DDOS MITIGATION TECHNIQUES FOR YOUR ENTERPRISE IT NETWORK

Page 1

DDOS MITIGATION TECHNIQUES FOR YOUR ENTERPRISE IT NETWORK Document License : Public

DDoS attacks continue to be one of the most targeted attack vectors to counter. The range of attack methods is growing and diversifying as prebuilt toolkits, and even DDoS attack services, are made more readily available. Here are the few DDoS Mitigation techniques to protect your business from the wide range of DDoS attacks : TRAFFIC RATE LIMITING

AGGRESSIVE AGING

TRAFFIC SHAPING

Too many traffic can cause a server to be flooded. To control the amount of incoming and outgoing traffic to or from a network, the rate limiting is done.

When idle connections fill up the connection tables in servers, you can provide some relief to them by aggressive aging. Aggressive aging causes idle / half-open inbound and outbound connections to timeout much sooner.

Traffic shaping is used to optimize the network performance and improve latency. This practice involves delaying the flow of packets that are desribed as a less important than those of the priotarized traffic streams.

• Prevent Open connection and Slow connection attacks

• Prevent False Positives

• Prevents idle connections to fill up the connection tables in servers • Much sooner Timeout for Inbound and Outbound Connections

• Example: In a corporate environment, business-related traffic may be given priority over other traffic.

DEEP PACKET INSPECTION

ANOMALY DETECTION

BLACKLISTING / WHITELISTING

Deep packet Inspection is used to look within the application payload of a packet or traffic stream and make decisions based on the content of that payload.

Anomaly detection is used to identify the unusual traffic patterns that do not conform to expected behavior. The detection of malicious traffic also prevents against the Zero-day attacks.

Blacklisting / Whitelisting allows to block or accept the inbound or outbound traffic to prevent the flood attacks coming from multiple IP resources. While the Greylisting is done to provide a challenge to an accessing IP.

This can be enforced by setting a traffic threshold for allowing only the desired bandwidth of traffic. • Prevents Volumetric attacks, Protocol and Resource attacks • Network and Application level enforcement

• Look within the application payload of packet • Accurate detection of malicious packets

Header

• Filter legitimate/malicious incoming requests that are coming from any geographical region

• Enables quick response for the attack mitigation Content

• Ensure regulatory compliance regimes

• Accurately detects the abnormal behavior of the traffic

• Serves real-time network monitoring

• Prevent Inbound and Outbound flood attacks from the multiple IP resources

• Prevents Zero-day DDoS attacks

• Enhances the capability of ISPs to prevent the exploitation of IoT devices in DDOS attacks.

know more: www.haltdos.com/solutions

• Optimization of the network performance

|

Get in Touch: info@haltdos.com

|

IP Reputation

AI-based DDoS Mitigation and WAF by

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.