The Need for Intelligent DDoS Mitigation Systems
March 8th, 2011 By: Kevin Normandeau
Distributed Denial of Service (DDoS) attacks have been creating havoc for data center operators for years. Recently, the size and frequency of these attacks has grown as attackers take advantage of botnets and other high-speed Internet access technologies to overwhelm their victim’s network infrastructure. This trend shows no signs of changing; in fact, today Gartner predicted that by 2015 a g20 nation’s critical infrastructure will be shut down by online sabotage. This white paper outines DDoS threats and mitigation solutions.
DDoS attacks are also becoming more sophisticated as they pinpoint specific applications with smaller, more targeted and stealthy attacks. This means that companies and IT service providers with Internet-facing services must now be prepared to protect themselves and their customer from two very different types of DDoS attacks: 1) “Volumetric DDoS Attacks” that strive to overwhelm network infrastructure and servers with high-bandwidth-consuming flood attacks; and 2) “Application-Layer DDoS Attacks” that attempt to target specific well-known applications such as Hypertext Transfer Protocol (HTTP), domain name system (DNS) or Voice over Internet Protocol (VoIP).
There is no doubt that firewalls and IPS devices play a significant role in network and data-center security, but they have not been designed to stop DDoS attacks. In fact, firewalls and IPS devices are vulnerable to some specific types of DDoS attacks and have been the actual targets in some cases. When the in-line deployment model used by firewall and IPS products do fail, the impact to the services and customer data they are trying to protect is severe.
This white paper from Arbor Networks explains the types of DDoS attacks, and how to evaluate the financial impact of these threats. It also provides an overview of how their Peakflow solutions can be used to detect and mitigate common application-layer DDoS attacks. Click here to download this white paper.