• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
10 Best Practices for DDoS attack mitigation with IntruGuard
 

10 Best Practices for DDoS attack mitigation with IntruGuard

on

  • 4,569 views

IntruGuard has identified a set of best practices that enables organizations to keep pace with DDoS attacks while minimizing impact on business operations. This paper describes these practices.

IntruGuard has identified a set of best practices that enables organizations to keep pace with DDoS attacks while minimizing impact on business operations. This paper describes these practices.

Statistics

Views

Total Views
4,569
Views on SlideShare
4,556
Embed Views
13

Actions

Likes
1
Downloads
0
Comments
0

1 Embed 13

http://www.slideshare.net 13

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    10 Best Practices for DDoS attack mitigation with IntruGuard 10 Best Practices for DDoS attack mitigation with IntruGuard Presentation Transcript

    • Hemant Jain’s 10 Best Practices For Distributed Denial of Service (DDoS) Attack Mitigation with Intruguard
    • Best Practice 1: Centralized data Gathering
      • Centralize monitoring
        • IntruGuard appliances allow you to centrally monitor all DDoS events and traffic.
        • You can use SNMP, Cacti, MRTG to monitor traffic and attack levels and attack events.
        • You can configure Syslog to get all attack events on a centralized server as well.
      • Understand normal network traffic patterns
        • IntruGuard appliances allow you to get extremely granular visibility into your network traffic.
        • They give you a 12 month round robin view of what normal traffic looks like and incorporate this information into a correlation engine for threat detection, alerts, and reporting
    • Best Practice 2: DDoS-specific alerting, logging, & reporting
      • IntruGuard appliances give you a threshold based alerting mechanism for DDoS specific events. You can set threshold for different people to get alerts depending on the quantum of attack.
      • All these attacks are logged in a database which can be queried for Top Attacks, Top Attackers, Top Attacked Destination, etc. In addition, you can create custom queries in your custom applications/reports.
    • Best Practice 3: Use Layered Filtering
      • IntruGuard appliances filter traffic in layers as they inspect incoming packets using dynamic profiling (based on monitoring and analysis of normal behavior), anti-spoofing algorithms, and other technology to progressively filter harmful traffic upstream of the network.
    • Best Practice 4: Return legitimate traffic to the network with minimal latency
      • Even during attack, IntruGuard appliances maintain a latency under 50 micro seconds.
      • These appliances are built using application specific hardware logic and do not run on Intel or AMD CPUs.
    • Best Practice 5: Apply filters at multiple levels of the OSI stack
      • IntruGuard appliance hardware logic operates at Layer 2, 3, 4 and 7 or OSI stack. They selectively mitigate attacks at highest possible layer so that attacks are stopped at most specific layer. This reduces the false positives.
    • Best Practice 6: Rate limit traffic, as needed
      • IntruGuard appliances can rate limit traffic at multiple granular levels.
      • You can set the rate limits on concurrent connections/source, concurrent connections/destinations, packets/source/second, SYN packets/source/second, etc. There are thousands of such thresholds for rate limits.
    • Best Practice 7: Be able to change and customize filters quickly
      • IntruGuard appliances give you a command line interface that you can program quickly using your own scripts running on external servers with data from app server, database servers etc.
      • Such scripts can customized filters quickly.
    • Best Practice 8: Enhance rule sets over time
      • IntruGuard appliances give you the ability to start with a very simple rule set to begin with.
      • As time passes, you can tune these rulesets to improve DDoS mitigation.
      • In addition, the appliance learns traffic pattern, base, trend and seasonality and adjusts some of the parameters automatically as well.
    • Best Practice 9: Build In Scalability
      • IntruGuard appliances start at 100 Mbps Full Duplex for smaller networks. They can go up to 1 Gbps Full Duplex performance today.
      • You can start of 4 virtualized policies to have independent subnets protected with independent policies. You can grow up to 8 policy sets over time.
    • Best Practice 10: Build in Redundancy
      • IntruGuard appliances can be used in a active-active failover configuration to protect multiple links.
      • The higher end models have redundant hard-disk arrays and redundant power supply.
      • By using a bypass switch for failover you can ensure connectivity even during power failure.
    • For More Information
      • IntruGuard is a Leading DDoS Solution vendor. It is globally renowned for its Network Behavior Analysis equipment.
      • Contact: IntruGuard
      • [email_address]
      • +1 408 400 4222
      • www.intruguard.com