DoS and DDoS Attack Prevention

Issue link:

Contents of this Issue


Page 0 of 1

Just Imagine. DoS and DDoS Attack Prevention DoS and DDoS attacks are on the rise, and they are getting more sophisticated and intense every year. OneNeck® IT Solu ons takes these poten al a acks very seriously and have numerous preventa ve measures in place to ensure the safety of our customer's data. In truth, DDoS a acks alone are an annoyance to online users and can cost a company lost business during the me they deny access to customers, but rest assured OneNeck is working diligently to mi gate the risks associated with these a acks. One Size Fits One When OneNeck helps our customers plan for poten al Denial of Service (DoS) or Distributed Denial of Service (DDoS) a acks, we do not believe that "one size fits all." Our various customers have very different needs. Some customers provide a web- based service to their clients, requiring security filtering at the web applica on layer; others provide Internet-scale products to their clients requiring high-bandwidth, low-latency connec vity to the Internet; and other customers host high-value private applica ons such as VDI or ERP, which connect to the Internet primarily for secure VPN-based access. OneNeck works with each customer to build an appropriate defense against Internet- based a acks. The Capacity to Deliver Depending on customer need, the customer-specific gateway to the Internet could be anything from a virtual firewall with 100 Mbps capacity, to a clustered hardware firewall solu on with 1 Gbps of capacity, or even a web-scale security perimeter which can filter mul ple Gbps in ASICs. For all our Internet customers, OneNeck's Internet infrastructure is designed to deliver full-speed connec vity from that customer's environment to the Internet. Each OneNeck data center with ReliaCloud® is served by 10 Gbps or more of Internet connec vity. This connec vity reliably delivers Internet traffic, large or small, to the customer's deployment, allowing the customer's security perimeter to do its job. Intelligent Internet Delivery No ma er what capacity a customer's security perimeter may support, there will be DoS a acks which are even bigger. OneNeck's Internet infrastructure must discard some of the traffic, in order to fit the remaining traffic into the service contracted by our customer. In such cases, OneNeck separates the traffic into several traffic groups, and looks for any group which may have excessive amounts of traffic. For example, during a Web Syn flood to a customer with a OneNeck 1 Gbps Internet service, there may be 2 Gbps of Web Syn packets, along with normal amounts of other types of traffic. In this case, OneNeck's router will discard as much of the Web Syn traffic as necessary, to fit the remaining traffic onto the 1 Gbps service. Other traffic types, including non-Syn web traffic, DNS, VPN tunnels, SSH/RDP etc. will be largely unaffected by the Web Syn flood.

Articles in this issue

Archives of this issue

view archives of Brochures - DoS and DDoS Attack Prevention