Cisco Ddos Protection Solution—Delivering "Clean Pipes" Capabilities .

1y ago
11 Views
1 Downloads
2.09 MB
16 Pages
Last View : 12d ago
Last Download : 6m ago
Upload by : Vicente Bone
Transcription

WHITE PAPERCISCO DDOS PROTECTION SOLUTION—DELIVERING “CLEAN PIPES”CAPABILITIES FOR SERVICE PROVIDERS AND THEIR CUSTOMERSIt is important for service providers and enterprises to understand how distributed-denial-of-service (DDoS) attacks operate and have the righttechnology in place to mitigate them. A failure to do so can be costly and result in an irretrievable loss of data. This document addresses themost important questions related to DDoS attacks and the best practices offered through the Cisco DDoS Protection solution.INTRODUCTION TO DDoS ATTACKSA DDoS attack is an attack on the end host system or the network infrastructure that disrupts service to the user. The disruption can come inmany forms, including: Limiting the ability to access certain resources such as servers Slowing down network traffic In the worst case, choking the uplink to the Internet, denying all external accessThese disruptions can happen any time, any day, and without warning. DDoS attacks are rapidly moving from being merely random events tocarefully planned criminal operations.Typically, the network resource under attack is overloaded with traffic much greater than it can manage. It may not take much to overwhelm anetwork resource. For example, to bring down a T3 uplink to the Internet, the attackers only need to generate traffic at 50 or 60 Mbps. This isfairly easy to do.Identifying, isolating, and mitigating a DDoS attack is a challenging task. Although traditional security mechanisms can perform some basicmitigation or detection, they are not sufficient for comprehensive protection against DDoS attacks, especially large-bandwidth attacks.Creation of DDoS AttacksA DDoS attack can be created by a botnet, typically a network of compromised machines, or bots, that is remotely controlled by an attacker.Due to their immense size (tens of thousands of systems have been known to be linked together), they can pose a severe threat to the Internetconnecting community.Before launching the DDoS attack, the attacker first compromises a number of hosts and installs a daemon on them. At a later time, the attackerinstructs each daemon to begin flooding a target host with various types of packets. The ensuing massive stream of data overwhelms the target’shosts or routers, rendering them unable to provide service.Even a relatively small network of 1000 bots can cause a great deal of damage. These bots may have a combined bandwidth greater than that ofmost corporate systems. (Consider that 1000 home PCs with an average upstream bandwidth of 128 kbps can offer more than 100 Mbps.) TheIP distribution of the bots makes it difficult to construct, maintain, and deploy ingress filters. Botnets can also avoid detection by sending smalldata streams from each compromised end host that add up to a sizable attack. In addition, incident response is hampered by the large number ofseparate organizations potentially involved in a distributed botnet.Some DoS attacks can be executed with limited resources against a large, sophisticated site. This type of attack is sometimes called anasymmetric attack. For example, an attacker with an old PC and a slow modem may be able to disable much faster and more sophisticatedmachines or networks.Cisco Systems, Inc.All contents are Copyright 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.Page 1 of 16

DDoS Attack TrendsDDoS attacks on businesses are growing at a troubling pace. The earliest DDoS attacks were random events created by hackers for simplenotoriety. However, they have evolved into serious criminal operations that threaten to attack businesses for ransom just before major events orlaunches with significant financial stakes.Network security has become a critical part of business success. A secure infrastructure forms the foundation for service delivery for allbusinesses, big and small. For network service providers and carriers, network security has always been important, but today it influencesnetwork design considerations and technology purchasing decisions more than ever. Enterprises increasingly want their service providers toprotect their network assets from large DDoS attacks.Industry experts have many documented cases of these attacks. The following are some examples: “The explosion of botnets is a huge problem. You read what these guys post on their underground boards and they’re claiming that all youneed is 500 to 1000 machines in a botnet, and you can take out the average corporate network with a denial-of-service attack.” Ken Dunhamof iDefense, a security intelligence firm, in TechWeb article, “More than One Million Bots on the Attack,” March 16, 2005. “In the past year, the proliferation of e-mail borne viruses and auto-downloading Trojans has dramatically increased the number and size ofbotnets, which now have economic value as spam engines and tools in DDoS blackmail schemes. Compromised ‘zombie’ machines wererecently found on the networks of the U.S. Defense Department and Senate.” From “A Huge DDoS Attack Botnet of 10,000 Machines R.I.P.,” Addict3d, Sept. 19, 2004. Full article: http://addict3d.org/index.php?page viewarticle&type news&ID 3031. “The important thing to realize about DDoS attacks is that they are not going to go away, and there is no way of preventing them. They havebeen around for a very long time, and they are getting easier to carry out. That is because there are increasing numbers of poorly securedhome PCs with always-on Internet connections just waiting to be discovered and taken over by hackers.” From “Distribute this Denial ofService Checklist,” Enterprise IT Planet.com, Aug. 27, 2004. Full /features/article.php/3400861.Enterprises are willing to spend more money to protect their networks from attacks. They realize that it will be a lot less expensive to beprepared than to be attacked and then worry about protection. A recent Gartner study showed that network security breaches became thenumber-one concern among businesses in 2004, displacing operating costs.Impact of DDoS AttacksAs more core business functions are conducted over the Internet and IP networks, a well-planned DDoS attack can bring any business to a halt.Today, most medium to large enterprises carry out a significant part of their transactions over the Internet. As voice over IP technology matures,they will be migrating to IP communication, and video over IP will add to the trend. These factors are leading to converged IP networks that willbecome a major part of all businesses.Any attack that results in downtime will have a negative effect on profits. Even if the direct impact of the attack on the network is insignificant,the perception of the network being vulnerable can have financial repercussions that are significant indeed. For example, consider a largefinancial organization that does most of its business online. A few minutes of downtime can cost millions of dollars in transactions, not tomention the expense associated with managing the negative press.DDoS attacks can degrade a business’s network in several ways: By flooding a network, thereby preventing or delaying legitimate network traffic By disrupting connections between two routers or servers, thereby preventing access to a serviceCisco Systems, Inc.All contents are Copyright 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.Page 2 of 16

By preventing a particular end host from accessing a service By disrupting service to a specific system or personVictims of DDoS AttacksDDoS attacks on large enterprises are the ones that make the news, but many medium-sized and small businesses are targets too. While onlinebusinesses were the first targets, now financial, retail, media and entertainment, manufacturing, services, and government sectors are allpotential victims. Even consumers are starting to be attacked. Broadband service providers must start paying closer attention to the mechanismsthey have in place to protect their own and their customers’ networks.Any business using its Website as a main method to do business transactions is a target, especially during major events like new productlaunches or quarterly earnings conference calls. Attackers use these as opportunities to extort vulnerable businesses, which cannot afford to losetheir credibility during these important events. A recent study found that 25 percent of senior IT security personnel at large U.K. companiesconsider DDoS attacks “the single largest risk to their business” (http://www.theregister.co.uk/2004/10/27/netsec security survey/). It seemsthat the Internet has changed from a place of implicit trust to one of pervasive distrust.DDoS attacks can target various elements of the network infrastructure: Application—DDoS attacks use the behavior of protocols such as TCP and HTTP to tie up computational resources. These attacks may notconsume all the shared resources entirely; thus, other applications can be still available. Host/Servers—Attacks may aim to overload or crash a host machine. An example is a TCP SYN attack. These attacks can be minimized ifprotocols running on the host are properly patched. Bandwidth—Attacks can saturate the incoming bandwidth of a target network by sending attack packets whose destination addresses are partof the target network’s address space. Targeted routers, servers, and firewalls—all of which have limited processing resources—can berendered unavailable to process valid transactions and can fail under the load. The most common form of bandwidth attack is a packetflooding attack, in which a large number of seemingly legitimate TCP, User Datagram Protocol (UDP), or Internet Control Message Protocol(ICMP) packets are directed to a specific destination. To make detection even more difficult, these attacks might also spoof the sourceaddress, misrepresenting the IP address that supposedly generated the request. Infrastructure—Attacks may target network resources, such as DNS servers, VoIP softswitches, core routers, and bottleneck links, that arecrucial to the operation of a particular network service or the entire network infrastructure. Collateral damage—Collateral damage occurs in network elements that are not directly attacked but are affected by it. For example, a DDoSattack may be targeted at a host in a multihomed customer network containing a primary and backup link. When the attack is large enough tosaturate the primary link, it causes the BGP session of the primary link to drop. It causes the DDoS traffic to shift to attack the host over thebackup link. Now, the bandwidth saturation happens on the backup link and drops its BGP session, and the DDoS traffic goes back to theprimary link to attack the host. This route flap is collateral damage from the DDoS attack targeted at the host.Given the impact the DDoS attacks can have, it is mandatory to have protection mechanisms in place to avoid being caught off guard. The totalcost of ownership of these mechanisms can be much less than the cost of the damage they prevent.Cisco Systems, Inc.All contents are Copyright 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.Page 3 of 16

CISCO DDoS PROTECTION SOLUTION OVERVIEWThe Cisco DDoS Protection solution delivers “clean pipes” capabilities that enable service providers to provide DDoS protection services totheir customers and also protect their own networks. Cisco Systems defines “clean pipes” capabilities as a well-architected and systemvalidated solution set to protect from security threats the data pipe that delivers connectivity and services. The data pipe could mean differentthings depending on the customer type: Enterprise—“Last-mile” data connection Federal—Critical data connections Service provider—All data connections that may be attacked (peering points, peering edges, data center)The most damaging types of security threats that could affect the data pipe include DDoS, worms, and viruses.The fundamental goal of the solution set providing “clean pipes” capabilities is to remove the malicious traffic from the data pipe and onlydeliver the legitimate traffic before the link is compromised.Protection Mechanism of the SolutionWhat makes DDoS attacks so difficult to prevent is that illegitimate packets are indistinguishable from legitimate packets, making detectiondifficult. Network devices and traditional perimeter security technologies do not by themselves provide comprehensive DDoS protection. Manyof these attacks also use spoofed source IP addresses, thereby eluding source identification by anomaly-based monitoring tools that look forunusually high volumes of traffic coming from specific origins.Defending against DDoS attacks requires a purpose-built architecture that includes the ability to specifically detect and defeat increasinglysophisticated, complex, and deceptive attacks. Unlike other DDoS defense techniques, the Cisco DDoS Protection solution can accuratelydistinguish good traffic from bad traffic destined for a mission-critical host or application. It not only detects the presence of an attack, but alsofilters out only the bad traffic, allowing good traffic to pass through, enabling business and service continuity. This solution offers three majorfunctions that work toward protecting a network from DDoS attacks: Detection—The fundamental premise of detecting attacks is to look for anomalies in traffic patterns compared with the baseline of normaltraffic. Any differences in traffic patterns that exceed a threshold trigger an alarm. The Cisco Traffic Anomaly Detector XT, Cisco TrafficAnomaly Services Module for Cisco 7600 Series routers and Cisco Catalyst 6500 Series switches, and the Arbor Networks Peakflow SP arethe product options available for anomaly detection in the solution. Mitigation—Mitigation is the process in which attack traffic is scrubbed, that is, checking for antispoofing, anomaly recognition, packetinspection, and cleaning to drop bad traffic and allow legitimate traffic to the destination. The Cisco Guard XT and the Cisco AnomalyGuard Services Module for Cisco 7600 Series routers and Cisco Catalyst 6500 Series switches are the product options available for anomalymitigation in the solution. Traffic diversion and injection—Traffic diversion is the mechanism by which an upstream router in the core network is instructed to sendsuspect traffic (syn floods, spoofed packets, and so on) to the Cisco Guard XT. After scrubbing off anomalous packets, the Cisco Guard XTperforms traffic injection to insert cleaned traffic back to the network.Solution Design ApproachThe Cisco DDoS Protection solution is not simply a collection of security point products, but a tightly integrated system ready for defendingagainst today’s most damaging DDoS attacks. Figure 1 depicts the architecture of this solution.Cisco Systems, Inc.All contents are Copyright 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.Page 4 of 16

Figure 1The Cisco DDoS Protection Solution ArchitectureWhile encompassing an array of DDoS detection and mitigation products, the solution goes well beyond simply connecting these devices torouters. The solution serves as a robust, comprehensive architecture with the following advantages: It provides solution design practices on how to seamlessly integrate into a service provider’s network with Cisco platforms such as the Cisco12000 and 7600 Series routers and Cisco Catalyst 6500 Series switches. Based on lab tests and validations, Cisco provides recommendationsof the best combinations of platform components that can scale to withstand the growing size of DDoS attacks. It provides proactive security best practices to harden the network for rapid response and maximum protection against different networkthreat types. It provides network management systems for reporting attacks to customers and network operation. It provides three specific service deployment models, along with design guidelines tailored for DDoS protection for different parts of the SPinfrastructure and customer networks:– Managed Network DDoS Protection—Provides enterprise customers effective protection against DDoS attacks on their last-mileconnections to service providers and internal infrastructures by subscribing to the Cisco DDoS Protection solution offered by serviceproviders.– Managed Hosting DDoS Protection—Enables hosting providers to protect their hosting services from DDoS attacks.– Peering Edge DDoS Protection—Enables service providers to prevent bandwidth saturation by DDoS attacks against their peering points.Cisco Systems, Inc.All contents are Copyright 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.Page 5 of 16

Deploying Network Infrastructure Security with Network Foundation ProtectionThe Cisco DDoS Protection solution provides a comprehensive solution for delivering “clean pipes” capabilities, but service providers arestrongly recommended to also implement a list of security techniques known as Network Foundation Protection (NFP). NFP hardens the dataplane, control plane, management plane, and service plane against various security threats. The advantages of deploying NFP include thefollowing: It provides network devices protection not only from DDoS attacks but also threat vectors like reconnaissance, network device break-ins, andthreat of service. It minimizes vulnerability of critical network services, such as DNS, e-mail, Web, and VoIP, due to network attacks, thus helping tomaximize their availability to customers. It makes use of network telemetry, such as NetFlow, to study traffic patterns in real time, create traffic baselines, detect anomalies andmiscues, and characterize affected interfaces, severity, and so on. Anomalies are then compared across the network to provide traceback anddetermine the point of ingress of an attack. It complements the Cisco DDoS Protection solution. NFP mitigates primitive DDoS attack types, thus freeing up the capacity of the CiscoGuard XT to fight against more sophisticated anomaly attacks.The following is a sample list of NFP features commonly implemented by service providers: Infrastructure ACL (iACL)—Applied to the edge of the service provider network, including the peering edge and provider edge, to protect themanagement plane of the router. Receive ACL (rACL)—Specifies which packets are permitted to reach the router CPU based on source IP address, destination IP address,protocol, or port number. Anycast—An IP addressing technique that is based on advertising nonunique IP addresses from multiple points of origin and then usingdynamic routing to deliver anycast traffic to the nearest instance, from reachability perspective, of the service in the network topology. Unicast Reverse Path Forwarding (uRPF)—Mitigates problems due to spoofed IP source addresses by discarding packets that lack averifiable source IP address. Remote Triggered Blackhole (RTBH)—A filtering method for dropping malicious traffic at the peering edge of the network. Quality-of-Service Policy Propagation with BGP (QPPB)/Remote Triggered Rate Limiting (RTRL)—QPPB, also known as RTRL, classifiesmalicious packets based on access lists, BGP community lists, and BGP autonomous system (AS) paths, which are sent by a triggeringdevice. Control Plane Policing (CoPP)—This feature allows users to classify packets directed to the CPU and allows rate limiting of the classifiedtraffic to manage the traffic flow. This allows control plane packets to protect the control plane of equipment running Cisco IOS Softwareagainst reconnaissance and DDoS attacks.For more information about NFP, visit: /infrastructure/.CISCO DDoS PROTECTION SOLUTION OPERATIONThe Cisco DDoS Protection solution encompasses multiple security components, including the Cisco Guard XT, Cisco Traffic AnomalyDetector XT, and Arbor Networks Peakflow SP. Figure 2 summarizes the actions taken by the various components over time.Cisco Systems, Inc.All contents are Copyright 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.Page 6 of 16

Figure 2Timeline for DDoS Protection Solution in ActionThe following steps describe how the Cisco DDoS Protection solution protects a zone, or portion of a network, against DDoS attacks inchronological order: from the time before a DDoS attack occurs, to the time when the attack occurs, to the time when the attack has terminated.Note that the Cisco Traffic Anomaly Detector XT and Peakflow SP, as anomaly detection devices, are not mutually exclusive. However, thereare some deployment models that work better with certain detection methods. These deployment options are described later in this paper.Step 1 Baseline Learning. When DDoS is not occurring, the components of the Cisco DDoS Protection solution build a traffic baselinedatabase with normal traffic patterns for a zone so that they can identify anomalous traffic patterns when a DDoS attack takes place.In the scenario where Peakflow SP and Cisco Guard XT are deployed, the devices learn traffic patterns independently. The Peakflow SP modelsthe normal traffic patterns by receiving NetFlow statistics, and the Cisco Guard XT learns normal traffic patterns of a zone by diverting trafficfrom upstream to create policies for traffic flows of different services to the zone (traffic diversion is explained in Step 3). If an attack occursduring the learning process, the Cisco Guard XT stops learning and switches to protection mode.In the scenario where the Cisco Traffic Anomaly Detector XT and Cisco Guard XT are deployed, the Cisco Traffic Anomaly Detector XTcreates the zone configuration and learning results of normal traffic patterns. These configurations may be uploaded to the Cisco Guard XT. Inother words, the Cisco Guard XT does not need to use traffic diversion in this case. This upload operation can be done every 24 hours to ensurethat both devices have the latest traffic baseline. If an attack occurs during the learning process, the Cisco Traffic Anomaly Detector XTswitches to protection mode.Step 2Detection. Upon completing the learning process for a zone, the Cisco Traffic Anomaly Detector XT and Peakflow SP monitorongoing traffic, flagging an alert or activating the Cisco Guard XT when an anomaly is detected.The Cisco Traffic Anomaly Detector XT continuously monitors mirrored traffic from the wire. If it senses abnormal or malicious traffic, itdynamically configures a set of filters (dynamic filters) to record the event and triggers an alarm to network staff. If the staff find that theanomaly is genuine, they can manually activate the Cisco Guard XT to put the attacked zone into the protection mode. Alternatively, the CiscoCisco Systems, Inc.All contents are Copyright 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.Page 7 of 16

Traffic Anomaly Detector XT, upon detection of a DDoS attack, can be set up to automatically establish a Secure Shell (SSH) Protocolconnection to activate a remote Cisco Guard (Figure 3).The Arbor Peakflow SP collector device receives NetFlow statistics collected from various routers in the service provider network. When thedevice identifies an abnormal traffic pattern, it alerts the Peakflow SP Leader device by sending it the fingerprints of the abnormality for furtheranalysis. The Leader device then continues to monitor the alert. If it exceeds a user-defined threshold, the Arbor Peackflow SP Leader classifiesit as a high-importance red alert. At this point, network staff can respond to the attack by choosing a preconfigured mitigation device, which isthe Cisco Guard XT or Cisco Anomaly Guard Services Module, to filter out the malicious traffic. The Cisco Guard XT establishes an SSHconnection and instructs the device to put the zone under attack into the protection mode.Figure 3DDoS-Attacked Zone Detected by Cisco Traffic Anomaly Detector XT/Arbor Peakflow SPStep 3Diversion. After receiving the request to put the attacked zone in protection mode, the Cisco Guard XT sends a BGP announcement toan upstream router, changing the next-hop address to that of the Cisco Guard XT. A network operator may also order this diversion manually. Ineither method, the upstream router installs this BGP announcement into its routing table and forwards dirty traffic as well as clean traffic to theCisco Guard XT. Traffic flows to other destinations remain in their same data paths without getting diverted. See Figure 4.Step 4 Scrubbing. The Cisco Guard XT analyzes the diverted zone traffic in search of anomalies. It identifies an anomaly when the flowviolates the policy threshold. At that point, the Cisco Guard analyzes results and creates a set of dynamic filters that continuously adapt to thezone traffic and type of attack. The initial dynamic filter directs the traffic to the user filters until the Cisco Guard finishes analyzing the flowand creating more dynamic filters to handle the anomaly. The dynamic filters and the user filters feed their results into a comparator, whichCisco Systems, Inc.All contents are Copyright 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.Page 8 of 16

chooses the most severe protection measure suggested, then directs the traffic to the relevant protection module for authentication. The moduledrops unauthenticated traffic, then the Cisco Guard XT passes the traffic to the rate limiter, which drops traffic that exceeds the defined rate.Step 5Injection. The cleaned traffic from the Cisco Guard XT is injected back to the zone. There are multiple injection methods available,depending on whether the core network topology is Layer 2 or Layer 3. They ensure that injected traffic does not get looped back to the CiscoGuard XT. Examples of methods include Policy Based Routing (PBR), Virtual Routing/Forwarding (VRF), generic routing encapsulation(GRE), and Multiprotocol Label Switching (MPLS) VPN.Figure 4DDoS Attack Against Zone Mitigated by Cisco Guard XTStep 6Completion of Traffic Scrubbing. Dynamic filters on the Cisco Guard XT have a limited lifespan and are erased after the DDoSattack has terminated. By default, the Cisco Guard XT remains in protect mode until the user deactivates it, but it can be set to deactivateprotection if no dynamic filters are in use and no new dynamic filter has been added over a predefined period of time. The Cisco Guard XTretracts the previous BGP announcement, and traffic resumes on the regular data path. If Peakflow SP or a trigger router is used for trafficdiversion, the BGP announcement for the traffic diversion needs to be removed manually.CISCO DDoS PROTECTION SOLUTION COMPONENTSCisco Guard XT Appliance and Cisco Anomaly Guard Services ModuleThe Cisco Guard XT 5650 DDoS mitigation appliance and Cisco Anomaly Guard Services Module deliver a powerful and extensive DDoSprotection system. For more information about the Cisco Guard XT, visit: tml.Cisco Systems, Inc.All contents are Copyright 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.Page 9 of 16

The Cisco Guard XT, featuring two Gigabit Ethernet interfaces, can process attack traffic at line rates as high as a full gigabit per second (1Gbps). The Cisco Anomaly Guard Services Module is an integrated services module for the Cisco Catalyst 6500 Series switches and Cisco 7600Series routers that can receive up to 1 Gbps Ethernet traffic. These devices can work together in multiples to incrementally scale to supportmulti-gigabit rates, forming a cluster called the cleaning center. Thus Cisco can deliver an extensible solution that easily adapts to large andgrowing service provider and enterprise environments.The Cisco Guard XT platform that incorporates these devices is one part of a complete detection and mitigation solution that protectsenterprises, hosting centers, government agencies, and service provider environments from DDoS attacks. Combined with anomaly detectiondevices that detect attacks, the Cisco Guard XT performs the detailed attack analysis, identification, and mitigation services required to blockattack traffic and prevent it from disrupting network operations. For more information about the Cisco Anomaly Guard Services Module, ndex.html.In general, both the Cisco Guard XT and Cisco Anomaly Guard Services Module should be placed as far upstream from the protected zones andas close to the source of the attack traffic as possible. This allows the device to protect the greatest number of downstream resources from DDoSattack traffic. The Cisco Anomaly Guard Services Module must also be placed upstream of a firewall, to process traffic before any NetworkAddress Translation (NAT) processing occurs, and to protect the firewall from becoming a victim of a DDoS attack.Cisco Traffic Anomaly Detector XT and Cisco Traffic Anomaly Detector Services ModuleThe Cisco Traffic Anomaly Detector XT 5600 is a high-performance, standalone DoS detection device. It receives a copy of traffic to aprotected zone either by using the port mirroring feature, such as Switched Port Analyzer (SPAN), of a switch, or by means of splitting. TheCisco Traffic Anomaly Detector Services Module is an integrated services module for Cisco Catalyst 6500 Series switches and Cisco 7600Series routers. It receives a copy of traffic to a zone by using the SPAN or VLAN Access Control List (VACL) feature.Based on patented multiverification process (MVP) architecture, both platforms use the latest behavioral analysis and attack recognitiontechnology to proactively detect and identify all types of a

most important questions related to DDoS attacks and the best practices offered through the Cisco DDoS Protection solution. INTRODUCTION TO DDoS ATTACKS A DDoS attack is an attack on the end host system or the network infrastructure that disrupts service to the user. The disrupti on can come in many forms, including:

Related Documents:

SDN security issues [31-37] Security policies in SDN [28,38-52] DDoS [53-56] DDoS vulnerability in SDN [33,36,57] Policies for rescuing SDN from DDoS [58-69] DDoS, distributed denial of service; SDN, software-defined network. focusing on DDoS issue, followed by the comparison of various proposed countermeasures for them. Table I has

Cisco ASA 5505 Cisco ASA 5505SP Cisco ASA 5510 Cisco ASA 5510SP Cisco ASA 5520 Cisco ASA 5520 VPN Cisco ASA 5540 Cisco ASA 5540 VPN Premium Cisco ASA 5540 VPN Cisco ASA 5550 Cisco ASA 5580-20 Cisco ASA 5580-40 Cisco ASA 5585-X Cisco ASA w/ AIP-SSM Cisco ASA w/ CSC-SSM Cisco C7600 Ser

anti-DDoS services and can mitigate many DDoS attacks. Having one device for firewall, IPS, and DDoS is easier to manage and less complex to deploy, but a single device to do all the protection might be easily overwhelmed with volumetric DDoS attacks. Besides, resource-intensive protection necessary to detect and defend

F5 Silverline DDoS Protection is a service delivered via the F5 Silverline cloud-based platform. It detects and mitigates DDoS attacks in real time, with industry-leading DDoS attack mitigation bandwidth to stop even the largest of volumetric DDoS attacks from ever reaching your network. F5 security experts are available 24x7x365 to keep your

In DDoS attack, the attacker try to interrupt the services of a server and utilizes its CPU and Network. Flooding DDOS attack is based on a huge volume of attack traffic which is termed as a Flooding based DDOS attack. Flooding-based DDOS attack attempts to congest the victim's network bandwidth with real-looking but unwanted IP data.

as a flooding-based DDoS attack. A flooding-based DDoS attack attempts to congest the victim's network bandwidth with real-looking but unwanted data. As a result, legitimate packets cannot reach the victim due to a lack of bandwidth resource. 2 DOS AND DDOS DoS and DDoS attacks are simple in design and generated

detect a DDOS attack and thus, start the processes to defense these attacks. The main objective is to understand the DDOS attacks and to find the security measures. Keywords— DDoS, Intrusion detection, preventive measures of DDoS, defense mechanisms, defense models, game theory, application model defense, new enhanced model.

ANSI A300 standards are the accepted industry standards for tree care practices. ANSI A300 Standards are divided into multiple parts, each focusing on a specific aspect of woody plant management. Tree Selection and Planting Recommendations Evaluation of the Site The specific planting site should be evaluated closely as it is essential to understand how the chemical, biological and physical .