SlideShare une entreprise Scribd logo

Azure DDoS Protection Standard

A
arnaudlh

Azure DDoS Protection Standard

Internet
1  sur  28
Télécharger pour lire hors ligne
Azure DDoS Protection Standard Arnaud Lheureux Cloud Chief Security Officer One Commercial Partner Microsoft APAC Twitter: @arnaudLheureux
Attack Frequency Attack Size Attack Vectors 58% Vs. 2017 1.7 Tbps Peak 4X > 50Gbps 56% Multi-vector • Continued growth in frequency, size, sophistication, and impact • Often utilized as ‘cyber smoke screen’ to mask infiltration attacks 400 Gbps (NTP amp) 650 Gbps (Mirai) 1.7 Tbps (Memcached) 2+ Tbps (???) Attackers Use UPnP to SidestepDDoS Defenses May 2018 Attack Downtime 35% Businesses impacted Major cyber attack disrupts internet service across Europe & US using Mirai botnet Oct 2016 Feb 2018
DDoS attack types Volumetric attacks Example attacks Protocol attacks Example attacks Resource attacks Example attacks
VM Firewall Azure Deployments LB/NAT DDoSNVA/WAF Internet NSG & UDR Azure Defense in Depth for Virtual Networks
DDoS Shared Responsibility Model
Azure DDoS System Overview Region AZ-2 AZ-3AZ-1 RN RN DC DC Edge DC DC DC DC Edge DDoS Protection Express Route Internet Peers DDoS Protection Continuous monitoring Edge mitigation protects datacenter bandwidth Global distribution of attack traffic Regional failover Global mitigation platform
Azure DDoS Protection Standard Overview Virtual Network
Azure DDoS Defense Designed into the global network Global distribution of attack traffic during large scale attacks 25+ Tbps global mitigation capacity Continuous monitoring, learning, and protection signature improvements Proven defense for Microsoft services Specifically tuned protection for your app Active traffic monitoring to proactively detect emerging threats and attack vectors Traffic Monitoring DDoS Protection DDoS Protection Azure Host SDN Emerging attack patterns Virtual Network Your applications
Simple to provision for all your virtual network resources Always on monitoring with near real time telemetry and alerting Automatic network layer attack DDoS Attack Analytics Attack data snapshots and full post attack summary DDoS Rapid Response Azure Security Center integration Cloud scale DDoS protection for your applications
Choose DDoS Protection Standard when • You have been a victim of targeted DDoS attacks in past • You’re running your business critical applications in Azure • You need visibility when your resources are under attack. • You want DDoS policies tuned to the traffic pattern of your application • You have to prove DDoS mitigation compliance assurance
Azure Marketplace WAF
Azure Security Center
Best Practices & Reference Architecture http://aka.ms/ddosbest Design for scalability Ensure that your VM architecture includes more than one VM and that each VM is included in an availability set. Recommend using Virtual machine Scale Sets for autoscaling capabilities ……. Defense in depth deploy Azure services in a virtual network Using service endpoints will switch service traffic to use virtual network private addresses ……. Design for security Focus on the 5 pillars of software quality. Security and privacy are built right into the Azure platform, beginning with the Security Development Lifecycle (SDL)………
Attack Mitigations Attack defense originates in the region where the application is hosted but we utilize global capacity depending on attack size Users (and attackers) connect to your applications via the closest Azure edge location Attack Type Description Ping Flood Server receives a lot of spoofed Ping packets from a very large set of source IP it is being targeted by a Ping Flood attack. Such an attack’s goal is to flood the target with ping packets until it goes offline IP Null Attack TCP packet with none of the SYN, FIN, ACK, or RST flags set has been sent to a specific host., these packets can bypass security measures. CharGEN Flood A CharGEN amplification attack is carried out by sending small packets carrying a spoofed IP of the target to internet enabled devices running CharGEN. These spoofed requests to such devices are then used to send UDP floods as responses from these devices to the target. SNMP Amplification SNMP amplification attack is carried out by sending small packets carrying a spoofed IP of the target to the internet enabled devices running SNMP.These spoofed requests to such devices are then used to send UDP floods as responses from these devices to the target. However, amplification effect in SNMP can be greater when compared with CHARGEN and DNS attacks. NTP Reflection The NTP amplification attack is carried out by sending small packets carrying a spoofed IP of the target to internet enabled devices running NTP.These spoofed requests to such devices are then used to send UDP floods as responses from these devices to the target. DNS Reflection The attacker spoofs look-up requests to domain name system (DNS) servers to hide the source of the exploit and direct the response to the target. DNS Water Torture A randomized 12-character alphanumeric subdomain is prepended to the target domain and the attacking bots send their queries to their locally-configured DNS servers, which are typically DNS servers at local ISPs. SSDP Amplification SSDP enabled network devices that are also accessible to UPnP from the internet are an easy source for generating SSDP amplification floods. The SSDP amplification attack is also carried out by sending small packets carrying a spoofed IP of the target to devices. These spoofed requests to such devices are used to send UDP floods as responses from these devices to the target. QUIC Flood It uses UDP-80 to generate reflection attack. SYN Flood This attack exploits the design of the three-way TCP communication process between a client, host, and a server. In this process, a client initiates a new session by generating a SYN packet. The host assigns and checks these sessions until they are closed by the client. To carry out a SYN Flood attack, an attacker sends a lot of SYN packets to the target server from spoofed IP addresses. SYN-ACK Flood SYN-ACK packet is generated by the listening host to acknowledge an incoming SYN packet. A large amount of spoofed SYN- ACK packets is sent to a target server in a SYN-ACK Flood attack. ACK and PUSH ACK Flood During an active TCP-SYN session, ACK or PUSH ACK packets carry information to and from the host and client machines till the session lasts. During an ACK & PUSH ACK flood attack, a large amount of spoofed ACK packets is sent to the target server to deflate it.Since these packets are not linked with any session on the server’s connection list, the server spends more resources on processing these requests. ACK Flood This attack exploits the design of the three-way TCP communication process between a client, host, and a server. In this process, a client sent ACK packets to be part of existing session. ACK Fragmentation Fragmented ACK packets are used in this bandwidth consuming version of the ACK & PUSH ACK Flood attack. To execute this attack, fragmented packets of 1500 bytes are sent to the target server. RST/FIN Flood After a successful three or four-way TCP-SYN session, RST or FIN packets are exchanged by servers to close the TCP-SYN session between a host and a client machine. In an RST or FIN Flood attack, a target server receives a large number of spoofed RST or FIN packets that do not belong to any session on the target server. Synonymous TCP-SYN packets carrying the target server’s Source IP and Destination IP are sent to the target server. STOMP ( Session Flood Attack) Disguise of a valid TCP session by carrying a SYN, multiple ACK and one or more RST or FIN packets. UDP Flood In this type of DDoS attack a server is flooded with UDP packets. Unlike TCP, there isn’t an end to end process of communication between client and host. This makes it harder for defensive mechanisms to identify a UDP Flood attack. Random source IP/PORT.
DDoS Protection Planning Planning and preparing for a DDoS attack is crucial in understanding the availability and response of an application during an actual attack. We’ve partnered with BreakingPoint Cloud to offer tooling for Azure customers to generate traffic load against DDoS Standard enabled public endpoints via a safe environment. ü Various test profiles available ü Validate how Microsoft Azure DDoS Protection protects your Azure resources ü Optimize your incident response process ü Document DDoS compliance ü Train your network security teams
Deploying Azure DDoS Protection Standard Demo
Next steps Learn more about Azure DDoS Protection http://aka.ms/ddosprotectiondocs http://aka.ms/ddosbest http://aka.ms/ddosanalyticsblog http://aka.ms/ddosblog Connect with DDoS Protection specialists MSDN forums Stack overFlow Uservoice
Thanks for your attention! Arnaud Lheureux, CISSP https://aka.ms/arnaud Twitter : @arnaudLheureux
https://customers.microsoft.com
© 2019 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Recommandé

DDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldDDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldAmazon Web Services
 
[웨비나] 다중 AWS 계정에서의 CI/CD 구축
[웨비나] 다중 AWS 계정에서의 CI/CD 구축[웨비나] 다중 AWS 계정에서의 CI/CD 구축
[웨비나] 다중 AWS 계정에서의 CI/CD 구축BESPIN GLOBAL
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWSAmazon Web Services
 
A Deepdive into Azure Networking
A Deepdive into Azure NetworkingA Deepdive into Azure Networking
A Deepdive into Azure NetworkingKarim Vaes
 
AWS EC2
AWS EC2AWS EC2
AWS EC2Mahesh Raj
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets ManagerAmazon Web Services
 

Recommandé

DDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldDDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldAmazon Web Services
 
[웨비나] 다중 AWS 계정에서의 CI/CD 구축
[웨비나] 다중 AWS 계정에서의 CI/CD 구축[웨비나] 다중 AWS 계정에서의 CI/CD 구축
[웨비나] 다중 AWS 계정에서의 CI/CD 구축BESPIN GLOBAL
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWSAmazon Web Services
 
A Deepdive into Azure Networking
A Deepdive into Azure NetworkingA Deepdive into Azure Networking
A Deepdive into Azure NetworkingKarim Vaes
 
AWS EC2
AWS EC2AWS EC2
AWS EC2Mahesh Raj
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets ManagerAmazon Web Services
 
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessThe Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessAmazon Web Services
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)Srikanth Kappagantula
 
Networking Brush Up for Amazon AWS Administrators
Networking Brush Up for Amazon AWS AdministratorsNetworking Brush Up for Amazon AWS Administrators
Networking Brush Up for Amazon AWS AdministratorsAniekan Akpaffiong
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubCrishantha Nanayakkara
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practiceswalk2talk srl
 
AWS Security 솔루션 자세히 살펴보기 :: 신용녀 :: AWS Finance Seminar
AWS Security 솔루션 자세히 살펴보기 :: 신용녀 :: AWS Finance SeminarAWS Security 솔루션 자세히 살펴보기 :: 신용녀 :: AWS Finance Seminar
AWS Security 솔루션 자세히 살펴보기 :: 신용녀 :: AWS Finance SeminarAmazon Web Services Korea
 
Azure storage
Azure storageAzure storage
Azure storageAdam Skibicki
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeAmazon Web Services
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWSAmazon Web Services
 
Aws VPC
Aws VPCAws VPC
Aws VPCAbhishek Amralkar
 
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopMicrosoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopNicholas Vossburg
 
AWS Storage Gateway
AWS Storage GatewayAWS Storage Gateway
AWS Storage GatewayzekeLabs Technologies
 
Azure DNS Privé
Azure DNS PrivéAzure DNS Privé
Azure DNS PrivéAZUG FR
 
Aws IAM
Aws IAMAws IAM
Aws IAMChamali Liyanage
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOGZobair Khan
 
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSIJNSA Journal
 

Contenu connexe

Tendances

The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessThe Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessAmazon Web Services
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)Srikanth Kappagantula
 
Networking Brush Up for Amazon AWS Administrators
Networking Brush Up for Amazon AWS AdministratorsNetworking Brush Up for Amazon AWS Administrators
Networking Brush Up for Amazon AWS AdministratorsAniekan Akpaffiong
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practiceswalk2talk srl
 
AWS Security 솔루션 자세히 살펴보기 :: 신용녀 :: AWS Finance Seminar
AWS Security 솔루션 자세히 살펴보기 :: 신용녀 :: AWS Finance SeminarAWS Security 솔루션 자세히 살펴보기 :: 신용녀 :: AWS Finance Seminar
AWS Security 솔루션 자세히 살펴보기 :: 신용녀 :: AWS Finance SeminarAmazon Web Services Korea
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeAmazon Web Services
 
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopMicrosoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopNicholas Vossburg
 
Azure DNS Privé
Azure DNS PrivéAzure DNS Privé
Azure DNS PrivéAZUG FR
 

Tendances (20)

The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessThe Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)
 
Networking Brush Up for Amazon AWS Administrators
Networking Brush Up for Amazon AWS AdministratorsNetworking Brush Up for Amazon AWS Administrators
Networking Brush Up for Amazon AWS Administrators
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
 
AWS Security 솔루션 자세히 살펴보기 :: 신용녀 :: AWS Finance Seminar
AWS Security 솔루션 자세히 살펴보기 :: 신용녀 :: AWS Finance SeminarAWS Security 솔루션 자세히 살펴보기 :: 신용녀 :: AWS Finance Seminar
AWS Security 솔루션 자세히 살펴보기 :: 신용녀 :: AWS Finance Seminar
 
Azure storage
Azure storageAzure storage
Azure storage
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access management
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in Practice
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
Aws VPC
Aws VPCAws VPC
Aws VPC
 
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance WorkshopMicrosoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
Microsoft Cloud Adoption Framework for Azure: Thru Partner Governance Workshop
 
AWS Storage Gateway
AWS Storage GatewayAWS Storage Gateway
AWS Storage Gateway
 
Azure DNS Privé
Azure DNS PrivéAzure DNS Privé
Azure DNS Privé
 
Aws IAM
Aws IAMAws IAM
Aws IAM
 

Similaire à Azure DDoS Protection Standard

ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSIJNSA Journal
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux serversIJNSA Journal
 
Ntp in Amplification Inferno
Ntp in Amplification InfernoNtp in Amplification Inferno
Ntp in Amplification InfernoSriram Krishnan
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacksHaltdos
 
透视消费者.ppt
透视消费者.ppt透视消费者.ppt
透视消费者.pptwei mingyang
 
Internets Manage Communication Procedure and Protection that Crash on Servers
Internets Manage Communication Procedure and Protection that Crash on ServersInternets Manage Communication Procedure and Protection that Crash on Servers
Internets Manage Communication Procedure and Protection that Crash on ServersIRJET Journal
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSSuzanne Aldrich
 
Common Dos and DDoS
Common Dos and DDoSCommon Dos and DDoS
Common Dos and DDoSJayesh Patel
 
Denial of Service Attack Project
Denial of Service Attack ProjectDenial of Service Attack Project
Denial of Service Attack ProjectNadim Ebadi
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16Radware
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksMartin Holovský
 

Similaire à Azure DDoS Protection Standard (20)

DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOG
 
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux servers
 
Ntp in Amplification Inferno
Ntp in Amplification InfernoNtp in Amplification Inferno
Ntp in Amplification Inferno
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacks
 
透视消费者.ppt
透视消费者.ppt透视消费者.ppt
透视消费者.ppt
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.ppt
 
Internets Manage Communication Procedure and Protection that Crash on Servers
Internets Manage Communication Procedure and Protection that Crash on ServersInternets Manage Communication Procedure and Protection that Crash on Servers
Internets Manage Communication Procedure and Protection that Crash on Servers
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
D do s_white_paper
D do s_white_paperD do s_white_paper
D do s_white_paper
 
Common Dos and DDoS
Common Dos and DDoSCommon Dos and DDoS
Common Dos and DDoS
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Denial of Service Attack Project
Denial of Service Attack ProjectDenial of Service Attack Project
Denial of Service Attack Project
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
 
D do s
D do sD do s
D do s
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
 
Ix3615551559
Ix3615551559Ix3615551559
Ix3615551559
 
DoS.ppt
DoS.pptDoS.ppt
DoS.ppt
 
DoS.ppt
DoS.pptDoS.ppt
DoS.ppt
 

Dernier

Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxgalaxypingy
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdfMatthew Sinclair
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptxAsmae Rabhi
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...kajalverma014
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 

Dernier (20)

Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 

Azure DDoS Protection Standard

  • 1. Azure DDoS Protection Standard Arnaud Lheureux Cloud Chief Security Officer One Commercial Partner Microsoft APAC Twitter: @arnaudLheureux
  • 2. Attack Frequency Attack Size Attack Vectors 58% Vs. 2017 1.7 Tbps Peak 4X > 50Gbps 56% Multi-vector • Continued growth in frequency, size, sophistication, and impact • Often utilized as ‘cyber smoke screen’ to mask infiltration attacks 400 Gbps (NTP amp) 650 Gbps (Mirai) 1.7 Tbps (Memcached) 2+ Tbps (???) Attackers Use UPnP to SidestepDDoS Defenses May 2018 Attack Downtime 35% Businesses impacted Major cyber attack disrupts internet service across Europe & US using Mirai botnet Oct 2016 Feb 2018
  • 3. DDoS attack types Volumetric attacks Example attacks Protocol attacks Example attacks Resource attacks Example attacks
  • 6.
  • 7. Azure DDoS System Overview Region AZ-2 AZ-3AZ-1 RN RN DC DC Edge DC DC DC DC Edge DDoS Protection Express Route Internet Peers DDoS Protection Continuous monitoring Edge mitigation protects datacenter bandwidth Global distribution of attack traffic Regional failover Global mitigation platform
  • 8. Azure DDoS Protection Standard Overview Virtual Network
  • 9.
  • 10. Azure DDoS Defense Designed into the global network Global distribution of attack traffic during large scale attacks 25+ Tbps global mitigation capacity Continuous monitoring, learning, and protection signature improvements Proven defense for Microsoft services Specifically tuned protection for your app Active traffic monitoring to proactively detect emerging threats and attack vectors Traffic Monitoring DDoS Protection DDoS Protection Azure Host SDN Emerging attack patterns Virtual Network Your applications
  • 11.
  • 12.
  • 13. Simple to provision for all your virtual network resources Always on monitoring with near real time telemetry and alerting Automatic network layer attack DDoS Attack Analytics Attack data snapshots and full post attack summary DDoS Rapid Response Azure Security Center integration Cloud scale DDoS protection for your applications
  • 14. Choose DDoS Protection Standard when • You have been a victim of targeted DDoS attacks in past • You’re running your business critical applications in Azure • You need visibility when your resources are under attack. • You want DDoS policies tuned to the traffic pattern of your application • You have to prove DDoS mitigation compliance assurance
  • 15.
  • 16.
  • 17.
  • 20.
  • 21. Best Practices & Reference Architecture http://aka.ms/ddosbest Design for scalability Ensure that your VM architecture includes more than one VM and that each VM is included in an availability set. Recommend using Virtual machine Scale Sets for autoscaling capabilities ……. Defense in depth deploy Azure services in a virtual network Using service endpoints will switch service traffic to use virtual network private addresses ……. Design for security Focus on the 5 pillars of software quality. Security and privacy are built right into the Azure platform, beginning with the Security Development Lifecycle (SDL)………
  • 22. Attack Mitigations Attack defense originates in the region where the application is hosted but we utilize global capacity depending on attack size Users (and attackers) connect to your applications via the closest Azure edge location Attack Type Description Ping Flood Server receives a lot of spoofed Ping packets from a very large set of source IP it is being targeted by a Ping Flood attack. Such an attack’s goal is to flood the target with ping packets until it goes offline IP Null Attack TCP packet with none of the SYN, FIN, ACK, or RST flags set has been sent to a specific host., these packets can bypass security measures. CharGEN Flood A CharGEN amplification attack is carried out by sending small packets carrying a spoofed IP of the target to internet enabled devices running CharGEN. These spoofed requests to such devices are then used to send UDP floods as responses from these devices to the target. SNMP Amplification SNMP amplification attack is carried out by sending small packets carrying a spoofed IP of the target to the internet enabled devices running SNMP.These spoofed requests to such devices are then used to send UDP floods as responses from these devices to the target. However, amplification effect in SNMP can be greater when compared with CHARGEN and DNS attacks. NTP Reflection The NTP amplification attack is carried out by sending small packets carrying a spoofed IP of the target to internet enabled devices running NTP.These spoofed requests to such devices are then used to send UDP floods as responses from these devices to the target. DNS Reflection The attacker spoofs look-up requests to domain name system (DNS) servers to hide the source of the exploit and direct the response to the target. DNS Water Torture A randomized 12-character alphanumeric subdomain is prepended to the target domain and the attacking bots send their queries to their locally-configured DNS servers, which are typically DNS servers at local ISPs. SSDP Amplification SSDP enabled network devices that are also accessible to UPnP from the internet are an easy source for generating SSDP amplification floods. The SSDP amplification attack is also carried out by sending small packets carrying a spoofed IP of the target to devices. These spoofed requests to such devices are used to send UDP floods as responses from these devices to the target. QUIC Flood It uses UDP-80 to generate reflection attack. SYN Flood This attack exploits the design of the three-way TCP communication process between a client, host, and a server. In this process, a client initiates a new session by generating a SYN packet. The host assigns and checks these sessions until they are closed by the client. To carry out a SYN Flood attack, an attacker sends a lot of SYN packets to the target server from spoofed IP addresses. SYN-ACK Flood SYN-ACK packet is generated by the listening host to acknowledge an incoming SYN packet. A large amount of spoofed SYN- ACK packets is sent to a target server in a SYN-ACK Flood attack. ACK and PUSH ACK Flood During an active TCP-SYN session, ACK or PUSH ACK packets carry information to and from the host and client machines till the session lasts. During an ACK & PUSH ACK flood attack, a large amount of spoofed ACK packets is sent to the target server to deflate it.Since these packets are not linked with any session on the server’s connection list, the server spends more resources on processing these requests. ACK Flood This attack exploits the design of the three-way TCP communication process between a client, host, and a server. In this process, a client sent ACK packets to be part of existing session. ACK Fragmentation Fragmented ACK packets are used in this bandwidth consuming version of the ACK & PUSH ACK Flood attack. To execute this attack, fragmented packets of 1500 bytes are sent to the target server. RST/FIN Flood After a successful three or four-way TCP-SYN session, RST or FIN packets are exchanged by servers to close the TCP-SYN session between a host and a client machine. In an RST or FIN Flood attack, a target server receives a large number of spoofed RST or FIN packets that do not belong to any session on the target server. Synonymous TCP-SYN packets carrying the target server’s Source IP and Destination IP are sent to the target server. STOMP ( Session Flood Attack) Disguise of a valid TCP session by carrying a SYN, multiple ACK and one or more RST or FIN packets. UDP Flood In this type of DDoS attack a server is flooded with UDP packets. Unlike TCP, there isn’t an end to end process of communication between client and host. This makes it harder for defensive mechanisms to identify a UDP Flood attack. Random source IP/PORT.
  • 23. DDoS Protection Planning Planning and preparing for a DDoS attack is crucial in understanding the availability and response of an application during an actual attack. We’ve partnered with BreakingPoint Cloud to offer tooling for Azure customers to generate traffic load against DDoS Standard enabled public endpoints via a safe environment. ü Various test profiles available ü Validate how Microsoft Azure DDoS Protection protects your Azure resources ü Optimize your incident response process ü Document DDoS compliance ü Train your network security teams
  • 24. Deploying Azure DDoS Protection Standard Demo
  • 25. Next steps Learn more about Azure DDoS Protection http://aka.ms/ddosprotectiondocs http://aka.ms/ddosbest http://aka.ms/ddosanalyticsblog http://aka.ms/ddosblog Connect with DDoS Protection specialists MSDN forums Stack overFlow Uservoice
  • 26. Thanks for your attention! Arnaud Lheureux, CISSP https://aka.ms/arnaud Twitter : @arnaudLheureux
  • 28. © 2019 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.