DDoS ProtectionThe 5 Commandments ofDDoS Mitigation    Confidential
DDoS – The Basics   Volume Based Attacks    • Method: Include UDP floods, ICMP floods, and other spoofed packet      flood...
DDoS – Current and Future Trends   Volume Based Attacks are getting bigger    • More and more attacks over 20Gbps   Applic...
The 5 Commandment of DDoS Mitigation Confidential
Commandment 1:Thou shall be invisible    Your users don’t need to know and don’t care    that you are under attack    Peop...
Commandment 2:Let he who is innocent step forward    Self Redemption is Key!!!    All users should be able to exonerate   ...
Commandment 3:Spare no bot but beware of those holier than thou    Block all Application Layer Bot Requests     • There is...
Commandment 4:Absorb all that is cast upon you    Take Cover! Network attacks are getting    bigger    You must be able to...
Commandment 5:To err is Human. Precise Detection is divine    Automatic & Accurate DDoS detection is    just as important ...
Stay SafeMarc GaffanCo-Founder, VP Marketing & Business-Developmentmarc@incapsula.com    Confidential
Upcoming SlideShare
Loading in …5
×

DDoS Protection: The 5 Commandments

16,126 views

Published on

When choosing DDoS protection solution that will best ensure your business’ survival in the hostile virtual jungle, you should make sure this solution adheres to the following fundamental commandments...

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
16,126
On SlideShare
0
From Embeds
0
Number of Embeds
13,882
Actions
Shares
0
Downloads
49
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

DDoS Protection: The 5 Commandments

  1. 1. DDoS ProtectionThe 5 Commandments ofDDoS Mitigation Confidential
  2. 2. DDoS – The Basics Volume Based Attacks • Method: Include UDP floods, ICMP floods, and other spoofed packet floods. • Objective: Saturate the bandwidth of the attacked site. • Magnitude: Typically measured in Bits per second. Protocol Attacks: • Method: Primarily SYN floods, but also fragmented packet attacks. • Objective: Consume web server resources or intermediate communication equipment, such as firewalls and load balancers. • Magnitude :These are usually measured in Packets per second. Application Layer Attacks • Method: Unlike protocol attacks, these are comprised of legitimate and seemingly innocent requests. • Objective: Bring the application servers down. • Magnitude: Requests per second. Confidential
  3. 3. DDoS – Current and Future Trends Volume Based Attacks are getting bigger • More and more attacks over 20Gbps Application Layer Attacks are becoming more frequent • Targeting specific website platforms • Targeting smaller websites New Attack Types • IP Range Blanket Bombing DOS Techniques • Amplification through DNS requests to an Open DNS or open “public” SNMP Confidential
  4. 4. The 5 Commandment of DDoS Mitigation Confidential
  5. 5. Commandment 1:Thou shall be invisible Your users don’t need to know and don’t care that you are under attack People Don’t like to hang around in “dangerous” places People should be allowed to enter: • Without delays • Without being sent through holding areas & splash screens • Without being served outdated cached content Confidential
  6. 6. Commandment 2:Let he who is innocent step forward Self Redemption is Key!!! All users should be able to exonerate themselves. At the very least users should be able to: Shout out (complain) Redeem themselves by completing a CAPTCHA. Confidential
  7. 7. Commandment 3:Spare no bot but beware of those holier than thou Block all Application Layer Bot Requests • There is very little head room for most sites • Even 50 excess page views/second can take down your site, or slow it down. Transparency should not come at the expense of airtight protection However, you must grant the “Internet Gods” (Google, Bing, Pingdom, etc.) access at all times Confidential
  8. 8. Commandment 4:Absorb all that is cast upon you Take Cover! Network attacks are getting bigger You must be able to take a “20Gbps +” hit standing You must have isolation capabilities to prevent others from trembling with you Confidential
  9. 9. Commandment 5:To err is Human. Precise Detection is divine Automatic & Accurate DDoS detection is just as important as effective mitigation One shouldn’t be in “DDoS Mode” unnecessarily and you can’t watch your site 24x7x365 Real-time protection activation is crucial, otherwise you’re going down Confidential
  10. 10. Stay SafeMarc GaffanCo-Founder, VP Marketing & Business-Developmentmarc@incapsula.com Confidential

×