DOSarrest Security Services (DSS) Version 4.0

DOSarrest Security Services (DSS) Version 4.0 DOSarrest DSS User Guide The DSS is the main customer portal where customers can view and manipulate traffic statistics from a wide variety of variables that are available in real-time. This is also where customers can view, create and modify their configuration(s) as well as create tickets, user accounts and view the in house knowledge base. Should you require any assistance, we are always here to help. Need a hand? UK Free Phone 0800 086 8812 CA/US Toll Free 1.888.818.1344 Singapore Toll Free 1.800.101.1796 24/7 Email support support@dosarrest.com

Table of Contents 1) DSS at A Glance... 2 2) Getting Started... 3 Important Terms... 3 Logging In... 3 Retrieving your Password... 4 Changing & Verifying your Admin email... 4 Updating Your Timezone... 4 3) The Basics... 4 Changing your Password... 4 Adding a Graph to the Dashboard... 4 Submitting a Ticket... 5 Viewing a Ticket... 5 Uploading an SSL Certificate... 6 4) Dashboard... 6 Default Dashboard... 6 Dashboard Settings... 6 Removing Graphs from the Dashboard... 6 5) Dashboard Graphs... 6 Blocked Events... 6 Bandwidth & Connections... 7 FAQ: Connections Graph & Events... 8 Top Country... 8 Bird s Eye, Top URLs, and Top Referers... 9 Visitor ISP and WAF Events... 10 Status Codes & Connection States... 11 Cache Statuses... 12 6) Configuration... 13 Uploading an SSL Certificate... 13 Add and Edit URI... 14 Purge Cache... 14 Adding a Domain... 15 Removing A Domain... 15 Adding an Origin... 15 7) Tickets... 16 Submitting a New Ticket... 16 Email Notifications... 17 Viewing a Ticket... 17 Updating Ticket Status... 17 Responding to an Open Ticket... 17 Closing a Ticket... 17 Adding and Removing Participants... 17 8) Knowledge Base... 18 9) Sub-accounts... 18 How to add a sub-account... 18 How to add access & permissions to subaccount... 18 How to change password / email / timezone for sub-account... 18 10) Attacks... 19 1 www.dosarrest.com

1 DSS at a Glance 1. Event Logs: WAF and web log reporting 2. Origins: Add origins, load balancing options, configure CNAMES, and add virtual webservers. 3. Configurations: Upload SSL certificates, create URIs, add security features, enable caching, and purge cache. 4. Accounts: Add user/sub accounts and permissions. 5. Graphs: 13 graphs total, 9 graphs displayed by default: 1. Blocked Events 6. Bird's Eye 11. Status Codes 2. Bandwidth 7. Top URLs 12. Connection States 3. Connections 8. Top Referers 13. Cache statuses 4. Events 9. Visitor ISP 5. Top Country 10. WAF Events (Only if you have WAF enabled) 6. Settings: Edits your password, email, and timezone 7. Logout 2 www.dosarrest.com

2 Getting Started IMPORTANT TERMS VIP: Virtual IP This is the assigned IP from DOSarrest service that your visitors will see. Origin IP: This is your server s IP. Also known as the Upstream IP. DSS: DOSarrest Security Services. This is the name of the customer portal. CV (Client Validation): A security tool to test if visitors are real users. URIs/URI System: Uniform Resource Identifier A specific location on the website. For example: / is example.org, /blogs is example.org/blogs, and etc. Origin Pool: The list of servers you control that we pass clean traffic to. LOGGING IN Primary account login 1. Go to http://dss.dosarrest.com 2. Enter your Username and Password. 3. Click Sign in. Sub-account login 1. Go to http://dss.dosarrest.com 2. Click on underneath Username. 3. Enter Sub-account Username in the Username field, Primary account name on the Customer Name Field, and password. 4. Click Sign in. 3 www.dosarrest.com

RETRIEVING YOUR PASSWORD Click on the on the login form. You can also send an email directly to our 24/7 support team at support@dosarrest.com to have your password reset. CHANGING and VERIFYING YOUR ADMIN EMAIL To verify and change your admin email, go to the Settings tab on the top right hand corner. Edit the fields as desired and click Save. If you re logging into the DSS for the first time you should consider changing the password for security. UPDATING YOUR TIMEZONE Go to the Settings tab click on the dropdown menu on Timezone and select from your desired time zone. Once completed, click Save 3 The Basics CHANGING YOUR PASSWORD Go to the Settings tab and enter your new password in the Password field. Enter it again in the Confirm Password field and click Save. ADDING A GRAPH TO THE DASHBOARD Go to click on the dropdown menu GRAPHS: Here you can select from 13 graphs. Default Setting: Displays 9 graphs: Blocked Events, Bandwidth, Connections, Events, Top Country, Bird's Eye, Top URLs, Top Referers, and Visitor ISP 4 www.dosarrest.com

SUBMITTING A TICKET Go to, click on Open New Ticket. Use the dropdown menus to define your ticket s Type, Priority level, Subject and Description. Add attachments if you have them, and click Save. VIEWING A TICKET Go to. This screen will be filtered by default All. You can filter the tickets accordingly from the dropdown menus, Status (All, New, Open, Closed, and Resolved), Priority (All, Low, Medium, High, and Emergency) and Type (All, Problem, Question, Feature). Click on the ticket you want to read. Click on to expand and view the conversation. UPLOADING AN SSL CERTIFICATE SSL upload is accessed by going to, select your VIP. Checkmark HTTPS under the General tab beside Protocols The SSL upload window will appear once the HTTPS box is checked. Here you can upload or copy and paste your SSL cert and key in the field box. If your file is in PEM or P12/PFX format, click on you can choose from the PEM or P12/PFX tab and upload the SSL certificate and SSL security key files as directed. Enter your SSL password twice and click Upload. Click on to verify the cert and keys match. If it is a successful match you will receive the following message Save once done. There will be a red bar on the top of the browser, click on it to commit the changes, and you ll receive an email confirmation/notification once the update has been applied and is active. You can also have our 24/7 support team upload the SSL certificate. Send an email to our 24/7 support team at support@dosarrest.com and you ll receive a response within 10-15 minutes. 5 www.dosarrest.com

4 Dashboard The dashboard and reporting tools can be customized for anyone who seeks a high level of control over their data and how it is displayed. DEFAULT DASHBOARD When you first log into the DSS, the Dashboard will be the default tab. By default there will be nine graphs disaplayed: Blocked Events, Bandwidth, Connections, Events, Top Country, Bird's Eye, Top URLs, Top Referers, and Visitor ISP. DASHBOARD SETTINGS You can configure how your dashboard functions by selecting the VIP on the top left corner, Locations, Timescale Picker, Auto-Refresh, and Graphs on the dropdown menus. REMOVING GRAPHS FROM THE DASHBOARD To remove a graph from the dashboard, while viewing the dashboard, unselect/check from the Graphs dropdown menu. 5 Dashboard Graphs BLOCKED EVENTS 6 www.dosarrest.com

BANDWIDTH CONNECTIONS 7 www.dosarrest.com

FAQ: Connections Graph Why are my VIP connections so high and my origin connections so low? It is important to understand that there is no association between VIP and origin connections. To understand this you need to know four important points: The numbers in the graph are sampled connections, meaning we count them every second. Any connections that begin and finish between samples are not counted. VIP and Origin connections can be either HTTP 1.0 or 1.1, depending on the configuration. By default HTTP 1.0 and 1.1 are used on the VIP-visitor side, while typically only HTTP 1.0 is used on the Origin side (though this can be enabled if needed). HTTP 1.1 connections are typically much longer-lasting, and therefore pretty much always get counted. HTTP 1.0 connections very often time-out and therefore will not be sampled within the 1 second timeframe. This is to say that VIP connections are almost always higher than origin connections and that it does not necessarily mean that there is an attack. This information should be used to note trends in your total connections rather than comparing the information between the two graphs. EVENTS TOP COUNTRY 8 www.dosarrest.com

BIRD S EYE TOP URLs TOP REFERERS 9 www.dosarrest.com

VISITOR ISP WAF EVENTS (Data available only if you have WAF enabled) 10 www.dosarrest.com

STATUS CODES Displays the HTTP status code from the web server. Common examples: Good 200 OK Web page is served without issue. 301 or 302 SEO redirects which seamlessly direct customers to new locations of pages. Bad 404 Requesting a page which does not exist. 461 Unsupported transport. CONNECTION STATES When transferring information across the Internet the connection will go through multiple transmission control protocol (TCP) states. This graph displays the TCP state a connection is in between an end user and the origin IP or VIP. SYN SENT - (client) initiates communication with server. SYN RECV (server) follows SYN SENT (handshake). ESTABLISHED (server and client) handshake is complete and servers are able to exchange information. 11 www.dosarrest.com

FIN WAIT 1 (server and client) represents waiting for an acknowledgment of the connection termination request previously sent. FIN WAIT 2 (server and client) waiting for a connection termination request from the remote client. CLOSE WAIT (server and client) when a server has finished sending information <waiting <waiting for a connection termination request from the local user> CLOSING (server and client) waiting for a connection termination request acknowledgement from the remote TCP. LAST ACK (server and client) session is open but no data is being transferred. Waiting for acknowledgement of the connection termination request. CLOSED response sent to a CloseWait state, which terminates the connection. No connection state at all. TIMEWAIT (server or client) connection was not cleanly closed. The connection will automatically close after a timeout period. CACHE STATUSES Displays the caching server s response to a visitor s request: Hit: the information was requested before the stale date. The content was cached and not stale and so was provided to the visitor without referring to the origin server. Miss: the content was not cached, and therefore the request was referred back to the origin server. This information will be cached and so will respond as a hit the next time it is requested. Expired: the content was cached but has since become stale so the request was referred back to the origin server. This information will be cached and respond as a hit the next time. Not Cached: the content was marked as private and not cacheable. These requests are referred back to the origin server. 12 www.dosarrest.com

6 Configuration IMPORTANT NOTE When you make any changes in Configuration, they do NOT take effect immediately, even when you click Save or Submit. DOSarrest s support team quickly does a review to ensure the changes won t negatively impact your service or level of protection, and then the changes are applied. You will be notified once they changes are live, or if there are any issues you need to be aware of, usually within 5 minutes. UPLOADING AN SSL CERTIFICATE Go to, select the VIP you want to update the SSL certificate for in the list. Checkmark HTTPS under the General tab beside Protocols The SSL upload window will appear once the HTTPS box is checked. Here you can upload or copy and paste your SSL cert and key in the field box. If your file is in PEM format, click make sure the PEM Format tab is selected and upload the SSL certificate and SSL security key files as directed. Enter your SSL password twice and click Upload. Alternately, you can copy and paste the text from the file into the text field. In all cases, the new information saved will overwrite the old information. If your file is in P12 or PFX format make sure the P12/PFX Format tab is selected and upload the SSL certificate file. Enter your SSL password twice and click Upload. Alternately, you can copy and paste the text from the SSL certificate file into the text field. In all cases, the new information saved will overwrite the old information, however nothing will be permanently altered until the support team reviews the change and applies it (usually within 10 minutes). 13 www.dosarrest.com

This performs a mathematical verification of the certificate / key pair to ensure they match correctly. If there is an error you will be notified of a mismatch and will not be able to continue. If there are no errors then you will be given a success message. Press Save once done. There will be a red bar on the top of the browser, click on it to commit the changes, and you ll receive an email confirmation/notification once the update has been applied and is active. You can also have our 24/7 support team upload the SSL certificate. Send an email to our 24/7 support team at support@dosarrest.com and you ll receive a response within 10-15 minutes. ADD AND EDIT URI Go to, select the VIP you want to add a URI to. Click a window will appear (image below). Enter the URI and choose from the desired dropdown menus. Check Cache Enabled to customize caching. To edit the URI, click on the URI from the list. You ll be redirected to a page with Click Save once completed., select the tab accordingly to what you need. PURGE CACHE Go to, select the URI you want to purge cache. Click, a window will appear to re-confirm you want to Purge Cache as this operation is irreversible and all cached elements will be permanently deleted. Click to confirm, once it reaches 100% it is completed. 14 www.dosarrest.com

ADDING A DOMAIN Go to, select the VIP then click on the tab. Press a window will appear for you to input the name of the domain you wish to add, select whether it uses HTTP, HTTPS or both. Once completed press Save If you selected HTTPS then at this point you ll need to upload the SSL certificate. See Uploading an SSL Certificate for detailed instructions. If you don t, your HTTPS won t function correctly. A red bar on the top will appear for you to commit the change. You will receive an email notification once the update has been applied. REMOVING A DOMAIN Go to Configuration, select the VIP then click on the Domains tab and select the domain you wish to remove from the list. Click the Delete button and Yes to confirm. ADDING AN ORIGIN Go to and click on. New Origin popup window will appear, fill in the Origin IP, Port (80 or 443), and Protocol (HTTP or HTTPS). 15 www.dosarrest.com

7 Tickets We pride ourselves on having the most responsive and knowledgeable support team in the business. Our security engineers answer every phone call or respond to every request within 10 minutes, and usually much faster. 24/7/365. No matter what. Support tickets are viewed immediately and responded to with the same urgency as a phone call. You are encouraged to use the ticketing system as it is the most effective method of tracking ticket history and also provides security engineers with the background information they need to quickly understand and resolve issues. SUBMITTING A NEW TICKET Go to Tickets and click on the Open New Ticket button. All of the fields in the form are required. Select Type In the dropdown menu choose whether your ticket is about a Problem, Question or Feature. Select Priority Use the dropdown menu to choose whether your ticket is Low, Medium, High or Emergency (only select this if your site is currently down). Summary Summarize what your ticket is about. Description Describe what your ticket is about in as much detail as possible. Add an attachment Upload screen shots or other relevant files by clicking the Add Attachment button and browsing for the file. Click Save to complete the submission. You will receive this message once the ticket is successfully submitted 16 www.dosarrest.com

EMAIL NOTIFICATIONS When a support ticket is opened via the DSS panel an email with the ticket details will be sent to all participants. Also, when an update to a ticket is made via the DSS an email will get sent to the participants. Customer can reply to the email and it will be automatically processed by the DSS and the customer s response will be added to the ticket. These emails will come from the email address support@dosarrest.com. Please white-list this email addresses so that your email server doesn t block email addresses from it. VIEWING A TICKET Go to Tickets. This screen will be set by default to ALL on the menus. You can choose to filter the drop-down menus by Status (new, open, closed, and resolved), Priority (emergency, high, medium, and low) and Type (problem, question, and feature). Click on the ticket you want to read. You can click the + to expand and view each portion of the conversation. UPDATING TICKET STATUS Go to Tickets, click on the ticket you want to update. Choose the dropdown menu (Status, Type, or Priority) you want to update your ticket with, select the new status. A bar will appear below for you to click Update Ticket Status RESPONDING TO AN OPEN TICKET Go to Tickets and click on a ticket you want to response to. Click on the Add Comment button. Fill out the form and click send. This will send an email to all participants (your own account as well as support). Support reviews all emails immediately. CLOSING A TICKET Go to Tickets, click on the ticket you want to close. Click on the Status dropdown menu and choose Closed or Resolved to close the ticket. A bar will appear below for you to click Update Ticket Status, click on it to close your ticket. ADDING AND REMOVING PARTICIPANTS Go to Tickets, click on the ticket you want to close. Click on the Participants tab beside the Communications tab. Press Add Participant then add the Email and click Save. To remove a participant, click Delete and press Yes to confirm removal. 17 www.dosarrest.com

8 Knowledge Base The knowledge base is an in house section which contains information regarding DOSarrests services with a number of helpful tips and tricks and troubleshooting information. It is organized is categories or subjects, clicking on the category. will expand all the articles in that 9 Sub-accounts Here you can create sub-accounts for staff members or clients. You can customize their access and permissions for VIPs from view only to being able to make updates on the account. HOW TO ADD A SUB-ACCOUNT Go to Accounts then click Add Account, fill in all the fields and click Save. HOW TO ADD ACCESS AND PERMISSIONS TO SUB-ACCOUNT Go to Accounts then click on the account you want to add access to. Click on the Modules tab, here you can grant access to Configuration and Tickets to the subaccount user. Click on the VIPs tab, click on Add VIP then select the VIP from the dropdown menu. Select their permissions to View, Update, and Remove for the VIP. Click Save once done. HOW TO CHANGE PASSWORD/EMAIL/TIMEZONE FOR SUB-ACCOUNT Go to Accounts then click on the account you want to change the password, email, or timeline. You ll be brought to the Generals tab by default; here you can change the password, email, and timezone. Click Save when the changes are made. 18 www.dosarrest.com

10 Attacks Due to the nature of DDoS attacks and the myriad of ways they can be launched, there is no one way for determining when there is an attack. However, as a general rule, customers can review VIP versus Origin Bandwidth and/or Connections against each other, where a sudden increase on the VIP side can be seen as an attack, and the efficacy of the DOSarrest solution determined by how much of that sudden increase is seen at origin. 19 www.dosarrest.com