Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Hemant Jain’s  10 Best Practices For Distributed  Denial of Service (DDoS) Attack Mitigation with Intruguard
Best Practice 1: Centralized data Gathering <ul><li>Centralize monitoring </li></ul><ul><ul><li>IntruGuard appliances allo...
Best Practice 2: DDoS-specific alerting, logging, & reporting  <ul><li>IntruGuard appliances give you a threshold based al...
Best Practice 3: Use Layered Filtering <ul><li>IntruGuard appliances filter traffic in layers as they inspect incoming pac...
Best Practice 4: Return legitimate traffic to the network with minimal latency  <ul><li>Even during attack, IntruGuard app...
Best Practice 5: Apply filters at multiple levels of the OSI stack <ul><li>IntruGuard appliance hardware logic operates at...
Best Practice 6: Rate limit traffic, as needed  <ul><li>IntruGuard appliances can rate limit traffic at multiple granular ...
Best Practice 7: Be able to change and customize filters quickly  <ul><li>IntruGuard appliances give you a command line in...
Best Practice 8: Enhance rule sets over time <ul><li>IntruGuard appliances give you the ability to start with a very simpl...
Best Practice 9: Build In Scalability <ul><li>IntruGuard appliances start at 100 Mbps Full Duplex for smaller networks. Th...
Best Practice 10: Build in Redundancy <ul><li>IntruGuard appliances can be used in a active-active failover configuration ...
For More Information <ul><li>IntruGuard is a Leading DDoS Solution vendor. It is globally renowned for its Network Behavio...
Upcoming SlideShare
Loading in …5
×

10 Best Practices for DDoS attack mitigation with IntruGuard

4,699 views

Published on

IntruGuard has identified a set of best practices that enables organizations to keep pace with DDoS attacks while minimizing impact on business operations. This paper describes these practices.

Published in: Technology
  • Be the first to comment

10 Best Practices for DDoS attack mitigation with IntruGuard

  1. 1. Hemant Jain’s 10 Best Practices For Distributed Denial of Service (DDoS) Attack Mitigation with Intruguard
  2. 2. Best Practice 1: Centralized data Gathering <ul><li>Centralize monitoring </li></ul><ul><ul><li>IntruGuard appliances allow you to centrally monitor all DDoS events and traffic. </li></ul></ul><ul><ul><li>You can use SNMP, Cacti, MRTG to monitor traffic and attack levels and attack events. </li></ul></ul><ul><ul><li>You can configure Syslog to get all attack events on a centralized server as well. </li></ul></ul><ul><li>Understand normal network traffic patterns </li></ul><ul><ul><li>IntruGuard appliances allow you to get extremely granular visibility into your network traffic. </li></ul></ul><ul><ul><li>They give you a 12 month round robin view of what normal traffic looks like and incorporate this information into a correlation engine for threat detection, alerts, and reporting </li></ul></ul>
  3. 3. Best Practice 2: DDoS-specific alerting, logging, & reporting <ul><li>IntruGuard appliances give you a threshold based alerting mechanism for DDoS specific events. You can set threshold for different people to get alerts depending on the quantum of attack. </li></ul><ul><li>All these attacks are logged in a database which can be queried for Top Attacks, Top Attackers, Top Attacked Destination, etc. In addition, you can create custom queries in your custom applications/reports. </li></ul>
  4. 4. Best Practice 3: Use Layered Filtering <ul><li>IntruGuard appliances filter traffic in layers as they inspect incoming packets using dynamic profiling (based on monitoring and analysis of normal behavior), anti-spoofing algorithms, and other technology to progressively filter harmful traffic upstream of the network. </li></ul>
  5. 5. Best Practice 4: Return legitimate traffic to the network with minimal latency <ul><li>Even during attack, IntruGuard appliances maintain a latency under 50 micro seconds. </li></ul><ul><li>These appliances are built using application specific hardware logic and do not run on Intel or AMD CPUs. </li></ul>
  6. 6. Best Practice 5: Apply filters at multiple levels of the OSI stack <ul><li>IntruGuard appliance hardware logic operates at Layer 2, 3, 4 and 7 or OSI stack. They selectively mitigate attacks at highest possible layer so that attacks are stopped at most specific layer. This reduces the false positives. </li></ul>
  7. 7. Best Practice 6: Rate limit traffic, as needed <ul><li>IntruGuard appliances can rate limit traffic at multiple granular levels. </li></ul><ul><li>You can set the rate limits on concurrent connections/source, concurrent connections/destinations, packets/source/second, SYN packets/source/second, etc. There are thousands of such thresholds for rate limits. </li></ul>
  8. 8. Best Practice 7: Be able to change and customize filters quickly <ul><li>IntruGuard appliances give you a command line interface that you can program quickly using your own scripts running on external servers with data from app server, database servers etc. </li></ul><ul><li>Such scripts can customized filters quickly. </li></ul>
  9. 9. Best Practice 8: Enhance rule sets over time <ul><li>IntruGuard appliances give you the ability to start with a very simple rule set to begin with. </li></ul><ul><li>As time passes, you can tune these rulesets to improve DDoS mitigation. </li></ul><ul><li>In addition, the appliance learns traffic pattern, base, trend and seasonality and adjusts some of the parameters automatically as well. </li></ul>
  10. 10. Best Practice 9: Build In Scalability <ul><li>IntruGuard appliances start at 100 Mbps Full Duplex for smaller networks. They can go up to 1 Gbps Full Duplex performance today. </li></ul><ul><li>You can start of 4 virtualized policies to have independent subnets protected with independent policies. You can grow up to 8 policy sets over time. </li></ul>
  11. 11. Best Practice 10: Build in Redundancy <ul><li>IntruGuard appliances can be used in a active-active failover configuration to protect multiple links. </li></ul><ul><li>The higher end models have redundant hard-disk arrays and redundant power supply. </li></ul><ul><li>By using a bypass switch for failover you can ensure connectivity even during power failure. </li></ul>
  12. 12. For More Information <ul><li>IntruGuard is a Leading DDoS Solution vendor. It is globally renowned for its Network Behavior Analysis equipment. </li></ul><ul><li>Contact: IntruGuard </li></ul><ul><li>[email_address] </li></ul><ul><li>+1 408 400 4222 </li></ul><ul><li>www.intruguard.com </li></ul>

×