Ddos Essay

1290 Words Jun 4th, 2012 6 Pages
Cloud Based DDoS Mitigation
If you can afford it, ensure that your Internet Service Provider gives you a clean pipe using cloud based DDoS mitigation. If you use multiple links, ensure that both links are protected.

There is always a signficant amount of residual DDoS that will flow through. That's why you need a DDoS mitigation system in your network to handle the remainder of the attack.

IntruGuard helps cloud service providers with solutions for DDoS attack mitigation as well.

If your service provider doesn't provide DDoS attack mitigation services, you must take care of your own network to avoid collateral and other damages.

Edge Router Access Control Lists
Access lists in the router can be used to block certain
…show more content…
Traffic Flow Filters in edge routers are a better alternative to black-hole routing. They cleanly separate the filtering and forwarding information. This simplifies the operation and limits the risk of configuration mistakes. Using BGP, all inter AS routing information is exchanged between service providers. MP-BGP is exclusively used to exchange VPN routing information, and many service providers use iBGP for intra AS routing updates as well. This helps the service providers to user BGP running on edge routers to exchange traffic flow filter for DDoS mitigation.

DDoS Mitigation Using DDoS Mitigation Hardware Appliances

Visibility in the network is the next important key to DDoS mitigation. The administrators need to know what services are running on their network, where the most traffic is, where the excess bandwidth is, whether there is a worm outbreak, whether there is a non-mission-critical large file download causing outage to mission-critical services, and so on. Administrators need to identify the network slowdown causes. For network planning purposes, they need to gain visibility into inventory, dependency and usage of the network. They must be able to leverage visibility into the network to improve consolidation, segmentation and disaster recovery planning projects. This will help them budget cost allocation for network resources.

This approach not only improves the performance of the physical

Related Documents