Justifying a Policy Based Approach for DDoS Remediation: A Case Study
|
|
- Homer Mosley
- 8 years ago
- Views:
Transcription
1 Justifying a Policy Based Approach for DDoS Remediation: A Case Study Azman Ali, Alberto Schaeffer-Filho, Paul Smith and David Hutchison Computing Department, Lancaster University, UK {a.ali, asf, p.smith, dh}@comp.lancs.ac.uk Abstract Following the outbreak of conflict between Russia and Georgia and the infamous collapse of the Estonian network infrastructure in 2007, Distributed Denial of Service (DDoS) attacks have emerged as a new political weapon. In response to this, and anticipating the vulnerability of banking, energy and communications systems to Internet attacks, the US government, NATO and many other technology-oriented organizations have started initiatives to strengthen cyber defence and improve resilience in both military and public infrastructure. DDoS scalability, dynamic and elusive behaviour have motivated much work that focuses on detection and the defence strategies that are applicable for specific symptoms of attacks. We aim to improve on this by attempting a way of allowing dynamic execution of strategies to combat DDoS by exploring the use of policy. Policy enables separation of management strategy from implementation, so that operation would not be disrupted by any change of policy and at the same time allowing remediation strategies or policies to be evaluated, learned, analysed, refined and negotiated. In this paper, we compare some key literature on remediation with some of the current practices based on our case study. We highlight some issues and remediation techniques used by an ISP operator to verify the feasibility of using policy as remediation. We discuss some initial results of our experiment to integrate an established toolkit for policy (Ponder2) with our simulated network topology and range of attacks running on a SSFNet simulation platform. Keywords DDoS Attack, Policy, Resilience, Remediation. I. INTRODUCTION The Internet affects many aspects of our lives, both social and work, and of the businesses that we have come to rely on. Driven by the strong benefits the Internet has to offer, many telecommunication providers are already converging multiplatform legacy infrastructures to a common Internet Protocol (IP) platform. Hence, the Internet is fast becoming the basis for the next generation of telecommunications, and is already recognised as a significant critical infrastructure. Motivated by this, we believe that ensuring resilience is a problem needs to be addressed immediately. Network resilience is the ability of the network to provide and maintain an acceptable level of service in the face of various faults and challenges to normal operation [3]. It is a combination of trustworthiness (dependability, security, performability) and tolerance (survivability, disruption tolerance, and traffic tolerance). One aspect of resilience, remediation, is defined as an activity in which actions are autonomously taken to enable operations to continue as well as possible and to mitigate damage [2]. Achieving resilience is not an easy task if we take into account a large number of possible events that could cause disruption to network operation. One of the serious threats increasingly seen on the Internet is the Distributed Denial of Service (DDoS) attack. In a DDoS attack, the attackers exploit the highly distributed Internet resources from all over the world to produce a highly scalable, dynamic and complex type of attack that aims to take down communication services. One approach to deal with such a dynamic attack is by the use of policy. Separating policy from the implementation of a system permits the policy to be modified in order to dynamically change the strategy for managing the system and hence modify the behaviour of a system without changing its underlying implementation [4]. Using policy as our approach will open up a new horizon for the study on DDoS remediation through exploration of many interesting subjects in the policy domain, such as policy learning, analysis, negotiation, evaluation and others that would lead to more accurate and continuous improvement of remediation strategies. The objective of the study reported in this paper is to understand the feasibility of exploring policy as our approach to DDoS remediation through a case study of current practices in the industry. In the next section, we describe some of the related work in this area. We then discuss some of the issues and threats to the network, highlighting some operational issues and current best practices in dealing with them through our case study. We use Telekom Malaysia, a Malaysian based ISP, for this case study because one of the authors has direct experience within the organization. We explain our initial work on the network simulation platform in experimenting how policy can be used to change the behaviour of the network without actually modifying the underlying implementation. At the end of this paper, we discuss some the insights and future work that might follow. II. BACKGROUND AND RELATED WORK In general, much research on resilience has been focused on specific techniques and platforms. For example, Sterbenz et al [5] proposed a mechanism that can be used to select multiple paths between a given ingress and egress node pair, and Achim et al [6] discussed in detail IP network resilience, centred on MPLS based recovery mechanisms. Trivedi et al [7] presented definitions of resilience for computer and network systems, and constructed a resilience model for dependability and performance. Current and recent international research projects such as ResumeNet [10], Intersection [11] and ANA [12] focus on the area of resilience. ResumeNet is evaluating an architectural approach and a set of mechanisms to achieve Internet resilience that is multilevel, systemic, and systematic. The Intersection project, on the ISBN: PGNet
2 other hand, aimed to design and implement an integrated security framework made of different subsystems and components providing network and infrastructure security, while the ANA project [12] proposed a way of building a novel autonomic network architecture that enables flexible, dynamic, and fully autonomous formation of network nodes, as well as whole networks. In the ResumeNet [10] project, several labs that share similar interests in resilience are collaborating and coordinating efforts to provide many detailed outcomes on resilience, which includes architecture, framework, strategy, terminology and many related issues. Our approach to resilience is based on the Resilinets strategy [3], which defines six activities, namely Defend, Detect, Remediate, Recover, Diagnose and Refine. This strategy (as illustrated in Fig. 1), allows us to define our actions in a more structured manner and provides, we believe, a good framework for resilience. Fig. 1. General strategy for Resilience D 2 R 2 +DR [3] We aim to focus on remediation and to study how it can be applied to help mitigating Distributed Denial of Service (DDoS) attacks. Based on many work on DDoS mitigation, no studies that we have known were aimed to mitigate DDoS attacks as part of a complete resilience strategy. Some examples are dfense [13], a middlebox to catch the DDoS and stop traffic, DARE, an adaptive mitigation system [14] that focus on the mitigation of the predominant DDoS TCP SYN and UDP Flooding attacks and DefCOM [15], a distributed system for DDoS defence, which are deployed and cooperate via an overlay to detect and stop attacks. Such techniques might serve their own purpose but there is still a lack of discussion on how these techniques could be coordinated with other techniques and contribute towards a complete strategy for network and service e resilience. Our approach for remediation aims to mitigate DDoS in a coordinated, autonomic and adaptive manner, taking into account their impact on overall resilience on network, the service or any other layers (such as network stability, useability, security and performance). Some research on DDoS has also focused on DDoS taxonomy, metric and benchmarking [9]. According to the study by Markovic et al [9], their proposed taxonomy was not encompassing and a review on defence e mechanisms needs to be done from time to time to include new type of attacks. Markovic et al [9] proposed that the Internet community must be equally cooperative within itself to counter the DDoS threat. In a survey of DDoS attack and defence mechanisms, Peng [8] concluded that the ideal solution would optimistically demand attention from lawmakers, and global cooperation can be enforced by legislative measures for more effective effort. From these taxonomy and survey, we believe that a more dynamic way of DDoS remediation which promotes collaboration and involvement from decision makers will hypothetically resolve the concern. Hence, in order to produce an effective remediation for DDoS, there is a need to assess the strategy, to learn and improve and perhaps to collaborate with other networks which have inspired us to explore the use of policy. Policy on the other hand is an established domain of research. A project on Diadem Firewall uses similar policy-based approach for firewall configuration [16]. The project aimed to protect broadband services through the use of policy by reacting to detected violation such as DDoS attack. While the work on Diadem firewall showed some initial work on how policy (instrumented using Ponder2) can be used as remediation, the key differences from our approach lies in the overall goal of what policy is being used for, the scope, and the type DDoS attacks it can remediate. Firstly, in Diadem Firewall project, policy was used to change the configuration of the firewall appliance, rather than being used towards deploying a complete resilience strategy such as D 2 R 2 +DR. Secondly, it is a device based solution which is likely applicable le in the LAN infrastructure (we discuss in our case study how in actual operation, appliance based solution such as IPS could be limited by the hardware limitation). We, on the other hand, aim to focus on how policy can use to strategize remediation in the context of an ISP, keeping a view on the whole underlying implementation of an ISP infrastructure rather than specific segment in the network. Thirdly, Diadem was also successfully deployed to remediate against SYN attack, but we aim to extend our scope to cover broader type of attacks including volume based attacks and the more updated type of DDoS. Thus, in our approach, the whole components that build an ISP infrastructure will be treated as managed objects and not limited to any particular devices or network segment. By doing this, we believe that remediation can be achieved in more comprehensive manner. The exploration of policy in resilience is discussed briefly in [1], where the strategy for capitalizing policy in resilience was first outlined. By separating policy from the underlying implementation, we believe would be able to capitalized on some interesting features offered by policy, such as policy conflict resolution and analysis [18], policy learning [19] and policy refinement [20][21], hence, will answer some questions raised in the DDoS defence e survey and taxonomy discussed earlier. III. CASE STUDY Background Telekom Malaysia (TM) is the second largest telecommunication provider in South East Asia and is currently Malaysia s largest Internet Service Provider. In 2008, TM was appointed by the Malaysian Government to develop the next generation high speed broadband infrastructure and services for the nation in the RM11.3 billion national high speed broadband project. With its defined target of achieving
3 50% broadband penetration by 2010, the program aims at making high-speed affordable broadband available to high density economically critical areas. In March 2010, after successful deployment of IP core infrastructure (NGN), TM launched its new NGN services and is currently migrating its services to the new NGN infrastructure. Today, TM owns more than 70% Malaysian broadband market and offers full range of telecommunication services including global IP services, commercial datacenters, Voice over IP, IPTV and a range of Enterprise IP services. Problem Space With all the services migrated to IP infrastructure, two major problems remain the major concern and need to be addressed more seriously. Distributed Denial of Service attacks (DDoS) remain a constant threat to TM s Enterprise and Commercial Datacenter services while botnet has increased its coverage among the broadband users. In the first Quarter 2010 for example, 6 cases of DDoS attacks on datacenters have been reported by the abuse team with the volume increased significantly from 200Mbps to 800Mbps during this period. In some cases, the attacks exhausted the router processers by sending some small packets despite its small bandwidth utilization. The attacks were targeting some of the popular services such as government, banking, hosting services, gaming. Botnet on the other hand, was seen as a time bomb that is built up with capability to generate more or similar DDoS attacks from within the TM network infrastructure. With currently 70,000 and increasing, the broadband users are suspected to host bot agents, and some effective solution needs to be deployed immediately. The real challenge for TM is to manage its international link and routing efficiently during an attack which can be easily cannibalized by DDoS traffic, causing disruption to all other users. On the other hand, it needs to protect its enterprise and datacenter customers who are the common target of attack and at the same time needs to suppress the growing threat of botnet. Operational Issues A high scale disruption caused by DDoS attack could easily affect TM operation. Such attack could cause losses in financial through paying rebates, and productivity, because of the amount of effort and resources that need to be utilized to deal with the attacks. In some high profile cases, company s reputation is also at stake. These losses are hard to be quantified and justified and often end up as lowest priority in management decision list. The raising numbers of bot agents in the ISP network for example, could hardly prove the need for some serious investment since botnet hosts or traffic are normally harmless most of the time and only become active when needed. Introducing a new technology to overcome the problem would also mean that the price of the services needs to be increased to cover the cost of infrastructure. This will be the last thing the management want to commit especially in a limited Internet market size in Malaysia. Although breaching of service level agreement due to service degradation caused by DDoS attacks could also have some financial implication, the definition of disruption or performance degradation is still arguable. Therefore, a well scrutinized service level agreement and policy is always handful in protecting the Service Provider from any legal action from the customers. In fact, the argument might be true given that the actual attack is normally targeting the customers rather than the infrastructure as it would take a lot a lot of resources to bring down an ISP backbone. In this case, policy would be a useful tool to differentiate different types of service level offered to the customers. Apart from policy, remediation of DDoS attack also demands the presence of highly expert, experienced or well trained personnel as attack behaviour changes dynamically over time and the resources such as bandwidth need to be utilized efficiently. In most of the incidents, multiple mitigation strategies need to be executed concurrently, which combines a blend of known mitigation mechanisms that the analyst think are appropriate. The deployment of remediation must also be done as fast as possible to ensure the service level is met. This is why, a good processes and procedure need to be devised, especially when the endorsement from higher authority is required. Processes and procedure help to provide a good description about the role, the flow of process and the timeline for the tasks to be executed. These processes, procedure and policies need to be jointly prepared by the experts and the management and reviewed from time to time. Unfortunately, experts are not always easy to maintain. In this industry, as an expert engineer would rarely stay in one organization for years. Well developed policies, process and procedure are therefore seen as good ways to preserve the expertise and experience within the organization and to reduce impact due to people leaving the company. DDoS attacks are meant to overwhelm resources, which are mainly limited by hardware capability such as low processing power (most of the routers have between 512MB to 1GB of RAM), small link bandwidth or limited software features on the routers. Often these limitations are being compensated by deploying third party devices such as Intrusion Prevention tools, packet shaping tools or firewall. However, these technologies could not offer any guarantee because despite the hardware or links upgrade (which implicate the operator financially), DDoS attackers can always garner resources from the Internet to improve the scale of the attacks. Hence, equipping the organization with well trained personnel and good processes and procedure are seen as the key for more feasible and comprehensive remediation against an attack. In conclusion, from the operational perspective, the human, process and technology factors needs to be adequately addressed to help mitigating DDoS attacks. Current Remediation and Options Current defence mechanisms include the deployment of packet shaping tools all over networks and intrusion prevention systems at the datacenter perimeter. Despite the deployment all of these technology, attacks can still take place
4 especially because of human limitation. Sometimes, in a larger scale attack, traffic would not even reach these devices since it would be dropped at the router interface due to overwhelming flow of malicious traffic. In some complex cases, data from these devices often or needs to be analysed and escalated to the vendor s Technical Access Center (TAC) which will be normally time consuming. DDoS attacks are monitored using Arbor Netflow analyser which monitors traffics at the border of the ISP network. As a passive device, netflow analysers like Arbor does some decent job and capable in supplying basic information such as top link utilized, top source/destination, top application and many more, but the rest of the work lies on the shoulders of security analysts and the engineers. Other more common mitigation techniques, such as sinkhole techniques are also being used most of the time, but it requires some manual configuration and proper authorization before it could be deployed. With limited human resources and expertise, the engineers are currently attempting to set up a sinkhole infrastructure that can be easily triggered by non expert engineer with some proper authorization. Acknowledging the importance of human and process in the loop, TM has also engaged in several ISO certification program such as ISMS and ITIL to ensure the proper implementation and execution of policy and procedure by the human operators. In a long run, the upgrade to new Next Generation Network (NGN) infrastructures could presumably reduce the hardware and link limitation problems since it runs on a newly developed IP Core infrastructure featuring multigigabit links and high end routers, but the concern about DDoS attacks, botnet and the needs for human and process in the loop, remains. TM has also engaged in external collaboration either directly or indirectly in its effort to mitigate DDoS and botnet problems. Apart from monitoring the anomaly in the network, TM also relies on other services such as reputational database, and complaints it receives from various network providers throughout the world. These complaints also come from Network Registries such as APNIC, RIPE, ARIN etc and from local or international Computer Emergency Response Team (CERT). Some research based organizations like Team-Cymru for example help to sample the traffic from the honeypot and supply some tagged data to help TM to identify botnet host and traffic within the network. Currently Malaysia is identified as top 10 countries with the highest botnet hosts in the network [17]. Another service such as scrubbing service by Prolexic [24], offers to handle DDoS traffic before it floods the ISP s international link by tapping the traffic at various international points which are close to the well known source or DDoS attacks. Once triggered, suspected traffic will be diverted to Prolexic s network, where the traffic are scrubbed or filtered before redirecting it back to the ISP. This will help TM to preserve the international bandwidth from being flooded with the bad traffic. However initial detection and triggering services need to be done by the ISP. This service is currently under evaluation and could be some alternative for DDoS remediation. Discussion ISP operation relies on the collaboration and information from various sources to help identifying threats on its own network. This process is currently performed manually but a more automatic approach would be desirable in the future. The human element cannot be overlooked in this matter. Lack of expertise and some unpredictable human mistakes could also be a threat to resilience. Mistakes, however, can be reduced through a well executed policy and process. The need for intelligence in devising strategies for DDoS remediation would also mean that processes and policies need to be continuously assessed and learned from time to time. In an event like DDoS, response time is critical and a delay could cause financial implications to the organization. Thus a well developed policy and process could help in making complex decision and eventually reduce dependencies on particular individuals or experts. Based on the case study, DDoS remediation is also limited by the technology (financially and feature wise). For some countries, investing in network-wide deployment of appliances to remediate DDoS would cost a fortune, and its Return on Investment (RoI) is not easily quantified. Thus, remediation might need to be approached as a revenue generating service. By implementing and enforcing policy, some paying customers might be given the protection while the rest might need to settle for some basic level of service. The purpose of doing this is to entice the management to be more involved in solving the DDoS and botnet threat in the network as well as providing some more economical approach to this matter. In our approach, driven by the high level policy requirement such as Service Level Agreements (SLAs) or Key Performance Indicators (KPIs), policy will then need to be refined and translated for actual execution. Many of the operational issues in solving DDoS and botnet issues also mainly circle around human, process and technology. The workaround of these issues hence needs to cover the three aspects which bring us to explore policy as a governing mechanism. Apart from being economical compared to hardware investment, policy helps to separate the management from the underlying implementation which means devising policies and strategies can be done without disrupting operation. This key attribute of policy allows the prospect for collaboration, learning and refinement, making policy a good candidate to address all the issues in hand. IV IMPLEMENTATION Based on our case study, we conduct an experiment to explore the use of policy in DDoS remediation. Initial tasks for this experiment include building an ISP topology for the network simulation, identifying the simulation and the policy tools to be used, and preparing the integration between them. A. Topology The network topology (Fig. 2) used in our simulation was based on an example Internet Service Provider (ISP) network.
5 The ISP context is used as it represents complete infrastructure elements that could be potentially exposed or being compromised during a DDoS attack. The variety of elements supports the scalability for future experimentation. Fig.2 An abstraction of Telekom Malaysia ISP's topology, physical resources and logical components for the resilience strategy[1] This topology contains a network with multiple regions (Northern, Southern, Western and Central), interconnected via a backbone ring (backbone facilities run on OSPF routing protocol and assigned area0, while other regional area run on OSPF area 1,2 and 3 respectively). The central regions consist of border routers linked to other ISPs via BGP routing protocol. Each regional network hosts a server farm which is a potential victim or destination of an attack, a thousand broadband or Digital Subscriber Line (DSL) users which could be the originator or source of attack, and an Enterprise network which may be the source or destination of an attack. An attack can also be simulated from and to the external destination beyond the ISP network. The link bandwidth in this topology represents some typical bandwidth size such as multi-gigabit link for backbone and server farms, E1 connection for enterprises and multiple 1Mbps for DSL users. B. Toolset SSFNet Scalable Simulation Framework (SSF) is a simulation tool for complex systems built on Java and C++ [22]. It provides facilities to model a network through the SSFNet package which comprises of Java packages. It includes models of protocols such as IP, TCP, UDP, BGP, OSPF and many network elements such as routers, host, links, network interface card and other scenario oriented model such as DDoS, worm propagation, campus network, multi-as network etc. The simulation is mainly used for simulating traffic from layer 3 (IP layer) and above. The configuration or topology of the network model is defined in a DML formatted files. In our simulation, the topology described in Fig.2 is configured in a DML file. Ponder2 Ponder2 [23] is a policy tool that comprises of java-based object management nt systems that can be used for a general purpose usage. Ponder2 has been applied in many different environments including devices, health monitoring systems, distributed systems and many more. There are two types of policies, the obligation policy and authorization policy. Obligation policy define how an event(e), that meet certain conditions(c) triggers an action(a), also known as ECA rule. Authorization policy, on the other hand, controls interaction between managed object. Ponder2 is configured using PonderTalk, a language age used to control Ponder2 instances and capable of passing the message between objects. Policies are written in term of managed objects that can be created and customized to allow Ponder2 to interact with various software or hardware. The purpose of this interaction is to enable policies to be executed without the need to change the configuration of hardware or software that it controls. C. Ponder2 and SSFNet Integration One of the key factors for selecting SSFNet as our simulation platform is because of the need to integrate with Ponder2 which is built on Java platform. Our initial work on the integration is to instrument selected objects in SSFNet to allow Ponder2 to communicate later on. This section contains some examples of configurations on the SSFNet package and configuration of Ponder2 is currently in progress. public class RateLimiter implements nicbitrater,remediationinterface { private static String objname = RateLimiter.class.getSimpleName();...} Fig. 3 : A new class called RateLimiter was created A new class called RateLimiter (Fig. 3) was introduced with a method called applyremediation (Fig. 5). At runtime, this object will be registered into RMI registry (Fig. 4) to allow Ponder2 to perform the lookup and communicate with SSFNet. public RateLimiter() { try {//export and register this objectremediationinterface stub= (RemediationInterface) UnicastRemoteObject.exportObject(this, 0); Registry registry = LocateRegistry.getRegistry(); registry.rebind(this.objname, stub); System.out.println(this.objName + " is ready"); } catch (RemoteException re) { re.printstacktrace();} } Fig. 4: RateLimiter constructor registers object in RMI registry public void applyremediation() throws RemoteException { final double newbitrate; System.out.println("Remediation \"" + this.objname + "\"" applied... RateLimit"); newbitrate= limit*fornic.bitrate();.. }= new RateLimiter(this); Fig. 5: A method applyremediation is created in RateLimiter.
6 Modification was also done to include limiter as a new parameter (Fig. 6) which was then used in our DML configuration (Fig.7). System.err.println(cfg.findSingle("limiter")); Configuration xcfg = (Configuration)cfg.findSingle("limiter"); if (xcfg!= null) createbitrate(xcfg); else bitratemanager = new RateLimiter(this); Fig. 6: Configuring nic.java (network interface card module in SSFNet). router [ id 20 interface [id 0 limiter[use eu.resumenet.mechanisms.remediation.ratelimiter] latency 0.0]...] Fig. 7: Configuring interface using limiter Currently we are working on the integration with the policy framework. We then expect to use this toolset to evaluate policy-based strategies for the remediation of DDoS attacks. IV. CONCLUSION AND FUTURE WORK In our case study, we discussed some of the issues and current remediation techniques from the operational point of view. The needs for approach that supports collaboration, refinement, learning and separation of management from underlying implementation have motivated us to explore the use of policy for remediation. By using policy in our approach, we would be able to coordinate DDoS remediation in a more dynamic and autonomic manner, hence resilience can be achieved in more efficient and comprehensive ways. This initial work on integration (SSFNet and Ponder2) would provide a good starting point for further exploration of policy for remediation. Other prospects of policy such as policy analysis, conflict resolution, refinement, evaluation, learning and negotiation can be further studied to improve many areas in our resilience strategy D 2 R 2 +DR and remediation in particular. This approach can also be applied on other testbeds and environments such as DETER [8] or other simulation platforms for the purpose of evaluation and benchmarking. V. ACKNOWLEDGEMENT The research presented in this paper is based from the short paper entitled Strategies for Network Resilience: Capitalising on Policies which is scheduled to be presented at the AIMS Conference, in Zurich in The initiative of exploring policies for Resilience is partially funded by the European Commission in the context of the Research Framework Program Seven (FP7) project ResumeNet (Grant Agreement No ). The project has also been supported by the EPSRC funded India-UK Advanced Technology Centre in Next Generation Networking. The author would also like to thank Telekom Malaysia, as a co-sponsor, for the access and support in our case study and Yayasan Khazanah as the main sponsor for the study on Techniques for Network Resilience. VII. REFERENCES [1] Paul Smith, Alberto Schaeffer-Filho, Azman Ali, Marcus Scholler, Nizar Kheir, Andreas Mauthe and David Hutchison, Strategies for Network Resilience: Capitalising on Policies, accepted, to appear in 4th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2010). [2] J.P.G. Sterbenz, D. Hutchison, E.G. Cetinkaya, A. Jabbar, J.P. Rohrer, M. Schöller, and P. Smith, Resilience and Survivability in Communication Networks: Strategies, Principles, and Survey of Disciplines, accepted, to appear in Computer Networks (COMNET), Special Issue on Resilient and Survivable Networks, Elsevier, [3] D. Hutchison, J. Sterbenz (2008), Resilinets Architecture Definition, [Online] Available at: [4] Damianou, N., et al.,the Ponder Policy Specification Language, Policies for Distributed Systems and Networks, Proceedings, 2001: p [5] Justin P. Rohrer, Abdul Jabbar, and James P.G. Sterbenz, Path Diversification: A Multipath Resilience Mechanism, Proceedings of the 7th IEEE International Workshop on the Design of Reliable Communication Networks (DRCN)(2009). [6] Autenrieth, A. and A. Kirstadter, Engineering End-to-End IP Resilience Using Resilience-differentiated QoS, IEEE Communications Magazine, (1): p [7] Trivedi, K.S., D.S. Kim, and R. Ghosh, Resilience in Computer Systems and Networks, in Proceedings of the 2009 International Conference on Computer-Aided Design, 2009, ACM: San Jose, California. p [8] Peng, T., C. Leckie, and K. Ramamohanarao, Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems, ACM Computing Surveys, (1): p. -. [9] Mirkovic, J., et al., A User-Centric Metric for Denial-of-Service Measurement, in Experimental Computer Science. 2007, USENIX Association: San Diego. p [10] ResumeNet Website, (2009) [Online]. Available at: [11] Intersection Project Website, (2007) [Online]. Available at: [12] ANA Project :[Online], Available at: [13] Ajay Mahimkar, Jasraj Dange, Vitaly Shmatikov, Harrick Vin, Yin Zhang dfence: Transparent Network-based Denial of Service Mitigation, USENIX Symposium on Networked Systems Design & Implementation (2007), p [14] Thing, V.L.L., M. Sloman, and N. Dulay, Adaptive Response System for Distributed Denial-of-Service Attacks, 2009 IFIP/IEEE International Symposium on Integrated Network Management (IM 2009) Vols 1 and 2, 2009: p [15] Jelena Mirkovic, Max Robinson, Peter Reiher, George Oikonomou, Distributed Defense Against DDoS Attacks, University of Delaware CIS Department Technical Report CIS-TR , [16] Diadem Project Website (2005), Documentation and Publication, [Online]. Available at : [17] Team CYMRU (2009).[Online]. Available at: [18] Taghrid Samak, Ehab Al-Shaer, Hong Li, QoS Policy Modeling and Conflict Analysis, policy, pp.19-26, 2008 IEEE Workshop on Policies for Distributed Systems and Networks, 2008 [19] Domenico Corapi, Oliver Ray, Alessandra Russo, Arosha Bandara, and Emil Lupu, Learning Rules from User Behavior, Artificial Intelligence Applications and Innovations III /2009 p [20] Arosha K Bandara, Emil Lupu, Jonathan Moffett, Alessandra Russo, A Goal-based Approach to Policy Refinement, in Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks. 2004, IEEE Computer Society. p [21] A. Bandara, E. Lupu, A. Russo, Policy Refinement for DiffServ Quality Of Service Management, Integrated Network Management, IFIP/IEEE International Symposium (2005) p [22] SSFNET Website (2002). [Online]. Available at: [23] Ponder2 Website at Imperial Policy Group [Online]. Available at: [24] Prolexic Network Protection Service. [Online]. Available at:
IU-ATC Network Security and Resilience Monitoring (Theme 4)
IU-ATC Network Security and Resilience Monitoring (Theme 4) Policy-driven Resilience Simulator Alberto Schaeffer-Filho, Paul Smith and Andreas Mauthe Lancaster University India-UK Centre of Excellence
More informationNetwork Security: Network Flooding. Seungwon Shin GSIS, KAIST
Network Security: Network Flooding Seungwon Shin GSIS, KAIST Detecting Network Flooding Attacks SYN-cookies Proxy based CAPCHA Ingress/Egress filtering Some examples SYN-cookies Background In a TCP 3-way
More informationpacket retransmitting based on dynamic route table technology, as shown in fig. 2 and 3.
Implementation of an Emulation Environment for Large Scale Network Security Experiments Cui Yimin, Liu Li, Jin Qi, Kuang Xiaohui National Key Laboratory of Science and Technology on Information System
More informationNetwork Resilience & DDoS attacks
Network Resilience & DDoS attacks Paul Smith School of Computing and Communications Lancaster University p.smith@comp.lancs.ac.uk The ResiliNets Group @ Lancaster http://www.comp.lancs.ac.uk/resilience
More informationNetwork Resilience. From Concepts to Experimentation. FIRE Research Workshop - May 16 th 2011
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Resilience From Concepts to Experimentation FIRE Research Workshop - May 16 th 2011 Georg Carle, TU
More informationService Level AgreementMonitoring for Resilience in Computer Networks
Service Level AgreementMonitoring for Resilience in Computer Networks Noor-ul-hassan Shirazi, Alberto Schaeffer-Filho and David Hutchison School of Computing and Communications InfoLab21, Lancaster University
More informationTowards Autonomic DDoS Mitigation using Software Defined Networking
Towards Autonomic DDoS Mitigation using Software Defined Networking Authors: Rishikesh Sahay, Gregory Blanc, Zonghua Zhang, Hervé Debar NDSS Workshop on Security of Emerging Networking Technologies (SENT
More informationDoS: Attack and Defense
DoS: Attack and Defense Vincent Tai Sayantan Sengupta COEN 233 Term Project Prof. M. Wang 1 Table of Contents 1. Introduction 4 1.1. Objective 1.2. Problem 1.3. Relation to the class 1.4. Other approaches
More informationHOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest
More informationDDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR
Journal homepage: www.mjret.in DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR Maharudra V. Phalke, Atul D. Khude,Ganesh T. Bodkhe, Sudam A. Chole Information Technology, PVPIT Bhavdhan Pune,India maharudra90@gmail.com,
More informationAvailability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013
the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered
More informationService Description DDoS Mitigation Service
Service Description DDoS Mitigation Service Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: info@interoute.com Contents Contents 1 Introduction...3 2 An Overview...3
More informationDDoS Overview and Incident Response Guide. July 2014
DDoS Overview and Incident Response Guide July 2014 Contents 1. Target Audience... 2 2. Introduction... 2 3. The Growing DDoS Problem... 2 4. DDoS Attack Categories... 4 5. DDoS Mitigation... 5 1 1. Target
More informationIndex Terms Denial-of-Service Attack, Intrusion Prevention System, Internet Service Provider. Fig.1.Single IPS System
Detection of DDoS Attack Using Virtual Security N.Hanusuyakrish, D.Kapil, P.Manimekala, M.Prakash Abstract Distributed Denial-of-Service attack (DDoS attack) is a machine which makes the network resource
More informationA TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS
ICTACT JOURNAL ON COMMUNICATION TECHNOLOGY, JUNE 2010, ISSUE: 02 A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS S.Seetha 1 and P.Raviraj 2 Department of
More informationdfence: Transparent Network-based Denial of Service Mitigation
dfence: Transparent Network-based Denial of Service Mitigation Ajay Mahimkar, Jasraj Dange, Vitaly Shmatikov, Harrick Vin, Yin Zhang Department of Computer Sciences, The University of Texas USENIX NSDI
More informationDISTRIBUTED DENIAL OF SERVICE OBSERVATIONS
: DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationDesign and Experiments of small DDoS Defense System using Traffic Deflecting in Autonomous System
Design and Experiments of small DDoS Defense System using Traffic Deflecting in Autonomous System Ho-Seok Kang and Sung-Ryul Kim Konkuk University Seoul, Republic of Korea hsriver@gmail.com and kimsr@konkuk.ac.kr
More informationA Novel Distributed Denial of Service (DDoS) Attacks Discriminating Detection in Flash Crowds
International Journal of Research Studies in Science, Engineering and Technology Volume 1, Issue 9, December 2014, PP 139-143 ISSN 2349-4751 (Print) & ISSN 2349-476X (Online) A Novel Distributed Denial
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationDisaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs
Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs As a head of the campus network department in the Deanship of Information Technology at King Abdulaziz University for more
More informationRadware s Attack Mitigation Solution On-line Business Protection
Radware s Attack Mitigation Solution On-line Business Protection Table of Contents Attack Mitigation Layers of Defense... 3 Network-Based DDoS Protections... 3 Application Based DoS/DDoS Protection...
More informationStop DDoS Attacks in Minutes
PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)
More informationAdaptive Response System for Distributed Denial-of-Service Attacks
1 Adaptive Response System for Distributed Denial-of-Service Attacks Vrizlynn L. L. Thing, Morris Sloman and Naranker Dulay vriz@i2r.a-star.edu.sg, mss@doc.ic.ac.uk and nd@doc.ic.ac.uk Institute for Infocomm
More informationWorkshop on Infrastructure Security and Operational Challenges of Service Provider Networks
Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks Farnam Jahanian University of Michigan and Arbor Networks IFIP Working Group 10.4 June 29-30, 2006 What s the
More informationSecuring data centres: How we are positioned as your ISP provider to prevent online attacks.
Securing data centres: How we are positioned as your ISP provider to prevent online attacks. Executive Summary In today s technologically-demanding world, an organisation that experiences any internet
More informationHow Cisco IT Protects Against Distributed Denial of Service Attacks
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
More informationA Senior Design Project on Network Security
A Senior Design Project on Network Security by Yu Cai and Howard Qi Michigan Technological University 1400 Townsend Dr. Houghton, Michigan 49931 cai@mtu.edu Abstract Distributed denial-of-service (DDoS)
More informationA Novel Packet Marketing Method in DDoS Attack Detection
SCI-PUBLICATIONS Author Manuscript American Journal of Applied Sciences 4 (10): 741-745, 2007 ISSN 1546-9239 2007 Science Publications A Novel Packet Marketing Method in DDoS Attack Detection 1 Changhyun
More informationComplete Protection against Evolving DDoS Threats
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
More informationTackling Congestion to Address Distributed Denial of Service: A Push-Forward Mechanism
Tackling Congestion to Address Distributed Denial of Service: A Push-Forward Mechanism Srinivasan Krishnamoorthy and Partha Dasgupta Computer Science and Engineering Department Arizona State University
More informationPreventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System
Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System Shams Fathima M.Tech,Department of Computer Science Kakatiya Institute of Technology & Science, Warangal,India
More informationFour Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers
Four Considerations for Addressing the DDoS Risk for Carrier and Cloud Hosting Providers Whitepaper SHARE THIS WHITEPAPER Table of Contents The Rising Threat of Cyber-Attack Downtime...3 Four Key Considerations
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationShould the IETF do anything about DDoS attacks? Mark Handley
Should the IETF do anything about DDoS attacks? Mark Handley The Problem The Internet architecture was designed to delivery packets to the destination efficiently. Even if the destination does not want
More informationDenial of Service Attacks and Resilient Overlay Networks
Denial of Service Attacks and Resilient Overlay Networks Angelos D. Keromytis Network Security Lab Computer Science Department, Columbia University Motivation: Network Service Availability Motivation:
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationMPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper
MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper 2006-20011 EarthLink Business Page 1 EXECUTIVE SUMMARY Multiprotocol Label Switching (MPLS), once the sole domain of major corporations
More informationNETWORK ISSUES: COSTS & OPTIONS
VIDEO CONFERENCING NETWORK ISSUES: COSTS & OPTIONS Prepared By: S. Ann Earon, Ph.D., President Telemanagement Resources International Inc. Sponsored by Vidyo By:S.AnnEaron,Ph.D. Introduction Successful
More informationDistributed Denial of Service protection
Distributed Denial of Service protection The cost in terms of lost business caused by a successful DDoS attacks can be significant. Our solution recognises when a DDoS attack is happening and identifies
More informationSafeguards Against Denial of Service Attacks for IP Phones
W H I T E P A P E R Denial of Service (DoS) attacks on computers and infrastructure communications systems have been reported for a number of years, but the accelerated deployment of Voice over IP (VoIP)
More informationWHITEPAPER MPLS: Key Factors to Consider When Selecting Your MPLS Provider
WHITEPAPER MPLS: Key Factors to Consider When Selecting Your MPLS Provider INTRODUCTION Multiprotocol Label Switching (MPLS), once the sole domain of major corporations and telecom carriers, has gone mainstream
More information2. Design. 2.1 Secure Overlay Services (SOS) IJCSNS International Journal of Computer Science and Network Security, VOL.7 No.
IJCSNS International Journal of Computer Science and Network Security, VOL.7 No.7, July 2007 167 Design and Development of Proactive Models for Mitigating Denial-of-Service and Distributed Denial-of-Service
More informationWhite paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.
TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...
More information2006-1607: SENIOR DESIGN PROJECT: DDOS ATTACK, DETECTION AND DEFENSE SIMULATION
2006-1607: SENIOR DESIGN PROJECT: DDOS ATTACK, DETECTION AND DEFENSE SIMULATION Yu Cai, Michigan Technological University Dr. Yu Cai is an assistant professor at School of Technology in Michigan Technological
More informationDDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT
DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad
More informationTesting Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES
Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 Network Virtualization Overview... 1 Network Virtualization Key Requirements to be validated...
More informationA Link Load Balancing Solution for Multi-Homed Networks
A Link Load Balancing Solution for Multi-Homed Networks Overview An increasing number of enterprises are using the Internet for delivering mission-critical content and applications. By maintaining only
More informationKaspersky DDoS Prevention
Kaspersky DDoS Prevention The rapid development of the online services industry and remote customer service systems forces entrepreneurs to consider how they can protect and ensure access to their resources.
More informationNETWORK TO NETWORK INTERFACE PLAN
AT&T will provide interconnect points at both the Network Security Operations Center (NSOC) and the Sam Houston Building (SHB), the prescribed DIR locations via AT&T s VPN (AVPN) service. The standards-based
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationProtect your network: planning for (DDoS), Distributed Denial of Service attacks
Protect your network: planning for (DDoS), Distributed Denial of Service attacks Nov 19, 2015 2015 CenturyLink. All Rights Reserved. The CenturyLink mark, pathways logo and certain CenturyLink product
More informationSurvey on DDoS Attack in Cloud Environment
Available online at www.ijiere.com International Journal of Innovative and Emerging Research in Engineering e-issn: 2394-3343 p-issn: 2394-5494 Survey on DDoS in Cloud Environment Kirtesh Agrawal and Nikita
More informationBusiness Case for a DDoS Consolidated Solution
Business Case for a DDoS Consolidated Solution Executive Summary Distributed denial-of-service (DDoS) attacks are becoming more serious and sophisticated. Attack motivations are increasingly financial
More informationIntroduction. The Inherent Unpredictability of IP Networks # $# #
Introduction " $ % & ' The Inherent Unpredictability of IP Networks A major reason that IP became the de facto worldwide standard for data communications networks is its automated resiliency based on intelligent
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationFederal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks
Threat Paper Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks Federal Computer Incident Response Center 7 th and D Streets S.W. Room 5060 Washington,
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationAn Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks
2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks Reyhaneh
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More informationTDC s perspective on DDoS threats
TDC s perspective on DDoS threats DDoS Dagen Stockholm March 2013 Lars Højberg, Technical Security Manager, TDC TDC in Sweden TDC in the Nordics 9 300 employees (2012) Turnover: 26,1 billion DKK (2012)
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More information2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer
2012 Infrastructure Security Report 8th Annual Edition Kleber Carriello Consulting Engineer Key Findings in the Survey* Advanced Persistent Threats (APT) a top concern for service providers and enterprises
More informationSHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper
SHARE THIS WHITEPAPER On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper Table of Contents Overview... 3 Current Attacks Landscape: DDoS is Becoming Mainstream... 3 Attackers Launch
More informationThe Reverse Firewall: Defeating DDOS Attacks Emanating from a Local Area Network
Pioneering Technologies for a Better Internet Cs3, Inc. 5777 W. Century Blvd. Suite 1185 Los Angeles, CA 90045-5600 Phone: 310-337-3013 Fax: 310-337-3012 Email: info@cs3-inc.com The Reverse Firewall: Defeating
More informationMPLS: Key Factors to Consider When Selecting Your MPLS Provider
White paper MPLS: Key Factors to Consider When Selecting Your MPLS Provider New Edge Networks June 2008 New Edge Networks 3000 Columbia House Blvd. Vancouver, WA 98661 360-693-9009 1-866-636-EDGE www.newedgenetworks.com
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationDer Weg, wie die Verantwortung getragen werden kann!
Managed Security Services Der Weg, wie die Verantwortung getragen werden kann! Christoph Altherr System Engineer Security 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Agenda Enterprise
More informationCisco IOS Flexible NetFlow Technology
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
More informationRSVP- A Fault Tolerant Mechanism in MPLS Networks
RSVP- A Fault Tolerant Mechanism in MPLS Networks S.Ravi Kumar, M.Tech(NN) Assistant Professor Gokul Institute of Technology And Sciences Piridi, Bobbili, Vizianagaram, Andhrapradesh. Abstract: The data
More informationVALIDATING DDoS THREAT PROTECTION
VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationFirst Line of Defense to Protect Critical Infrastructure
RFI SUBMISSION First Line of Defense to Protect Critical Infrastructure Developing a Framework to Improve Critical Infrastructure Cybersecurity Response to NIST Docket # 130208119-3119-01 Document # 2013-044B
More informationThe Advantages of a Firewall Over an Interafer
FIREWALLS VIEWPOINT 02/2006 31 MARCH 2006 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation to the Centre for the Protection
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationQuality Certificate for Kaspersky DDoS Prevention Software
Quality Certificate for Kaspersky DDoS Prevention Software Quality Certificate for Kaspersky DDoS Prevention Software Table of Contents Definitions 3 1. Conditions of software operability 4 2. General
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationSURE 5 Zone DDoS PROTECTION SERVICE
SURE 5 Zone DDoS PROTECTION SERVICE Sure 5 Zone DDoS Protection ( the Service ) provides a solution to protect our customer s sites against Distributed Denial of Service (DDoS) attacks by analysing incoming
More informationDetection and Controlling of DDoS Attacks by a Collaborative Protection Network
Detection and Controlling of DDoS Attacks by a Collaborative Protection Network Anu Johnson 1, Bhuvaneswari.P 2 PG Scholar, Dept. of C.S.E, Anna University, Hindusthan Institute of Technology, Coimbatore,
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationRouting & Traffic Analysis for Converged Networks. Filling the Layer 3 Gap in VoIP Management
Routing & Traffic Analysis for Converged Networks Filling the Layer 3 Gap in VoIP Management Executive Summary Voice over Internet Protocol (VoIP) is transforming corporate and consumer communications
More informationDDoS Threat Report. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter
DDoS Threat Report Insights on Finding, Fighting, and Living with DDoS Attacks v1.1 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News - 2014 DDoS Trends
More informationCHAPETR 3. DISTRIBUTED DEPLOYMENT OF DDoS DEFENSE SYSTEM
59 CHAPETR 3 DISTRIBUTED DEPLOYMENT OF DDoS DEFENSE SYSTEM 3.1. INTRODUCTION The last decade has seen many prominent DDoS attack on high profile webservers. In order to provide an effective defense against
More informationSecurityDAM On-demand, Cloud-based DDoS Mitigation
SecurityDAM On-demand, Cloud-based DDoS Mitigation Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS
More informationVoice over IP Networks: Ensuring quality through proactive link management
White Paper Voice over IP Networks: Ensuring quality through proactive link management Build Smarter Networks Table of Contents 1. Executive summary... 3 2. Overview of the problem... 3 3. Connectivity
More informationIntelligent. Data Sheet
Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business
More informationwww.prolexic.com Stop DDoS Attacks in Minutes
www.prolexic.com Stop DDoS Attacks in Minutes Prolexic gives us the strong insurance policy against DDoS attacks that we were looking for. Mark Johnson, Chief Financial Officer, RealVision You ve seen
More informationBuilding Secure Network Infrastructure For LANs
Building Secure Network Infrastructure For LANs Yeung, K., Hau; and Leung, T., Chuen Abstract This paper discusses the building of secure network infrastructure for local area networks. It first gives
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationTRUFFLE Broadband Bonding Network Appliance. A Frequently Asked Question on. Link Bonding vs. Load Balancing
TRUFFLE Broadband Bonding Network Appliance A Frequently Asked Question on Link Bonding vs. Load Balancing 5703 Oberlin Dr Suite 208 San Diego, CA 92121 P:888.842.1231 F: 858.452.1035 info@mushroomnetworks.com
More informationApplication of Netflow logs in Analysis and Detection of DDoS Attacks
International Journal of Computer and Internet Security. ISSN 0974-2247 Volume 8, Number 1 (2016), pp. 1-8 International Research Publication House http://www.irphouse.com Application of Netflow logs in
More informationData Sheet. V-Net Link 700 C Series Link Load Balancer. V-NetLink:Link Load Balancing Solution from VIAEDGE
Data Sheet V-Net Link 700 C Series Link Load Balancer V-NetLink:Link Load Balancing Solution from VIAEDGE V-NetLink : Link Load Balancer As the use of the Internet to deliver organizations applications
More informationVERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK
HANDBOOK VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK CONSIDERATIONS FOR SERVICE ADOPTION Version 1.0 July 2014 VerisignInc.com CONTENTS 1. WHAT IS A DDOS PROTECTION SERVICE? 3 2. HOW CAN VERISIGN
More informationINCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS
WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by
More informationDefending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial
Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Rocky K. C. Chang The Hong Kong Polytechnic University Presented by Scott McLaren 1 Overview DDoS overview Types of attacks
More informationCloud Security In Your Contingency Plans
Cloud Security In Your Contingency Plans Jerry Lock Security Sales Lead, Greater China Contingency Plans Avoid data theft and downtime by extending the security perimeter outside the data-center and protect
More information