CISCO DDOS PROTECTION SOLUTION DELIVERING CLEAN PIPES CAPABILITIES FOR SERVICE PROVIDERS AND THEIR CUSTOMERS

Size: px
Start display at page:

Download "CISCO DDOS PROTECTION SOLUTION DELIVERING CLEAN PIPES CAPABILITIES FOR SERVICE PROVIDERS AND THEIR CUSTOMERS"

Transcription

1 WHITE PAPER CISCO DDOS PROTECTION SOLUTION DELIVERING CLEAN PIPES CAPABILITIES FOR SERVICE PROVIDERS AND THEIR CUSTOMERS It is important for service providers and enterprises to understand how distributed-denial-of-service (DDoS) attacks operate and have the right technology in place to mitigate them. A failure to do so can be costly and result in an irretrievable loss of data. This document addresses the most important questions related to DDoS attacks and the best practices offered through the Cisco DDoS Protection solution. INTRODUCTION TO DDoS ATTACKS A DDoS attack is an attack on the end host system or the network infrastructure that disrupts service to the user. The disruption can come in many forms, including: Limiting the ability to access certain resources such as servers Slowing down network traffic In the worst case, choking the uplink to the Internet, denying all external access These disruptions can happen any time, any day, and without warning. DDoS attacks are rapidly moving from being merely random events to carefully planned criminal operations. Typically, the network resource under attack is overloaded with traffic much greater than it can manage. It may not take much to overwhelm a network resource. For example, to bring down a T3 uplink to the Internet, the attackers only need to generate traffic at 50 or 60 Mbps. This is fairly easy to do. Identifying, isolating, and mitigating a DDoS attack is a challenging task. Although traditional security mechanisms can perform some basic mitigation or detection, they are not sufficient for comprehensive protection against DDoS attacks, especially large-bandwidth attacks. Creation of DDoS Attacks A DDoS attack can be created by a botnet, typically a network of compromised machines, or bots, that is remotely controlled by an attacker. Due to their immense size (tens of thousands of systems have been known to be linked together), they can pose a severe threat to the Internetconnecting community. Before launching the DDoS attack, the attacker first compromises a number of hosts and installs a daemon on them. At a later time, the attacker instructs each daemon to begin flooding a target host with various types of packets. The ensuing massive stream of data overwhelms the target s hosts or routers, rendering them unable to provide service. Even a relatively small network of 1000 bots can cause a great deal of damage. These bots may have a combined bandwidth greater than that of most corporate systems. (Consider that 1000 home PCs with an average upstream bandwidth of 128 kbps can offer more than 100 Mbps.) The IP distribution of the bots makes it difficult to construct, maintain, and deploy ingress filters. Botnets can also avoid detection by sending small data streams from each compromised end host that add up to a sizable attack. In addition, incident response is hampered by the large number of separate organizations potentially involved in a distributed botnet. Some DoS attacks can be executed with limited resources against a large, sophisticated site. This type of attack is sometimes called an asymmetric attack. For example, an attacker with an old PC and a slow modem may be able to disable much faster and more sophisticated machines or networks. All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 1 of 16

2 DDoS Attack Trends DDoS attacks on businesses are growing at a troubling pace. The earliest DDoS attacks were random events created by hackers for simple notoriety. However, they have evolved into serious criminal operations that threaten to attack businesses for ransom just before major events or launches with significant financial stakes. Network security has become a critical part of business success. A secure infrastructure forms the foundation for service delivery for all businesses, big and small. For network service providers and carriers, network security has always been important, but today it influences network design considerations and technology purchasing decisions more than ever. Enterprises increasingly want their service providers to protect their network assets from large DDoS attacks. Industry experts have many documented cases of these attacks. The following are some examples: The explosion of botnets is a huge problem. You read what these guys post on their underground boards and they re claiming that all you need is 500 to 1000 machines in a botnet, and you can take out the average corporate network with a denial-of-service attack. Ken Dunham of idefense, a security intelligence firm, in TechWeb article, More than One Million Bots on the Attack, March 16, In the past year, the proliferation of borne viruses and auto-downloading Trojans has dramatically increased the number and size of botnets, which now have economic value as spam engines and tools in DDoS blackmail schemes. Compromised zombie machines were recently found on the networks of the U.S. Defense Department and Senate. From A Huge DDoS Attack Botnet of 10,000 Machines R.I.P., Addict3d, Sept. 19, Full article: The important thing to realize about DDoS attacks is that they are not going to go away, and there is no way of preventing them. They have been around for a very long time, and they are getting easier to carry out. That is because there are increasing numbers of poorly secured home PCs with always-on Internet connections just waiting to be discovered and taken over by hackers. From Distribute this Denial of Service Checklist, Enterprise IT Planet.com, Aug. 27, Full article: Enterprises are willing to spend more money to protect their networks from attacks. They realize that it will be a lot less expensive to be prepared than to be attacked and then worry about protection. A recent Gartner study showed that network security breaches became the number-one concern among businesses in 2004, displacing operating costs. Impact of DDoS Attacks As more core business functions are conducted over the Internet and IP networks, a well-planned DDoS attack can bring any business to a halt. Today, most medium to large enterprises carry out a significant part of their transactions over the Internet. As voice over IP technology matures, they will be migrating to IP communication, and video over IP will add to the trend. These factors are leading to converged IP networks that will become a major part of all businesses. Any attack that results in downtime will have a negative effect on profits. Even if the direct impact of the attack on the network is insignificant, the perception of the network being vulnerable can have financial repercussions that are significant indeed. For example, consider a large financial organization that does most of its business online. A few minutes of downtime can cost millions of dollars in transactions, not to mention the expense associated with managing the negative press. DDoS attacks can degrade a business s network in several ways: By flooding a network, thereby preventing or delaying legitimate network traffic By disrupting connections between two routers or servers, thereby preventing access to a service All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 2 of 16

3 By preventing a particular end host from accessing a service By disrupting service to a specific system or person Victims of DDoS Attacks DDoS attacks on large enterprises are the ones that make the news, but many medium-sized and small businesses are targets too. While online businesses were the first targets, now financial, retail, media and entertainment, manufacturing, services, and government sectors are all potential victims. Even consumers are starting to be attacked. Broadband service providers must start paying closer attention to the mechanisms they have in place to protect their own and their customers networks. Any business using its Website as a main method to do business transactions is a target, especially during major events like new product launches or quarterly earnings conference calls. Attackers use these as opportunities to extort vulnerable businesses, which cannot afford to lose their credibility during these important events. A recent study found that 25 percent of senior IT security personnel at large U.K. companies consider DDoS attacks the single largest risk to their business ( It seems that the Internet has changed from a place of implicit trust to one of pervasive distrust. DDoS attacks can target various elements of the network infrastructure: Application DDoS attacks use the behavior of protocols such as TCP and HTTP to tie up computational resources. These attacks may not consume all the shared resources entirely; thus, other applications can be still available. Host/Servers Attacks may aim to overload or crash a host machine. An example is a TCP SYN attack. These attacks can be minimized if protocols running on the host are properly patched. Bandwidth Attacks can saturate the incoming bandwidth of a target network by sending attack packets whose destination addresses are part of the target network s address space. Targeted routers, servers, and firewalls all of which have limited processing resources can be rendered unavailable to process valid transactions and can fail under the load. The most common form of bandwidth attack is a packetflooding attack, in which a large number of seemingly legitimate TCP, User Datagram Protocol (UDP), or Internet Control Message Protocol (ICMP) packets are directed to a specific destination. To make detection even more difficult, these attacks might also spoof the source address, misrepresenting the IP address that supposedly generated the request. Infrastructure Attacks may target network resources, such as DNS servers, VoIP softswitches, core routers, and bottleneck links, that are crucial to the operation of a particular network service or the entire network infrastructure. Collateral damage Collateral damage occurs in network elements that are not directly attacked but are affected by it. For example, a DDoS attack may be targeted at a host in a multihomed customer network containing a primary and backup link. When the attack is large enough to saturate the primary link, it causes the BGP session of the primary link to drop. It causes the DDoS traffic to shift to attack the host over the backup link. Now, the bandwidth saturation happens on the backup link and drops its BGP session, and the DDoS traffic goes back to the primary link to attack the host. This route flap is collateral damage from the DDoS attack targeted at the host. Given the impact the DDoS attacks can have, it is mandatory to have protection mechanisms in place to avoid being caught off guard. The total cost of ownership of these mechanisms can be much less than the cost of the damage they prevent. All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 3 of 16

4 CISCO DDoS PROTECTION SOLUTION OVERVIEW The Cisco DDoS Protection solution delivers clean pipes capabilities that enable service providers to provide DDoS protection services to their customers and also protect their own networks. Cisco Systems defines clean pipes capabilities as a well-architected and systemvalidated solution set to protect from security threats the data pipe that delivers connectivity and services. The data pipe could mean different things depending on the customer type: Enterprise Last-mile data connection Federal Critical data connections Service provider All data connections that may be attacked (peering points, peering edges, data center) The most damaging types of security threats that could affect the data pipe include DDoS, worms, and viruses. The fundamental goal of the solution set providing clean pipes capabilities is to remove the malicious traffic from the data pipe and only deliver the legitimate traffic before the link is compromised. Protection Mechanism of the Solution What makes DDoS attacks so difficult to prevent is that illegitimate packets are indistinguishable from legitimate packets, making detection difficult. Network devices and traditional perimeter security technologies do not by themselves provide comprehensive DDoS protection. Many of these attacks also use spoofed source IP addresses, thereby eluding source identification by anomaly-based monitoring tools that look for unusually high volumes of traffic coming from specific origins. Defending against DDoS attacks requires a purpose-built architecture that includes the ability to specifically detect and defeat increasingly sophisticated, complex, and deceptive attacks. Unlike other DDoS defense techniques, the Cisco DDoS Protection solution can accurately distinguish good traffic from bad traffic destined for a mission-critical host or application. It not only detects the presence of an attack, but also filters out only the bad traffic, allowing good traffic to pass through, enabling business and service continuity. This solution offers three major functions that work toward protecting a network from DDoS attacks: Detection The fundamental premise of detecting attacks is to look for anomalies in traffic patterns compared with the baseline of normal traffic. Any differences in traffic patterns that exceed a threshold trigger an alarm. The Cisco Traffic Anomaly Detector XT, Cisco Traffic Anomaly Services Module for Cisco 7600 Series routers and Cisco Catalyst 6500 Series switches, and the Arbor Networks Peakflow SP are the product options available for anomaly detection in the solution. Mitigation Mitigation is the process in which attack traffic is scrubbed, that is, checking for antispoofing, anomaly recognition, packet inspection, and cleaning to drop bad traffic and allow legitimate traffic to the destination. The Cisco Guard XT and the Cisco Anomaly Guard Services Module for Cisco 7600 Series routers and Cisco Catalyst 6500 Series switches are the product options available for anomaly mitigation in the solution. Traffic diversion and injection Traffic diversion is the mechanism by which an upstream router in the core network is instructed to send suspect traffic (syn floods, spoofed packets, and so on) to the Cisco Guard XT. After scrubbing off anomalous packets, the Cisco Guard XT performs traffic injection to insert cleaned traffic back to the network. Solution Design Approach The Cisco DDoS Protection solution is not simply a collection of security point products, but a tightly integrated system ready for defending against today s most damaging DDoS attacks. Figure 1 depicts the architecture of this solution. All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 4 of 16

5 Figure 1 The Cisco DDoS Protection Solution Architecture While encompassing an array of DDoS detection and mitigation products, the solution goes well beyond simply connecting these devices to routers. The solution serves as a robust, comprehensive architecture with the following advantages: It provides solution design practices on how to seamlessly integrate into a service provider s network with Cisco platforms such as the Cisco and 7600 Series routers and Cisco Catalyst 6500 Series switches. Based on lab tests and validations, Cisco provides recommendations of the best combinations of platform components that can scale to withstand the growing size of DDoS attacks. It provides proactive security best practices to harden the network for rapid response and maximum protection against different network threat types. It provides network management systems for reporting attacks to customers and network operation. It provides three specific service deployment models, along with design guidelines tailored for DDoS protection for different parts of the SP infrastructure and customer networks: Managed Network DDoS Protection Provides enterprise customers effective protection against DDoS attacks on their last-mile connections to service providers and internal infrastructures by subscribing to the Cisco DDoS Protection solution offered by service providers. Managed Hosting DDoS Protection Enables hosting providers to protect their hosting services from DDoS attacks. Peering Edge DDoS Protection Enables service providers to prevent bandwidth saturation by DDoS attacks against their peering points. All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 5 of 16

6 Deploying Network Infrastructure Security with Network Foundation Protection The Cisco DDoS Protection solution provides a comprehensive solution for delivering clean pipes capabilities, but service providers are strongly recommended to also implement a list of security techniques known as Network Foundation Protection (NFP). NFP hardens the data plane, control plane, management plane, and service plane against various security threats. The advantages of deploying NFP include the following: It provides network devices protection not only from DDoS attacks but also threat vectors like reconnaissance, network device break-ins, and threat of service. It minimizes vulnerability of critical network services, such as DNS, , Web, and VoIP, due to network attacks, thus helping to maximize their availability to customers. It makes use of network telemetry, such as NetFlow, to study traffic patterns in real time, create traffic baselines, detect anomalies and miscues, and characterize affected interfaces, severity, and so on. Anomalies are then compared across the network to provide traceback and determine the point of ingress of an attack. It complements the Cisco DDoS Protection solution. NFP mitigates primitive DDoS attack types, thus freeing up the capacity of the Cisco Guard XT to fight against more sophisticated anomaly attacks. The following is a sample list of NFP features commonly implemented by service providers: Infrastructure ACL (iacl) Applied to the edge of the service provider network, including the peering edge and provider edge, to protect the management plane of the router. Receive ACL (racl) Specifies which packets are permitted to reach the router CPU based on source IP address, destination IP address, protocol, or port number. Anycast An IP addressing technique that is based on advertising nonunique IP addresses from multiple points of origin and then using dynamic routing to deliver anycast traffic to the nearest instance, from reachability perspective, of the service in the network topology. Unicast Reverse Path Forwarding (urpf) Mitigates problems due to spoofed IP source addresses by discarding packets that lack a verifiable source IP address. Remote Triggered Blackhole (RTBH) A filtering method for dropping malicious traffic at the peering edge of the network. Quality-of-Service Policy Propagation with BGP (QPPB)/Remote Triggered Rate Limiting (RTRL) QPPB, also known as RTRL, classifies malicious packets based on access lists, BGP community lists, and BGP autonomous system (AS) paths, which are sent by a triggering device. Control Plane Policing (CoPP) This feature allows users to classify packets directed to the CPU and allows rate limiting of the classified traffic to manage the traffic flow. This allows control plane packets to protect the control plane of equipment running Cisco IOS Software against reconnaissance and DDoS attacks. For more information about NFP, visit: CISCO DDoS PROTECTION SOLUTION OPERATION The Cisco DDoS Protection solution encompasses multiple security components, including the Cisco Guard XT, Cisco Traffic Anomaly Detector XT, and Arbor Networks Peakflow SP. Figure 2 summarizes the actions taken by the various components over time. All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 6 of 16

7 Figure 2 Timeline for DDoS Protection Solution in Action The following steps describe how the Cisco DDoS Protection solution protects a zone, or portion of a network, against DDoS attacks in chronological order: from the time before a DDoS attack occurs, to the time when the attack occurs, to the time when the attack has terminated. Note that the Cisco Traffic Anomaly Detector XT and Peakflow SP, as anomaly detection devices, are not mutually exclusive. However, there are some deployment models that work better with certain detection methods. These deployment options are described later in this paper. Step 1 Baseline Learning. When DDoS is not occurring, the components of the Cisco DDoS Protection solution build a traffic baseline database with normal traffic patterns for a zone so that they can identify anomalous traffic patterns when a DDoS attack takes place. In the scenario where Peakflow SP and Cisco Guard XT are deployed, the devices learn traffic patterns independently. The Peakflow SP models the normal traffic patterns by receiving NetFlow statistics, and the Cisco Guard XT learns normal traffic patterns of a zone by diverting traffic from upstream to create policies for traffic flows of different services to the zone (traffic diversion is explained in Step 3). If an attack occurs during the learning process, the Cisco Guard XT stops learning and switches to protection mode. In the scenario where the Cisco Traffic Anomaly Detector XT and Cisco Guard XT are deployed, the Cisco Traffic Anomaly Detector XT creates the zone configuration and learning results of normal traffic patterns. These configurations may be uploaded to the Cisco Guard XT. In other words, the Cisco Guard XT does not need to use traffic diversion in this case. This upload operation can be done every 24 hours to ensure that both devices have the latest traffic baseline. If an attack occurs during the learning process, the Cisco Traffic Anomaly Detector XT switches to protection mode. Step 2 Detection. Upon completing the learning process for a zone, the Cisco Traffic Anomaly Detector XT and Peakflow SP monitor ongoing traffic, flagging an alert or activating the Cisco Guard XT when an anomaly is detected. The Cisco Traffic Anomaly Detector XT continuously monitors mirrored traffic from the wire. If it senses abnormal or malicious traffic, it dynamically configures a set of filters (dynamic filters) to record the event and triggers an alarm to network staff. If the staff find that the anomaly is genuine, they can manually activate the Cisco Guard XT to put the attacked zone into the protection mode. Alternatively, the Cisco All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 7 of 16

8 Traffic Anomaly Detector XT, upon detection of a DDoS attack, can be set up to automatically establish a Secure Shell (SSH) Protocol connection to activate a remote Cisco Guard (Figure 3). The Arbor Peakflow SP collector device receives NetFlow statistics collected from various routers in the service provider network. When the device identifies an abnormal traffic pattern, it alerts the Peakflow SP Leader device by sending it the fingerprints of the abnormality for further analysis. The Leader device then continues to monitor the alert. If it exceeds a user-defined threshold, the Arbor Peackflow SP Leader classifies it as a high-importance red alert. At this point, network staff can respond to the attack by choosing a preconfigured mitigation device, which is the Cisco Guard XT or Cisco Anomaly Guard Services Module, to filter out the malicious traffic. The Cisco Guard XT establishes an SSH connection and instructs the device to put the zone under attack into the protection mode. Figure 3 DDoS-Attacked Zone Detected by Cisco Traffic Anomaly Detector XT/Arbor Peakflow SP Step 3 Diversion. After receiving the request to put the attacked zone in protection mode, the Cisco Guard XT sends a BGP announcement to an upstream router, changing the next-hop address to that of the Cisco Guard XT. A network operator may also order this diversion manually. In either method, the upstream router installs this BGP announcement into its routing table and forwards dirty traffic as well as clean traffic to the Cisco Guard XT. Traffic flows to other destinations remain in their same data paths without getting diverted. See Figure 4. Step 4 Scrubbing. The Cisco Guard XT analyzes the diverted zone traffic in search of anomalies. It identifies an anomaly when the flow violates the policy threshold. At that point, the Cisco Guard analyzes results and creates a set of dynamic filters that continuously adapt to the zone traffic and type of attack. The initial dynamic filter directs the traffic to the user filters until the Cisco Guard finishes analyzing the flow and creating more dynamic filters to handle the anomaly. The dynamic filters and the user filters feed their results into a comparator, which All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 8 of 16

9 chooses the most severe protection measure suggested, then directs the traffic to the relevant protection module for authentication. The module drops unauthenticated traffic, then the Cisco Guard XT passes the traffic to the rate limiter, which drops traffic that exceeds the defined rate. Step 5 Injection. The cleaned traffic from the Cisco Guard XT is injected back to the zone. There are multiple injection methods available, depending on whether the core network topology is Layer 2 or Layer 3. They ensure that injected traffic does not get looped back to the Cisco Guard XT. Examples of methods include Policy Based Routing (PBR), Virtual Routing/Forwarding (VRF), generic routing encapsulation (GRE), and Multiprotocol Label Switching (MPLS) VPN. Figure 4 DDoS Attack Against Zone Mitigated by Cisco Guard XT Step 6 Completion of Traffic Scrubbing. Dynamic filters on the Cisco Guard XT have a limited lifespan and are erased after the DDoS attack has terminated. By default, the Cisco Guard XT remains in protect mode until the user deactivates it, but it can be set to deactivate protection if no dynamic filters are in use and no new dynamic filter has been added over a predefined period of time. The Cisco Guard XT retracts the previous BGP announcement, and traffic resumes on the regular data path. If Peakflow SP or a trigger router is used for traffic diversion, the BGP announcement for the traffic diversion needs to be removed manually. CISCO DDoS PROTECTION SOLUTION COMPONENTS Cisco Guard XT Appliance and Cisco Anomaly Guard Services Module The Cisco Guard XT 5650 DDoS mitigation appliance and Cisco Anomaly Guard Services Module deliver a powerful and extensive DDoS protection system. For more information about the Cisco Guard XT, visit: All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 9 of 16

10 The Cisco Guard XT, featuring two Gigabit Ethernet interfaces, can process attack traffic at line rates as high as a full gigabit per second (1 Gbps). The Cisco Anomaly Guard Services Module is an integrated services module for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers that can receive up to 1 Gbps Ethernet traffic. These devices can work together in multiples to incrementally scale to support multi-gigabit rates, forming a cluster called the cleaning center. Thus Cisco can deliver an extensible solution that easily adapts to large and growing service provider and enterprise environments. The Cisco Guard XT platform that incorporates these devices is one part of a complete detection and mitigation solution that protects enterprises, hosting centers, government agencies, and service provider environments from DDoS attacks. Combined with anomaly detection devices that detect attacks, the Cisco Guard XT performs the detailed attack analysis, identification, and mitigation services required to block attack traffic and prevent it from disrupting network operations. For more information about the Cisco Anomaly Guard Services Module, visit: In general, both the Cisco Guard XT and Cisco Anomaly Guard Services Module should be placed as far upstream from the protected zones and as close to the source of the attack traffic as possible. This allows the device to protect the greatest number of downstream resources from DDoS attack traffic. The Cisco Anomaly Guard Services Module must also be placed upstream of a firewall, to process traffic before any Network Address Translation (NAT) processing occurs, and to protect the firewall from becoming a victim of a DDoS attack. Cisco Traffic Anomaly Detector XT and Cisco Traffic Anomaly Detector Services Module The Cisco Traffic Anomaly Detector XT 5600 is a high-performance, standalone DoS detection device. It receives a copy of traffic to a protected zone either by using the port mirroring feature, such as Switched Port Analyzer (SPAN), of a switch, or by means of splitting. The Cisco Traffic Anomaly Detector Services Module is an integrated services module for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers. It receives a copy of traffic to a zone by using the SPAN or VLAN Access Control List (VACL) feature. Based on patented multiverification process (MVP) architecture, both platforms use the latest behavioral analysis and attack recognition technology to proactively detect and identify all types of assaults. By constantly monitoring traffic destined for a protected device, such as a Web or e-commerce application server, the Cisco Traffic Anomaly Detector XT compiles detailed profiles that indicate how individual devices behave under normal operating conditions. When it detects any deviations from the profile, the detector responds based on user preference: by sending an operator alert to initiate a manual response, by triggering an existing management system, or by launching the Cisco Guard XT or Cisco Anomaly Guard Services Module to immediately begin mitigation and remove malicious attack flows, helping to deliver robust protection to networks and business-critical traffic. The Cisco Traffic Anomaly Detector XT uses a Web-based GUI that displays information in a simple, intuitive manner to simplify configuration, operation, and attack identification and analysis. Both the Cisco Traffic Anomaly Detector XT and Cisco Traffic Anomaly Detector Services Module are placed logically downstream from the Cisco Guard XT and Cisco Anomaly Guard Services Module, but upstream of any firewall. During peacetime periods, the detector devices see all inbound and outbound traffic destined for the protected zone. During an attack where the guard devices have diverted traffic from the targeted zone for mitigation, the detector device sees only the cleaned traffic leaving the guard device destined for the zone. For more information about the Cisco Traffic Anomaly Detector XT, visit: For more information about the Cisco Traffic Anomaly Detector Services Module, visit: All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 10 of 16

11 Cisco NetFlow NetFlow is the most widely deployed DDoS identification and network traffic flow analysis technology for IP networks. NetFlow is supported by almost all service provider routers running Cisco IOS Software, some high-end switching platforms running Cisco Catalyst OS, and lately even in hardware through ASICs. It provides valuable information about traffic characteristics, link usage, and traffic profiling on the network. NetFlow classifies packets by way of flows. Each flow is defined by its unique seven-key characteristics: Ingress interface IP protocol type Type-of-service (ToS) byte Source IP address Destination IP address Source port number Destination port number This level of flow granularity allows a NetFlow collector to easily handle large-scale traffic monitoring. The NetFlow classification yields enough data for baseline profiling and determining the specifics of network traffic. A network traffic anomaly is an event or condition characterized by a statistical abnormality compared to typical traffic patterns. NetFlow allows users to identify anomalies by producing detailed accounting of traffic flows. Deviations can be an early sign of potential attacks. NetFlow is usually deployed across the edge of a service provider s network to monitor inbound traffic on edge and peer interfaces, as these are the typical ingress points for most attacks. The router maintains a live NetFlow cache in Cisco IOS Software to track the current flows. IP flow information can be exported from the NetFlow cache to an external collector for further analysis. Flow data from multiple collectors can be mapped to identify the network nodes under DDoS attack and also to determine the attack characteristics. An example of such collector applications is the Arbor Networks Peakflow SP, a GUI-based tool that can enforce DDoS protection techniques such as ingress access control lists (ACLs), Network-Based Application Recognition (NBAR), Unicast Reverse Path Forwarding (urpf), and activation of the Cisco Guard XT. For more information about NetFlow, visit: Arbor Networks Peakflow SP Arbor Networks Peakflow SP consists of three elements: Managed Services, Infrastructure Security, and Traffic and Routing. The Managed Services features enable service providers to offer their enterprise customers scalable DDoS protection and traffic management tools. Its Infrastructure Security features provide network operators with the ability to proactively detect and mitigate networkwide anomalies, such as DDoS attacks and worms. The Traffic and Routing features model traffic on the network, enabling operators to make informed business decisions about routing, transit, partners, and customers. For the Cisco DDoS Protection solution, Peakflow SP offers a streamlined approach to DDoS attack detection, traceback, and mitigation. It first builds a model of normal behavior based on flow data available from the network routers. In contrast to inline data collection methods, Peakflow SP collects NetFlow statistics out-of-band from Cisco routers, thus it does not impose a performance or reliability penalty upon the network. In real time, the system compares traffic against this baseline, flagging and characterizing anomalies. Anomalies are then compared across the network to provide traceback and determine the point of ingress. Finally, based on the anomaly s specific characteristics, Peakflow SP recommends the appropriate mitigation measure to maintain service. When working in conjunction with the Cisco Guard XT for DDoS All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 11 of 16

12 protection, upon receiving an anomaly fingerprint for a zone from a collector, Peakflow SP establishes an SSH connection to activate the Cisco Guard XT to put the zone under attack in protection mode. Peakflow SP identifies attacks using the two most effective methods available: signature analysis and dynamic profiling. Signature analysis, or misuse detection, looks for predefined deviations that are telltale signs of a DDoS attack, such as a very large number of ICMP requests in a short period of time. Dynamic profiling is based on Peakflow SP s dynamic, networkwide profiles of normal behavior against which current traffic can be compared. These profiles incorporate both temporal and topological components to produce sophisticated models of network behavior. Then the Peakflow SP system applies custom real-time algorithms to distinguish legitimate normal traffic from DDoS attacks. For more information about the Arbor Networks Peakflow SP, visit: CISCO DDoS PROTECTION SOLUTION DEPLOYMENT MODELS The goal of the Cisco DDoS Protection solution is to take its capabilities, integrate them with network infrastructure products and infrastructure security best practices, and come up with system-tested design guidelines for the deployment models that service providers can provide as a service to their enterprise customers. Many of the techniques discussed in this section can also be used by service providers to protect their own networks from attack. Managed Network DDoS Protection This service model allows service providers to mitigate DDoS attacks from the Internet to business customers networks. These attacks not only affect the host machines and their applications but also, more harmfully, saturate the bandwidth of the link between the service provider and the customer network. For financial and e-commerce customers, this kind of attack can result in loss of customers, damage to reputation, and other liabilities. DDoS attacks can be mitigated most effectively if they are detected at the earliest time and stopped as far upstream in the network as possible. In general, the service provider can offer DDoS protection to business customers as shown in Figure 5, using the Cisco DDoS Protection solution, at two service levels: Dedicated service This premium service is suitable for customers whose online services are crucial to the sustainability of their businesses. The service is to provide committed traffic-cleaning capacity, policy learning and customization, and optional DDoS detection and cleaning activation capabilities on customer premises equipment (CPE). Shared service This service is offered to other business customers whose needs are not as demanding. In return, the service provides besteffort traffic-cleaning capacity, shared by other customers using the service, up to a limit, standard policy for DDoS detection, and no CPEbased DDoS detection and cleaning activation capabilities. All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 12 of 16

13 Figure 5 Managed Network DDoS Protection Service The architectural design for the dedicated service has Cisco Guard XT appliances or Cisco Anomaly Guard Services modules, each dedicated to a single customer, in the cleaning center in the service provider network. The number of these devices depends on the size of the largest DDoS attack that the customer wishes to be protected from. The service provider may have more than one cleaning center, depending on how many peering points the service provider connects to other parts of the Internet and how far they are separated. The design goal is to mitigate attack traffic as far upstream possible, whichever peering point the attack comes from. For DDoS detection, the dedicated service can deploy the Cisco Traffic Anomaly Detector XT at the customer premise, Peakflow SP in the service provider network to receive NetFlow statistics from the core routers, or both. Installing the Cisco Traffic Anomaly Detector XT provides customers flexibility to customize their policies on the device. In the design for the shared service, the cleaning center contains Cisco Guard XT appliances or Cisco Anomaly Guard Services modules shared by multiple customers. Because the service offers only best-effort DDoS scrubbing, the service provider cannot accept additional DDoS mitigation requests when all the appliances are at full capacity for mitigating existing attacks. All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 13 of 16

14 Deploying Peakflow SP alone is the preferred approach for DDoS detection in the shared service. Peakflow SP is a scalable detection option because it concurrently collects NetFlow statistics from multiple routers to identify anomalies. It is an economical option because customers do not need to purchase on-premise detection devices if they do not require granular DDoS detection. For both levels of service, the activation of the Cisco Guard XT can be activated, either manually or automatically, for zone protection upon detection of a DDoS attack. The manual activation allows the service provider or customer to validate an attack before activating zone protection on behalf of the customer. Managed Hosting DDoS Protection This service model allows hosting providers to provide DDoS protection for customers using their managed Web hosting and application models. The service is offered as a value-added enhancement to the provider s existing hosting services (Figure 6). It is a best-effort DDoS protection offering with default policy templates for detection and mitigation, similar to the shared service in the managed network DDoS protection service described previously. Figure 6 Managed Hosting DDoS Protection Service The architectural design includes either the Cisco Traffic Anomaly Detector XT or Peakflow SP, but not both, for DDoS detection. For DDoS mitigation, shared Cisco Guard XT appliances or Cisco Anomaly Guard Services modules are placed in a cleaning center close to the peering point of the hosting provider network to prevent attack traffic from saturating its core network bandwidth. All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 14 of 16

15 Peering Point DDoS Protection This service model prevents bandwidth saturation by DDoS attacks at service providers peering points or network access points (Figure 7). Without the Cisco DDoS Protection solution, a DDoS attack can disrupt traffic between peering points. This service can be offered either as a managed DDoS protection service or as an effective system for DDoS protection of the service provider s infrastructure. As a managed service, for instance, it could include protection of links to downstream ISPs. A service provider could use it internally to protect links between two areas in a hierarchy network, transoceanic links between autonomous systems, or links connecting two disparate autonomous systems owned by the same service provider. Figure 7 Peering Point DDoS Protection Service for Transoceanic Links In the design for the model, the Peakflow SP provides a scalable DDoS detection approach, acting as a centralized platform to aggregate NetFlow statistics from routers at different peering points. For DDoS mitigation, the cleaning center should be placed near the source peering point so that DDoS attack packets can be filtered out before they can saturate the connection to the destination peering point. If DDoS protection is required for traffic in both directions across the link between two peering points, separate cleaning centers are installed on each side of the network. All contents are Copyright All rights reserved. Important Notices and Privacy Statement. Page 15 of 16

16 Corporate Headquarters 170 West Tasman Drive San Jose, CA USA Tel: NETS (6387) Fax: European Headquarters Cisco Systems International BV Haarlerbergpark Haarlerbergweg CH Amsterdam The Netherlands www-europe.cisco.com Tel: Fax: Americas Headquarters 170 West Tasman Drive San Jose, CA USA Tel: Fax: Asia Pacific Headquarters 168 Robinson Road #28-01 Capital Tower Singapore Tel: Fax: Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China PRC Colombia Costa Rica Croatia Cyprus Czech Republic Denmark Dubai, UAE Finland France Germany Greece Hong Kong SAR Hungary India Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia Mexico The Netherlands New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela Vietnam Zimbabwe All contents are Copyright All rights reserved. Catalyst, Cisco, Cisco IOS, Cisco Systems, and the Cisco Systems logo are registered trademarks or trademarks of and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property Cisco of their Systems, respective Inc. owners. The use of the word partner does not imply a partnership relationship between Cisco All and contents any other are company. Copyright (0502R) All rights reserved. Important Notices and Privacy Statement. DM/LW /05 Printed in USA Page 16 of 16

CISCO DISTRIBUTED DENIAL OF SERVICE PROTECTION SOLUTION: LEADING DDOS PROTECTION FOR SERVICE PROVIDERS AND THEIR CUSTOMERS

CISCO DISTRIBUTED DENIAL OF SERVICE PROTECTION SOLUTION: LEADING DDOS PROTECTION FOR SERVICE PROVIDERS AND THEIR CUSTOMERS WHITE PAPER CISCO DISTRIBUTED DENIAL OF SERVICE PROTECTION SOLUTION: LEADING DDOS PROTECTION FOR SERVICE PROVIDERS AND THEIR CUSTOMERS Today, service providers and their customers are exposed to a growing

More information

CISCO METRO ETHERNET SERVICES AND SUPPORT

CISCO METRO ETHERNET SERVICES AND SUPPORT SERVICES OVERIVEW CISCO METRO ETHERNET SERVICES AND SUPPORT In the ever-changing communications market, incumbent service providers are looking for ways to grow revenue. One method is to deploy service

More information

CISCO CONTENT SWITCHING MODULE SOFTWARE VERSION 4.1(1) FOR THE CISCO CATALYST 6500 SERIES SWITCH AND CISCO 7600 SERIES ROUTER

CISCO CONTENT SWITCHING MODULE SOFTWARE VERSION 4.1(1) FOR THE CISCO CATALYST 6500 SERIES SWITCH AND CISCO 7600 SERIES ROUTER PRODUCT BULLETIN NO. 2438 CISCO CONTENT SWITCHING MODULE SOFTWARE VERSION 4.1(1) FOR THE CISCO CATALYST 6500 SERIES SWITCH AND CISCO 7600 SERIES ROUTER NEW FEATURES New features of the Cisco Content Switching

More information

Cisco Conference Connection

Cisco Conference Connection Data Sheet Cisco Conference Connection Cisco IP Communications a comprehensive system of powerful, enterprise-class solutions including IP telephony, unified communications, IP video/audio conferencing,

More information

Cisco IOS Public-Key Infrastructure: Deployment Benefits and Features

Cisco IOS Public-Key Infrastructure: Deployment Benefits and Features Data Sheet Cisco IOS Public-Key Infrastructure: Deployment Benefits and Features Introduction to Public Key Infrastructure Public Key Infrastructure (PKI) offers a scalable method of securing networks,

More information

Cisco CNS NetFlow Collection Engine Version 4.0

Cisco CNS NetFlow Collection Engine Version 4.0 Data Sheet Cisco CNS NetFlow Collection Engine Version 4.0 Cisco CNS is a suite of intelligence engines that work with device agents to create a programmable network. Cisco CNS extends the management plane

More information

NetFlow Feature Acceleration

NetFlow Feature Acceleration WHITE PAPER NetFlow Feature Acceleration Feature Description Rapid growth in Internet and intranet deployment and usage has created a major shift in both corporate and consumer computing paradigms. This

More information

Cisco CNS NetFlow Collection Engine Version 5.0

Cisco CNS NetFlow Collection Engine Version 5.0 Data Sheet Cisco CNS NetFlow Collection Engine Version 5.0 Cisco CNS consists of software and appliance-based applications, which support scalable network deployment, configuration, service assurance monitoring,

More information

CISCO NETWORK CONNECTIVITY CENTER

CISCO NETWORK CONNECTIVITY CENTER DATA SHEET CISCO NETWORK CONNECTIVITY CENTER The Cisco Network Connectivity Center (NCC) delivers end-to-end management across multiple tools, technologies, and silos. From networks and applications to

More information

CISCO IOS IP SERVICE LEVEL AGREEMENT

CISCO IOS IP SERVICE LEVEL AGREEMENT DATA SHEET CISCO IOS IP SERVICE LEVEL AGREEMENT Network services have changed dramatically in recent years, most notably due to the addition of voice, video, and other mission-critical delay- and performance-sensitive

More information

CISCO PIX SECURITY APPLIANCE LICENSING

CISCO PIX SECURITY APPLIANCE LICENSING DATA SHEET CISCO PIX SECURITY APPLIANCE LICENSING The market-leading Cisco PIX Security Appliance Series supports a variety of licensing options, enabling businesses to select the capabilities that are

More information

CISCO MDS 9000 FAMILY PERFORMANCE MANAGEMENT

CISCO MDS 9000 FAMILY PERFORMANCE MANAGEMENT WHITE PAPER CISCO MDS 9000 FAMILY PERFORMANCE MANAGEMENT As storage area networks (SANs) grow, so do the challenges for monitoring and resolving performance issues. Summary views of networkwide historical

More information

How To Get A New Phone System For Your Business

How To Get A New Phone System For Your Business Cisco Phone Systems Telemarketing Script Cold Call 1. Locate Contact: Name listed Owner General Manager / Office Manager Chief BDM (Business Decision Maker) Note: Avoid talking to IT since this is not

More information

CISCO GUARD XT 5650 PRODUCT OVERVIEW

CISCO GUARD XT 5650 PRODUCT OVERVIEW DATA SHEET CISCO GUARD XT 5650 PRODUCT OVERVIEW The Cisco Guard XT 5650 DDoS Mitigation Appliance from Cisco Systems delivers a powerful and extensive distributed denial-of-service (DDoS) protection system.

More information

Cisco Blended Agent: Bringing Call Blending Capability to Your Enterprise

Cisco Blended Agent: Bringing Call Blending Capability to Your Enterprise DATA SHEET Cisco Blended Agent: Bringing Call Blending Capability to Your Enterprise Cisco ICM software has traditionally enabled companies to distribute inbound service volume to a variety of termination

More information

THE BUSINESS CASE FOR MANAGED SERVICES IN SMALL AND MEDIUM-SIZED BUSINESSES

THE BUSINESS CASE FOR MANAGED SERVICES IN SMALL AND MEDIUM-SIZED BUSINESSES WHITE PAPER THE BUSINESS CASE FOR MANAGED SERVICES IN SMALL AND MEDIUM-SIZED BUSINESSES IP-based managed services help businesses reap benefits by consistently reducing IT costs while increasing employee

More information

Cisco Secure Access Control Server Solution Engine

Cisco Secure Access Control Server Solution Engine Data Sheet Cisco Secure Access Control Server Solution Engine The Cisco Secure Access Control Server (ACS) provides a comprehensive identity networking solution and secure user experience for Cisco intelligent

More information

Cisco IOS Firewall Intrusion Detection System

Cisco IOS Firewall Intrusion Detection System Application Note Cisco IOS Firewall Intrusion Detection System Application Overview As network security becomes increasingly critical to securing business transactions and computer resources, businesses

More information

CISCO IP PHONE SERVICES SOFTWARE DEVELOPMENT KIT (SDK)

CISCO IP PHONE SERVICES SOFTWARE DEVELOPMENT KIT (SDK) DATA SHEET CISCO IP PHONE SERVICES SOFTWARE DEVELOPMENT KIT (SDK) Cisco Systems IP Phone Services bring the power of the World Wide Web to Cisco IP Phones. An integral part of a Cisco AVVID (Architecture

More information

It looks like your regular telephone.

It looks like your regular telephone. It looks like your regular telephone. But it s a lot better. CISCO PHONE SYSTEM SOLUTIONS FOR SMALL AND MEDIUM BUSINESSES Between the increased productivity and administrative savings we ve experienced,

More information

CISCO SMALL AND MEDIUM BUSINESS CLASS VOICE SOLUTIONS: CISCO CALLMANAGER EXPRESS BUNDLES

CISCO SMALL AND MEDIUM BUSINESS CLASS VOICE SOLUTIONS: CISCO CALLMANAGER EXPRESS BUNDLES OVERVIEW CISCO SMALL AND MEDIUM BUSINESS CLASS VOICE SOLUTIONS: CISCO CALLMANAGER EXPRESS BUNDLES COMPANY PROFILE Cisco CallManager Express (CME) promotional bundles are appropriate for small businesses

More information

THE CISCO CRM COMMUNICATIONS CONNECTOR GIVES EMPLOYEES SECURE, RELIABLE, AND CONVENIENT ACCESS TO CUSTOMER INFORMATION

THE CISCO CRM COMMUNICATIONS CONNECTOR GIVES EMPLOYEES SECURE, RELIABLE, AND CONVENIENT ACCESS TO CUSTOMER INFORMATION CUSTOMER SUCCESS STORY THE CISCO CRM COMMUNICATIONS CONNECTOR GIVES EMPLOYEES SECURE, RELIABLE, AND CONVENIENT ACCESS TO CUSTOMER INFORMATION EXECUTIVE SUMMARY CUSTOMER NAME Coleman Technologies INDUSTRY

More information

PUBLIC KEY INFRASTRUCTURE CERTIFICATE REVOCATION LIST VERSUS ONLINE CERTIFICATE STATUS PROTOCOL

PUBLIC KEY INFRASTRUCTURE CERTIFICATE REVOCATION LIST VERSUS ONLINE CERTIFICATE STATUS PROTOCOL WHITE PAPER PUBLIC KEY INFRASTRUCTURE CERTIFICATE REVOCATION LIST VERSUS ONLINE CERTIFICATE STATUS PROTOCOL CERTIFICATE REVOCATION CHECKING ON CISCO IOS SOFTWARE Introduction The support for x.509 digital

More information

Cisco IT Data Center and Operations Control Center Tour

Cisco IT Data Center and Operations Control Center Tour Cisco IT Data Center and Operations Control Center Tour Inside the Build Room Page 1 of 8 5. Inside the Build Room Introduction Figure 1. Inside the Build Room Ian: The purpose of the Build room is for

More information

PREVENTING WORM AND VIRUS OUTBREAKS WITH CISCO SELF-DEFENDING NETWORKS

PREVENTING WORM AND VIRUS OUTBREAKS WITH CISCO SELF-DEFENDING NETWORKS WHITE PAPER PREVENTING WORM AND VIRUS OUTBREAKS WITH CISCO SELF-DEFENDING NETWORKS Worm and virus attacks are among the most common security breaches for organizations today*. A server, laptop, or personal

More information

CISCO CATALYST 6500 SERIES CONTENT SWITCHING MODULE

CISCO CATALYST 6500 SERIES CONTENT SWITCHING MODULE DATA SHEET CISCO CATALYST 6500 SERIES CONTENT SWITCHING MODULE The Cisco Content Switching Module (CSM) is a line card for the Cisco Catalyst 6500 Series Switch that enhances the experience and response

More information

Combined voice and data solution supports Orange s ongoing success in the UK business market

Combined voice and data solution supports Orange s ongoing success in the UK business market CUSTOMER CASE STUDY Combined voice and data solution supports Orange s ongoing success in the UK business market Executive Summary CUSTOMER NAME Orange INDUSTRY Telecommunications CHALLENGE To increase

More information

NETWORK AVAILABILITY IMPROVEMENT SUPPORT OPERATIONAL RISK MANAGEMENT ANALYSIS

NETWORK AVAILABILITY IMPROVEMENT SUPPORT OPERATIONAL RISK MANAGEMENT ANALYSIS DATA SHEET NETWORK AVAILABILITY IMPROVEMENT SUPPORT OPERATIONAL RISK MANAGEMENT ANALYSIS Operational Risk Management Analysis helps you maintain and improve network availability by evaluating the risks

More information

CISCO WIRELESS SECURITY SUITE

CISCO WIRELESS SECURITY SUITE Q&A CISCO WIRELESS SECURITY SUITE OVERVIEW What is the Cisco Wireless Security Suite? The Cisco Wireless Security Suite is an enterprise-ready, standards-based, wireless LAN (WLAN) security solution for

More information

HIGH-DENSITY PACKET VOICE DIGITAL SIGNAL PROCESSOR MODULE FOR CISCO IP COMMUNICATIONS SOLUTION

HIGH-DENSITY PACKET VOICE DIGITAL SIGNAL PROCESSOR MODULE FOR CISCO IP COMMUNICATIONS SOLUTION DATA SHEET HIGH-DENSITY PACKET VOICE DIGITAL SIGNAL PROCESSOR MODULE FOR CISCO IP COMMUNICATIONS SOLUTION PRODUCT OVERVIEW The High-Density Packet Voice digital signal processor (DSP) (PVDM2) enables Cisco

More information

CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD

CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD DATA SHEET CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD The Cisco 7304 Router, part of the industry-leading Cisco 7000 Series, is optimized to deliver flexible, high-performance IP and Multiprotocol

More information

Cisco Systems GigaStack Gigabit Interface Converter

Cisco Systems GigaStack Gigabit Interface Converter Data Sheet Cisco Systems GigaStack Gigabit Interface Converter The Cisco Systems GigaStack Gigabit Interface Converter (GBIC) is a versatile, low-cost, Gigabit Ethernet stacking GBIC that offers high-speed

More information

Cisco 7200 Series Enterprise WAN Aggregation Application

Cisco 7200 Series Enterprise WAN Aggregation Application OVERVIEW Series Enterprise WAN Aggregation Application Introduction Large enterprise networks face certain challenges when aggregating multiple branch offices or remote locations. Enterprise WAN aggregation

More information

Cisco 2-Port OC-3/STM-1 Packet-over-SONET Port Adapter

Cisco 2-Port OC-3/STM-1 Packet-over-SONET Port Adapter Data Sheet Cisco 2-Port OC-3/STM-1 Packet-over-SONET Port Adapter To meet the continual need for increased router features and performance, Cisco Systems introduces its newest packetover-sonet (POS) port

More information

Cisco Router and Security Device Manager File Management

Cisco Router and Security Device Manager File Management Application Note Cisco Router and Security Device Manager File Management Introduction Cisco Router and Security Device Manager (SDM) allows you to view and manage the file system on your Cisco router

More information

Want to Improve Communication to Parents? Make it Simple.

Want to Improve Communication to Parents? Make it Simple. Want to Improve Communication to Parents? Make it Simple. Save Time, Save Money, and Strengthen the School-Parent Connection CISCO IP PHONE SOLUTIONS SchoolMessenger for Cisco Unified Communications integrates

More information

E-Seminar. Financial Management Internet Business Solution Seminar

E-Seminar. Financial Management Internet Business Solution Seminar E-Seminar Financial Management Internet Business Solution Seminar Financial Management Internet Business Solution Seminar 3 Welcome 4 Objectives 5 Financial Management 6 Financial Management Defined 7

More information

CISCO IOS SOFTWARE FEATURE PACKS FOR THE CISCO 1700 SERIES MODULAR ACCESS ROUTERS AND CISCO 1800 SERIES (MODULAR) INTEGRATED SERVICES ROUTERS

CISCO IOS SOFTWARE FEATURE PACKS FOR THE CISCO 1700 SERIES MODULAR ACCESS ROUTERS AND CISCO 1800 SERIES (MODULAR) INTEGRATED SERVICES ROUTERS CISCO IOS SOFTWARE FEATURE PACKS FOR THE CISCO 1700 SERIES MODULAR ACCESS ROUTERS AND CISCO 1800 SERIES (MODULAR) INTEGRATED SERVICES ROUTERS This product bulletin provides details on the Cisco IOS s for

More information

IS YOUR OLD PHONE SYSTEM HANGING UP YOUR DISTRICT? CISCO K 12 DIRECT LINE SOLUTION FOR IP COMMUNICATIONS

IS YOUR OLD PHONE SYSTEM HANGING UP YOUR DISTRICT? CISCO K 12 DIRECT LINE SOLUTION FOR IP COMMUNICATIONS IS YOUR OLD PHONE SYSTEM HANGING UP YOUR DISTRICT? CISCO K 12 DIRECT LINE SOLUTION FOR IP COMMUNICATIONS THEN YOU NEED A DIRECT LINE. now. CISCO IP PHONE SOLUTIONS Cisco IP phones provide better communications,

More information

Empower Your Law Firm with Your Next Phone System

Empower Your Law Firm with Your Next Phone System Empower Your Law Firm with Your Next Phone System BROCHURE CISCO SMB CLASS SOLUTIONS Law Firm Boosts Client Service and its Bottom Line Hahn & Hessen, LLP, a New York City law firm, is using a Cisco IP

More information

CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND 12.4T FEATURE SETS FOR THE CISCO 3800 SERIES ROUTERS

CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND 12.4T FEATURE SETS FOR THE CISCO 3800 SERIES ROUTERS PRODUCT BULLETIN NO. 2877 CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND FEATURE SETS FOR THE CISCO 3800 SERIES ROUTERS This product bulletin details changes to the Cisco IOS Software packaging for Cisco

More information

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad

More information

Figure 1. The Cisco Aironet Power Injectors Provide Inline Power to Cisco Aironet Access Points and Bridges

Figure 1. The Cisco Aironet Power Injectors Provide Inline Power to Cisco Aironet Access Points and Bridges DATA SHEET CISCO AIRONET POWER INJECTOR Cisco Aironet Power Injector products increase the deployment flexibility of Cisco Aironet wireless access points and bridges by providing an alternative powering

More information

Cisco 7200 and 7500 Series Routers

Cisco 7200 and 7500 Series Routers PRODUCT BULLETIN, NO. 965 Cisco 7200 and 7500 Series Routers Software, Feature, and Feature Upgrade Licenses Introduction Cisco IOS Software on the Cisco 7200 and 7500 Series offers three distinctly different

More information

Cisco AVVID Network Enterprise Data Center Solution Overview

Cisco AVVID Network Enterprise Data Center Solution Overview White Paper Cisco AVVID Network Enterprise Data Center Solution Overview Data centers enable the consolidation of critical computing resources, in controlled environments under centralized management,

More information

CONNECT TO COMPREHENSIVE NETWORK SECURITY SOLUTIONS WITH THE CISCO IP NETWORK DEFENDER PROGRAM.

CONNECT TO COMPREHENSIVE NETWORK SECURITY SOLUTIONS WITH THE CISCO IP NETWORK DEFENDER PROGRAM. CONNECT TO COMPREHENSIVE NETWORK SECURITY SOLUTIONS WITH THE CISCO IP NETWORK DEFENDER PROGRAM. THE CISCO ADVANTAGE: SELF-DEFENDING NETWORKS Network security threats are becoming more frequent and alarmingly

More information

Service Provider Solutions. DDoS Protection Solution. Enabling Clean Pipes Capabilities

Service Provider Solutions. DDoS Protection Solution. Enabling Clean Pipes Capabilities Service Provider Solutions Enabling Clean Pipes Capabilities June 2005 1 Service Provider Security Highlights Security is the heart of internetworking s future A secure infrastructure forms the foundation

More information

Cisco Router and Security Device Manager Dial-Backup Solution

Cisco Router and Security Device Manager Dial-Backup Solution Application Note Cisco Router and Security Device Manager Dial-Backup Solution Introduction Point-to-Point Protocol over Ethernet (PPPoE) and IP Security (IPSec) VPN deployments are increasing and require

More information

Cisco GLBP Load Balancing Options

Cisco GLBP Load Balancing Options Data Sheet Cisco GLBP Load Balancing Options Last updated: December 2005 INTRODUCTION The purpose of this document is to discuss the options that Cisco Gateway Load Balancing Protocol (GLBP) one of Cisco

More information

SOUTH BAY BMW ACHIEVES UNMATCHED AVAILABILITY AND SECURITY WITH ITS CISCO NETWORK

SOUTH BAY BMW ACHIEVES UNMATCHED AVAILABILITY AND SECURITY WITH ITS CISCO NETWORK CUSTOMER SUCCESS STORY SOUTH BAY BMW ACHIEVES UNMATCHED AVAILABILITY AND SECURITY WITH ITS CISCO NETWORK EXECUTIVE SUMMARY CUSTOMER NAME South Bay BMW INDUSTRY Automotive BUSINESS CHALLENGE Help assure

More information

CISCO MEETINGPLACE HOSTED SERVICE

CISCO MEETINGPLACE HOSTED SERVICE DATA SHEET CISCO MEETINGPLACE HOSTED SERVICE The Cisco MeetingPlace rich-media conferencing solution can be deployed in a variety of ways. As an alternative to a customer owned, customer managed solution,

More information

CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND 12.4T FEATURE SETS FOR THE CISCO 2800 SERIES ROUTERS

CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND 12.4T FEATURE SETS FOR THE CISCO 2800 SERIES ROUTERS PRODUCT BULLETIN NO. 2879 CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND FEATURE SETS FOR THE CISCO 2800 SERIES ROUTERS This product bulletin details changes to the Cisco IOS Software packaging for Cisco

More information

Cisco 2600XM DSL Router Bundles

Cisco 2600XM DSL Router Bundles Data Sheet Cisco 2600XM DSL Router Bundles Overview In order to provide customers with easy-to-order solutions to meet their Digital Subscriber Line (DSL) networking needs, six new DSL router bundles are

More information

IP Networking and the Advantages of consolidation

IP Networking and the Advantages of consolidation WHITE PAPER Extending the Benefits of Storage Area Networks across IP Networks Introduction The phenomenal growth of Internet business and data-intensive e-business applications over the past few years

More information

CISCO NETWORK CONNECTIVITY CENTER MPLS MANAGER 1.0

CISCO NETWORK CONNECTIVITY CENTER MPLS MANAGER 1.0 DATA SHEET CISCO NETWORK CONNECTIVITY CENTER MPLS MANAGER 1.0 Cisco Network Connectivity Center (NCC) Multiprotocol Label Switching (MPLS) Manager maximizes the availability of VPNs based on MPLS technology.

More information

CISCO MEETINGPLACE MANAGED SERVICE

CISCO MEETINGPLACE MANAGED SERVICE DATA SHEET CISCO MEETINGPLACE MANAGED SERVICE The Cisco MeetingPlace rich-media conferencing solution can be deployed in a variety of ways. As an alternative to a customer managed solution, the Cisco MeetingPlace

More information

How Cisco IT Protects Against Distributed Denial of Service Attacks

How Cisco IT Protects Against Distributed Denial of Service Attacks How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN

More information

Cisco Intelligent Contact Management Enterprise Edition

Cisco Intelligent Contact Management Enterprise Edition Data Sheet Cisco Intelligent Contact Management Enterprise Edition Cisco IP Communications is a comprehensive system of powerful, enterprise-class solutions including IP telephony, unified communications,

More information

NETFLOW PERFORMANCE ANALYSIS

NETFLOW PERFORMANCE ANALYSIS WHITE PAPER NETFLOW PERFORMANCE ANALYSIS INTRODUCTION The Cisco IOS NetFlow feature set allows for the tracking of individual IP flows as they are received at a Cisco router or switching device. Network

More information

How To Outtask Metro Ether To A Managed Service Provider

How To Outtask Metro Ether To A Managed Service Provider WHITE PAPER MANAGED METRO ETHERNET SERVICES: BUSINESS ADVANTAGES FOR THE ENTERPRISE Ethernet is rapidly becoming the primary communications technology for organizations of all sizes. Most businesses already

More information

Cisco SMB Class Solutions Your Next Phone System Purchase

Cisco SMB Class Solutions Your Next Phone System Purchase Overview Cisco SMB Class Solutions Your Next Phone System Purchase The Smart Buyer s Checklist for Small and Medium Organizations Will your aging telephone system soon need replacing or require a significant

More information

Cisco 3640 - PBX Interoperability: Lucent/Avaya Definity G3si V7 PBX with CallManager using Analog FXS and FXO Interfaces as an MGCP Gateway

Cisco 3640 - PBX Interoperability: Lucent/Avaya Definity G3si V7 PBX with CallManager using Analog FXS and FXO Interfaces as an MGCP Gateway Application Note Cisco 3640 - PBX Interoperability: Lucent/Avaya Definity G3si V7 PBX with CallManager using Analog FXS and FXO Interfaces as an MGCP Gateway Introduction This application note describes

More information

CISCO ATA 186 ANALOG TELEPHONE ADAPTOR

CISCO ATA 186 ANALOG TELEPHONE ADAPTOR DATA SHEET CISCO ATA 186 ANALOG TELEPHONE ADAPTOR The Cisco ATA 186 Analog Telephone Adaptor is a handset-to-ethernet adaptor that turns traditional telephone devices into IP devices. Customers can take

More information

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest

More information

Cisco Catalyst 6500 Series/Cisco 7600 Series Supervisor Engine 720-3BXL

Cisco Catalyst 6500 Series/Cisco 7600 Series Supervisor Engine 720-3BXL Data Sheet Cisco Catalyst 6500 Series/Cisco 7600 Series Supervisor Engine 720-3BXL The Cisco Catalyst 6500 Series/Cisco 7600 Series Supervisor Engine 720-3BXL (Sup 720-3BXL) is the third-generation supervisor

More information

Cisco WebEx Social Compatibility Guide

Cisco WebEx Social Compatibility Guide Cisco WebEx Social Compatibility Guide This document provides compatibility information for supported components and applications for Cisco WebEx Social 3.4.2, 3.4, 3.3, 3.1, and 3.0. Note: Due to different

More information

Enterprise Reporting

Enterprise Reporting Business Solutions Cisco ICM Software Enterprise Reporting Converting Contact Center Data into Business Intelligence. Improving customer service and increasing productivity are critical challenges for

More information

MITIGATING ATTACKS IN VOIP ENVIRONMENTS

MITIGATING ATTACKS IN VOIP ENVIRONMENTS WHITE PAPER MITIGATING ATTACKS IN VOIP ENVIRONMENTS Wide-scale voice over IP (VoIP) implementations based on Session Initiation Protocol (SIP) and H.323 are gaining traction and are starting to be heavily

More information

Serial Connectivity Network Modules for the 2600, 3600, and 3700 Series (NM-1HSSI, NM-4T, NM-4A/S, NM-8A/S, NM-16A/S, NM-16A, NM-32A)

Serial Connectivity Network Modules for the 2600, 3600, and 3700 Series (NM-1HSSI, NM-4T, NM-4A/S, NM-8A/S, NM-16A/S, NM-16A, NM-32A) Data Sheet Serial Connectivity Network Modules for the 2600, 3600, and 3700 Series (NM-1HSSI, NM-4T, NM-4A/S, NM-8A/S, NM-16A/S, NM-16A, NM-32A) The Cisco 2600, 3600, and 3700 Series offer a wide variety

More information

CISCO CATALYST 3750 SERIES SWITCHES

CISCO CATALYST 3750 SERIES SWITCHES AT-A-GLANCE CISCO CATALYST 3750 SERIES SWITCHES Product Part Number Port Speed Number Cisco Catalyst 3750-24TS 3750-24TS 3750-24FS 3750-24PS 3750-24PS 3750-48TS 3750-48TS 3750-48PS WS-C3750-24TS-S 10/100

More information

CISCO SFP OPTICS FOR PACKET-OVER-SONET/SDH AND ATM APPLICATIONS

CISCO SFP OPTICS FOR PACKET-OVER-SONET/SDH AND ATM APPLICATIONS DATA SHEET CISCO SFP OPTICS FOR PACKET-OVER-SONET/SDH AND ATM APPLICATIONS The Cisco industry-standard Small Form-Factor Pluggable Interface Converter (SFP) for packet-over-sonet/sdh (POS), optical networking,

More information

Cisco IOS Telephony Services Survivable/Standby Remote Site Telephony

Cisco IOS Telephony Services Survivable/Standby Remote Site Telephony DATA SHEET Cisco IOS Telephony Services Survivable/Standby Remote Site Telephony As enterprises extend their telephony and high-value application deployments from central sites out to remote offices, one

More information

E-Seminar. E-Commerce Internet Business Solution Seminar

E-Seminar. E-Commerce Internet Business Solution Seminar E-Seminar E-Commerce Internet Business Solution Seminar E-Commerce Internet Business Solution Seminar 3 Welcome 4 Objectives 5 The Internet Revolution 6 E-Commerce Defined 7 Types of E-Commerce 8 E-Commerce

More information

CISCO ATA 188 ANALOG TELEPHONE ADAPTOR

CISCO ATA 188 ANALOG TELEPHONE ADAPTOR DATA SHEET CISCO ATA 188 ANALOG TELEPHONE ADAPTOR The Cisco ATA 188 Analog Telephone Adaptor is a handset-to-ethernet adaptor that turns traditional telephone devices into IP devices. Customers can take

More information

CISCO ISDN BRI S/T WIC FOR THE CISCO 1700, 1800, 2600, 2800, 3600, 3700, AND 3800 SERIES

CISCO ISDN BRI S/T WIC FOR THE CISCO 1700, 1800, 2600, 2800, 3600, 3700, AND 3800 SERIES DATA SHEET CISCO ISDN BRI S/T WIC FOR THE CISCO 1700, 1800, 2600, 2800, 3600, 3700, AND 3800 SERIES Offering a single ISDN BRI S/T interface, this WIC may require an external Network Termination 1 (NT1),

More information

Cisco Outbound Option

Cisco Outbound Option Data Sheet Cisco Outbound Option Today s contact center is about more than just handling inbound telephone calls it is about fully integrated, multi-channel customer interaction. The Cisco Intelligent

More information

CISCO MEETINGPLACE FOR OUTLOOK 5.3

CISCO MEETINGPLACE FOR OUTLOOK 5.3 DATA SHEET CISCO MEETINGPLACE FOR OUTLOOK 5.3 Rich-media Conferencing for Microsoft Outlook PRODUCT OVERVIEW Cisco MeetingPlace part of the Cisco IP Communications system is a complete rich-media conferencing

More information

Cisco Solution Incentive Program Asia Pacific

Cisco Solution Incentive Program Asia Pacific Channel Incentive Offerings Cisco Solution Incentive Program Asia Pacific User Guide This program will expire on December 31, 2006. Cisco Systems reserves the right to cancel or modify this program at

More information

Internal IT Staff at a Serbian Children s Hospital Takes Innovative Approach to Outpatient Care

Internal IT Staff at a Serbian Children s Hospital Takes Innovative Approach to Outpatient Care CUSTOMER CASE STUDY Internal IT Staff at a Serbian Children s Hospital Takes Innovative Approach to Outpatient Care Executive Summary CUSTOMER NAME Belgrade, Serbia INDUSTRY Healthcare BUSINESS CHALLENGES

More information

Cisco Business Communications Solution. Brochure

Cisco Business Communications Solution. Brochure Cisco Business Communications Solution Brochure In today s fast-changing business environment, your customers are becoming more demanding, and the competition is growing more intense. Businesses are migrating

More information

CISCO AIRONET POWER INJECTOR

CISCO AIRONET POWER INJECTOR DATA SHEET CISCO AIRONET POWER INJECTOR Cisco Aironet Power Injector products increase the deployment flexibility of Cisco Aironet wireless access points and bridges by providing an alternative powering

More information

Cisco Aironet 1130AG Series

Cisco Aironet 1130AG Series Ordering Guide Cisco Aironet 1130AG Series The Cisco Aironet 1130AG Series IEEE 802.11a/b/g Access Point is a fixed-configuration, dual-band access point. Built in to the access point are two radios each

More information

CISCO CATALYST 6500 SUPERVISOR ENGINE 32

CISCO CATALYST 6500 SUPERVISOR ENGINE 32 PRODUCT BULLETIN NO. 2678 CISCO CATALYST 6500 SUPERVISOR ENGINE 32 Cisco Systems introduces the Cisco Catalyst 6500 Series Supervisor Engine 32, the next generation of supervisor engine for the Cisco Catalyst

More information

IP Communications for the Small or Autonomous Branch Office

IP Communications for the Small or Autonomous Branch Office Overview IP Communications for the Small or Autonomous Branch Office Deploying data and voice capabilities in a single, integrated routing platform to increase productivity, decrease costs, and lower total

More information

networks (VPNs). models, the Cisco 800 series of routers addresses wide range Figure 1 Cisco 800 Series Routers give Small Offices and Corporate

networks (VPNs). models, the Cisco 800 series of routers addresses wide range Figure 1 Cisco 800 Series Routers give Small Offices and Corporate DATA SHEET Cisco 800 Series Family of Access Routhers Cisco 800 Series Family of Access Routers THE CISCO 800 SERIES FAMILY OF ACCESS ROUTERS OFFER MODELS WITH ENHANCED NETWORK SECURITY AND RELIABILITY

More information

Cisco Network Foundation Protection Overview

Cisco Network Foundation Protection Overview Cisco Network Foundation Protection Overview June 2005 1 Security is about the ability to control the risk incurred from an interconnected global network. Cisco NFP provides the tools, technologies, and

More information

Cisco VPN Solution Center 2.2

Cisco VPN Solution Center 2.2 Whitepaper VPN Solution Center 2.2 Introduction The VPN Solution Center 2.2 (VPNSC 2.2) is a carrier-class network- and servicemanagement solution for the rapid and cost-effective delivery of IP virtual

More information

CISCO 7609 ROUTER ENHANCED 9-SLOT CHASSIS

CISCO 7609 ROUTER ENHANCED 9-SLOT CHASSIS DATA SHEET CISCO 7609 ROUTER ENHANCED 9-SLOT CHASSIS The Cisco 7609 Router is a high-performance router deployed at the network edge, where performance, IP services, redundancy, and fault resiliency are

More information

Cisco IT Data Center and Operations Control Center Tour

Cisco IT Data Center and Operations Control Center Tour Cisco IT Data Center and Operations Control Center Tour Data Center Power Page 1 of 9 7. Data Center Power Electrical Power and Power Protection Figure 1. Power Cabinets Dick: Running a data center takes

More information

Optical Service Modules: OC-3/STM-1, OC-12/STM-4 and OC-48/STM-16 POS, OC-12/STM-4 ATM, Gigabit Ethernet WAN, Channelized T3 (CT3) and OC12/STM-4

Optical Service Modules: OC-3/STM-1, OC-12/STM-4 and OC-48/STM-16 POS, OC-12/STM-4 ATM, Gigabit Ethernet WAN, Channelized T3 (CT3) and OC12/STM-4 Data Sheet Cisco 7604 Router Product Overview The Cisco 7604 Router is one of the smallest, redundant routers to offer n x 10 Gigabit Ethernet performance with services. This router is part of the Cisco

More information

Cisco CSS 11500 Series Content Services Switch

Cisco CSS 11500 Series Content Services Switch Quick Look Cisco CSS 11500 Series Content Services Switch The Cisco CSS 11500 Series Content Services Switch is the newest addition to the Cisco content switching product line. As with other Cisco content

More information

IP Communications for Small Offices Using Cisco CallManager Express and Cisco Unity Express

IP Communications for Small Offices Using Cisco CallManager Express and Cisco Unity Express Overview IP Communications for Small Offices Using Cisco CallManager Express and Cisco Unity Express Cisco CallManager Express with Cisco Unity Express provides small and medium-sized businesses (SMBs)

More information

CISCO IP PHONE EXPANSION MODULE 7914

CISCO IP PHONE EXPANSION MODULE 7914 DATA SHEET CISCO IP PHONE EXPANSION MODULE 7914 Call coverage is a critical capability for administrative assistants and others who must monitor, manage, and cover the various status of calls. This requires

More information

Stop DDoS Attacks in Minutes

Stop DDoS Attacks in Minutes PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)

More information

What is network convergence all about?

What is network convergence all about? What is network convergence all about? What is network convergence all about? The industry's adoption of a converged network that is the concept of the convergence of separate telephone, video and data

More information

Automated Mitigation of the Largest and Smartest DDoS Attacks

Automated Mitigation of the Largest and Smartest DDoS Attacks Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application

More information

Radware s Attack Mitigation Solution On-line Business Protection

Radware s Attack Mitigation Solution On-line Business Protection Radware s Attack Mitigation Solution On-line Business Protection Table of Contents Attack Mitigation Layers of Defense... 3 Network-Based DDoS Protections... 3 Application Based DoS/DDoS Protection...

More information

Enabling High Availability for Voice Services in Cable Networks

Enabling High Availability for Voice Services in Cable Networks White Paper Enabling High Availability for Voice Services in Cable Networks When customers place a telephone call, they expect it to go through on the first attempt and they expect it to continue without

More information

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc. TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...

More information

CISCO CATALYST 4500 SERIES SWITCHES FOR METRO ETHERNET NETWORKS

CISCO CATALYST 4500 SERIES SWITCHES FOR METRO ETHERNET NETWORKS DATA SHEET CISCO CATALYST 4500 SERIES SWITCHES FOR METRO ETHERNET NETWORKS Optimal Control for Voice, Video, and Data Services PRODUCT OVERVIEW The Cisco Catalyst 4500 Series switches with integrated resiliency

More information