JUST FOR THOSE WHO CAN T TOLERATE DOWNTIME WE ARE NOT FOR EVERYONE

Transcription

1 WE ARE NOT FOR EVERYONE JUST FOR THOSE WHO CAN T TOLERATE DOWNTIME Don t let a DDoS attack bring your online business to a halt we can protect any server in any location

2 DON T GET STUCK ON THE ROAD OF SUCCESS LET THE TRAFFIC RUN ON YOUR TERMS WITH BLOCKDOS 2 DDDoS attacks have rapidly become a common place threat to doing business on the internet. With over 50, 000 distinct attacks per week, denial of service has become the most costly form of cyber-crime business face today. In response, BlockDos provides class-leading global DDoS mitigation service that protects internet operations from the debilitating service disruptions caused by DDoS attacks. Threat types we deal in TCP SYN Flood TCP ACK Flood UDP Flood Attack HTTP Flood Attack UDP Flood Attack (Trinoo) ICMP Echo Request Flood TCP SYN - ACK Reflection Flood (DRDoS) Tribe Flood Network and Tribe Flood Network 2000 DDoS Implementation is as Follows... Client will provide us domain name and IP address of their server (backend) along with SSL (if applicable). BlockDos will do a setup on their clusters and provide a Proxy IP (frontend) to the client. BlockDos will also provide a list of IPs or IP ranges to the client in order to white list them in the firewalls. Industries we serve Finnancial Institutions Banks Air Lines Government Sector Pharmaceuticals Stock Exchange E-Commerce Stores 30 Minutes IMPLEMENTATION PLAN We have multiple locations for DDoS Mitigation, which allows clients to have lowest latency and prefences as well. Depending on the size and type of the attack, locations can be changed or combined to handle large or complex attacks. Client will change the record of the domain from there DNS (or BlockDos DNS) to Blockdos Proxy IP. All the traffic will start coming to our protected proxies. Attack traffic will be filtered at the router level or at proxy level (which ever applicable). Proxy will then take the client request along with X-forwarded-for header to backend server and gives back client with the info requested. Attack or Bad traffic will be discarded or the bad IP may be sent back to router to add in temporary block list. It is recommended to block all the traffic at firewall and allow only certain IPs. Additional security will be provided if the backend IP address gets changed. Advance mitigation includes balancing the traffic between multiple IPs. Or restricting it for some specific countries only.

3 DDoS TECHNOLOGY prevent DDoS technology system Hi-Speed Border Filtering BlockDos has established peering connections with multiple core Internet Service Providers to provide multi-gigabit attack protection. Each peer is closely monitored and continously evaluated in order to deliver the fastest response time to customer's evaluated in order to deliver the fastest response time to customer's critical and latency-sensitive applications. At BlockDos border, traffic is filtered for bandwidth flood using wire-speed Access Control Lists. BlockDos also keeps tracking lists of bogon IPs and infected hosts which are also filtered at this layer. Deep Packet Inspection At this level, protocol state such as TCP three-way handshake is verified. SYN DDoS flood and other similar DDoS attack attempts that do not conform to protocol standard are also filtered out. To mitigate spoofed attacks, BlockDos uses challenge-response algorithms like TCP SYN cookie and TCP SYN Authentication to distinguish between spoofed and legi timate traffic. Adaptive Filtering BlockDos enforces both Statistical Analysis and Anomaly Recognition filtering for zero day attacks. Using tatistical Analysis, unusual number of packets or high traffic rate from zombie clients can be identified and filtered. Using Anomaly recognition, auto-learning of normal baselines for protocol and source networks flows can be used to identify and filter malicious activities. Rate-Limiting Rate-limiting will be applied to further limit exploitation of system and bandwidth resources against baseline statistic. Application Level Filtering BlockDos deep packet inspection engine provides comprehensive application-layer intelligence, allowing BlockDos to understand what applications are running on the client's network to efficiently select and deter application traffic violations. With increasing number of attacks from larger-sized clients (or zombies) using valid established connections to overwhelm the system resources, BlockDos anti-zombie system mitigates such HTTP attacks by using a challenge response authentication process to differentiate between legitimate browsers and zombie programs that access the attacked site. To further mitigate application specific level attacks - HTTP attacks, BlockDos can enforce intelligent HTTP Malformed filtering to ensure the validity of HTTP transactions, and limit the number of connections or request to specific objects. Flexible-Content Filtering BlockDos prevent DDoS Mitigation system continously monitors application traffic for unusual pattern and behavior. Using its propretary pattern recognition and analysis system, BlockDos deters morphing HTTP flood attacks by adapting flexible-content filters to counter evasive intents rapidly. EVEN BIG DATA CENTERS NEEDS HELP WITH DDoS SOME TIMES BLOCKDOS IS THERE FIRST CHOICE! cyber vandals use tools and shotdown victim websites.these online DDoS attacks can be automated so the identity of the attackers remains untraced. TCP SYN Flood Attack. 4

4 24/7/365 Professional Support BlockDos provides true 24/7/365 technical support. Ensuring client gets the best support which they deserve. A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its 6 intended users. Although the means to Geo DNS Imagine you want to serve local traffic locally. And don t want any of the international traffic coming to you. With our GEO DNS you can easily do that. You can specify different IPs for carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at WHERE FASHION IS COMFORT R entropay in association with VISA different countries. This solution has been successfully implemented for Government of Pakistan. all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on 50 Gbps+ DDoS Protection DDoS attacks have rapidly become a common place threat to doing business on the Internet. With over 50,000 distinct attacks per week, denial of service has become the most costly form of cyber-crime businesses. high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used with regards to computer networks, but is not limited to this field, for example, it is also used in reference to CPU resource management. BRAND ENERGY & INFRASTRUCTURE SERVICES beautyneeds SHOE PARLOR mens and ladies shoes 99.9% Uptime Guranteed BlockDos guarantees 99.9% Uptime SLA on Enterprise Protection Solution. No other MAZDA provider in the industry can match this uptime. Just sit back and relax because your uptime is assured. BlockDos Advantage Multiple Mitigation Locations BlockDos have over 10+ mitigation centers around the world. Thus we make sure that the client gets minimal latency and fastest speed possible. No waiting, no hassle, neither hardware nor software to buy. Just click and clean. Local DDoS Protection You may have the bandwidth to handle traffic. But do you have adequate protection against low rate attacks? Attacks which pass your firewall like a real request? Worry no more. Contact us and we can install our custom appliance at your own location which can take care of that. We do not filter based on geography or other methods that filter out large blocks of IP address space. Our proprietary techniques only block malicious IP addresses, on an IP by IP instance and on a continuous basis. This ensures, zero false positives. WE VITALIZE THE SUCCESS OF OUR CLIENTS For us our every Client is Important and Unique, and we give them Exclusive Services.

5 Karachi Office Suite , Ceaser s Tower, Shahra-e-Faisal, Karachi - Pakistan Phone: Fax: [email protected] Islamabad Office 45-D, Service Road, Sector G-10/2 Islamabad. Phone: Fax: Canada Office 1515 Britannia Road East Suite 303 Mississauga, ON, L4W 4K1 Canada. Phone: Toll Free: USA Office 4909 Covewood Court Glen Allen VA, USA. Phone: Toll Free: