ICE:%In%Case%of%EmergencyA"mobile"application"used"to"warn"people"about"an"emergency

Joey"Mosterd,"Michel"Roke,"Michel"van"der"Hoorn"and"Pedro"Lopes"Silva

Emergency%scenario

Fire"breaks"out"in"a"garage"and"the"alarm"will"only"cover"a"certain"area.

People"traveling"towards"the"emergency"are"oblivious"of"the"situation

Which"could"result"into"a"situation"like"this

But%how%can%you%reduce%the%impact?How"can"you"spread"the"news?

What"can"you"utilize"too"ensure"as"many"people"as"possible"receive"the"information"needed"to"help"contain"the"emergency?

Introducing…%

ICE%AppIn%Case%of%Emergency

• Is"a"tool"to"inform"people"in"crisis"situations

• Is"able"to"send"push"notifications"to"users

• Helps"to"reduce"crowds"in"a"crisis"situation

• Is"divided"in"two"application,"send"and"receive

• Can"be"installed"on"Android"and"iOS

ICE%App…..

Log"in"using"an"administrator"account

How%does%ICE%App%work?

Select"the"type"of"emergency

Start%broadcast

Select"or"write"a"message

Select"the"buildings"that"are"effected

Send"the"broadcast

Flexible%design

! The"application"is"designed"to"be"easily"adjusted

! It"can"be"used"as"is"with"little"effort

!Or"combined"with"existing"applications

Michael(Mehrow(RSE,RHBAdviseur Veiligheid

Hogeschool Windesheim

m.mehrow@windesheim.nl

VAN$SECURITY$AWARENESS$TRAINING

Fysieke'gamification

Door:$Tim$de$Graaf

De'mens als schakel

• Phishing$en spear@phishing

• Trojanized software$installers$(malware)

• Ddos door$misbruik van$IoT

• BYOD$vs$Shadow@it

• Focus$van$aanvallers op$de$thuisomgeving

Security'testing

• Crisisoefeningen• Ethical$hacking

• Resultaten direct$toepasbaar

• Aanspreekbaarheid

• Lastig controleerbaar• Lastig gevolgen beperken

• Lastig gewenste scenario$te bereiken• Lastig aanspreekbaarheid prettig te laten ervaren

Security'awareness'training

• Bewustzijn (dreigingen,$belang,$eigen rol)• Kennis (voorkomen,$beperken,$afhandelen)• Gedrag

• “Het$duurde te lang”• “Het$sprak niet aan”

• “Kennis blijft niet goed hangen”• “Het$doel ging langs ze heen”

Security'awareness'games

• Leuk• Interactief• Extra$motivatie• Controlen• Beheersen

• “Het$spel was$niet echt leuk”

• “Het$was$wel leuk,$maar$ik heb er niet echt iets van$geleerd”• “Dit zal in$het$echt nooit zo$gebeuren”• “Dit zal mij nooit gebeuren”

Escape'Rooms

• Leuk• Teambuilding• Educatieve inzet

• Extra$motivatie

• Barrieres• Realisme• Controleren• Beheersen

Mogelijkheden

• Cyber$security$vanuit de$aanvaller bekijken• Deelnemers elkaar laten hacken• Meekijken door$(niet@)deelnemers

• Competitie

• Herspeelbaarheid• Beloningen

• Kosten• Ruimte

• Benodigdheden• Beschikbaarheid

DDoS Attackson the Root DNS

Presented by

Ricardo de Oliveira Schmidt

November 18th, 2016 Amsterdam, Netherlands

Presentation copyright © 2016 by Ricardo de Oliveira Schmidt

CYBER SECURITY CONGRESS

Reference:

Anycast Vs. DDoS: Evaluating the November 2015 Root DNS Event

Giovane C. M. Moura, Ricardo de O. Schmidt, John Heidemann, Wouter B. de Vries, Moritz Müller, Lan Wei and Cristian Hesselman

ACM Internet Measurements Conference (IMC), Santa Monica-USA, 2016 (Technical Report ISI-TR-2016-709, USC/Information Sciences Institute)

Distributed Denial of Service

Distributed Denial of Service

?

?

? ?

Big and getting bigger2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible

Easy and getting easier2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters) offer few Gb/s @ US$ 5

Frequent and getting frequent-er2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25)

Distributed Denial of Service

Big and getting bigger2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible

Easy and getting easier2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters)

Frequent and getting frequent-er2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25)

Distributed Denial of Service

vDOS

Big and getting bigger2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible

Easy and getting easier2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters)

Frequent and getting frequent-er2002: the October 30 DNS Root event 2016: 3 recent big attacks

(2015-11-30, 2015-12-01, 2016-06-25)

Distributed Denial of Service

vDOS

Distributed Denial of Service

Image copyrights © thehackernews.com

Distributed Denial of Service

Image copyrights © thehackernews.com

"Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec"

Swati Khandelwal, thehackernews.com

"Root DNS servers DDoS'ed: was it a show off?" Yuri Ilyin, Kaspersky

"Someone Is Learning How to Take Down the Internet" Bruce Schneier, Schneier on Security

DDoS attack on the Root DNS

Peak of 35+ Gb/s 5 million queries/sec Impact was moderate

Thanks to the robustness of the whole system

The Nov. 30 Event

What was the impact?

Most letters suffered a bit (E, F, I, J, K) a lot (B, C, G, H)

Did not see attack traffic D, L, M

Problems on reachability! ... but also on performance

The Nov. 30 Event

0 2000

9000

num

ber o

f VPs

with

suc

cess

ful q

uerie

s

B C

0

5000

E F

1000

9000

G H

0

45007000

I J

0

6000

9000

0 5 10 15 20 25 30 35 40 45hours after 2015-11-30t00:00 UTC

K

0 5 10 15 20 25 30 35 40 45

A D L M

Collateral damage!

D-Root was not targeted... ... but felt the attack

The Nov. 30 Event

0

20

40

60

80

100

120

0 5 10 15 20 25 30 35 40 45

540

580

620

660

num

ber

of V

Ps

hours after 2015-11-30t00:00 UTC

D-FRA

D-SYD

D-AKL

D-DUB

D-BUR

The Root DNS handled the situation quite well... ... at no time the service was completely unreachable

Resilience of the Root DNS is not an accident... ... consequence of fault tolerant design and good engineering!

True diversity is key to avoid collateral damage

The Lessons Learned

And, What Now?Learn from the Root DNS experiences

Have in mind the possible very large DDoS attacks when... ... designing Internet systems ... improving countermeasures and mitigation strategies

It does not matter if...

... someone was showing off

... someone was testing/scanning the infrastructure

... someone is learning how to take down the Internet

It was a big wake up call, this is critical infrastructure!

Things are escalating pretty fast and apparently we are not fully aware of what we are dealing with.

Acknowledgements:

Arjen Zonneveld, Jelte Jansen, Duane Wessels, Ray Bellis, Romeo Zwart, Colin Petrie, Matt Weinberg and Piet Barber

SIDN Labs, NLnet Labs and SURFnet

Self-managing Anycast Networks for the DNS (SAND) project | http://www.sand-project.nl/ NWO DNS Anycast Security (DAS) project | http://www.das-project.nl/

r.schmidt@utwente.nl http://www.ricardoschmidt.com

SECTOR'ONDERWIJS'EN'ONDERZOEK

CYBERDREIGINGSBEELD,2016

Bart'Bosma,'SURFnetbart.bosma@surfnet.nl

CYBERDREIGINGSBEELD,2016

Onderzoek

Onderwijs

Bedrijfsvoering

3,processen

CYBERDREIGINGSBEELD,2016

Onderwijs

CYBERDREIGINGSBEELD,2016

Onderzoek

CYBERDREIGINGSBEELD,2016

Bedrijfsvoering

CYBERDREIGINGSBEELD,2016

Trends:• Phishing'• Ransomware'• DDoS• Kwetsbaarheden in'software• Responsible'Disclosure• Ketenbeveiliging

0

20

40

60

80

1 4 7 1013161922252831343740

CYBERDREIGINGSBEELD,2016

https://www.surf.nl/cyberdreigingsbeeld