Intelligent DDoS Mitigation System-IDMS |
- Intelligent DDoS Mitigation System-IDMS
- FireCore Brings Last.FM, Web Browsing Hack to Apple TV
- After FTC settlement, LifeLock refund checks going out
- Prepare for Cyber Monday Shopping Risks
- Hacked Federal Reserve network was test-only
| Intelligent DDoS Mitigation System-IDMS Posted: 20 Nov 2010 09:45 PM PST
As e-commerce continues to proliferate and deliver profitable results, more business is being done online. The growing adoption of online retailing, Internet banking, cloud-based data storage and other commercial services represents a natural evolution of Internet use. For online businesses, however, any downtime can dramatically impact the bottom line. As a result, the growing scale and frequency of Distributed Denial of Service (DDoS) attacks are taking a toll on these businesses. While DDoS attacks may have been driven by non-economic reasons in the past, they now have monetary drivers including extortion, competitive advantage and corporate revenge. When it comes to DDoS protection, many enterprises and Internet data center (IDC) operators have a false sense of security. They think they have secured their key services against DDoS attacks simply by deploying intrusion prevention system (IPS) devices or firewalls in front of their servers. Unfortunately, such deployments can actually expose these organizations to service outages and irate customers. When business-critical services are not available, enterprises and IDC operators lose money and damage important customer relationships. What's more, when services are unavailable due to external attacks, it can be sensational and unwelcome front-page news—especially when the damages could have been easily prevented. This article examines why IPS devices and firewalls fail to stop DDoS threats. It also describes how an intelligent DDoS mitigation system (IDMS) offers an ideal solution by enabling a layered defense strategy to combat both volumetric and application-layer DDoS attacks. Why IPS Devices and Firewalls Can't Stop DDoS Attacks IPS devices, firewalls and other security products are essential elements of a layered-defense strategy, but they are designed to solve security problems that are fundamentally different from dedicated DDoS detection and mitigation products. IPS devices, for example, block break-in attempts that cause data theft. Meanwhile, a firewall acts as policy enforcer to prevent unauthorized access to data. While such security products effectively address "network integrity and confidentiality", they fail to address a fundamental concern regarding DDoS attacks—"network availability". What's more, IPS devices and firewalls are stateful, inline solutions, How to fight DDoS Attacks The ideal solution is an Intelligent DDoS Mitigation System (IDMS) that can stop both volumetric and application-layer DDoS attacks. It must also be deployable in the ISP network (in cloud) and at the enterprise or data-center edge. Key Features of an IDMS The limitations in IPS devices and firewalls reveal the key attributes required in an IDMS solution. An IDMS must be "stateless," in other words, it must not track state for all connections. As mentioned earlier, a stateful device is vulnerable to DDoS and will only add to the problem. The IDMS solution must also support various deployment configurations; most importantly, it must allow for out-of-band deployments when needed. This deployment flexibility can increase the scalability of the solution, which is a requirement as the size of DDoS attacks continues to increase. To truly address "distributed" DoS attacks, an IDMS must be a fully integrated solution that supports a distributed detection method. IPS devices leveraging single segment-based detection will miss major attacks. Moreover, an IDMS solution must not depend on signatures created after the attack has been unleashed on the targets; rather, it must support multiple attack countermeasures. Finally, the IDMS must provide comprehensive reporting and be backed by a company that is a known industry expert in Internet-based DDoS threats. The key features of IDMS are: - Stateless Summary To summarize, the security of a network depends on different elements which have their own purpose and scope. Network Firewalls and Intrusion Prevention Systems (IPS) are the cornerstone of the security of any network. They are excellent in enforcing the security policy and mitigating threats against unauthorized access, network integrity and confidentiality. However, they can not stop a Distributed Denial of Service attack. For this threat a more suitable defense mechanism is to use an Intelligent DDoS Mitigation System (IDMS) which detects those distributed attacks and takes proper action to stop them. |
| FireCore Brings Last.FM, Web Browsing Hack to Apple TV Posted: 20 Nov 2010 08:00 AM PST
|
| After FTC settlement, LifeLock refund checks going out Posted: 20 Nov 2010 08:00 AM PST
|
| Prepare for Cyber Monday Shopping Risks Posted: 19 Nov 2010 08:00 AM PST
|
| Hacked Federal Reserve network was test-only Posted: 19 Nov 2010 08:00 AM PST
|
| You are subscribed to email updates from "Cisco" via Ehsan in Google Reader To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
0 comments:
Post a Comment