<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=308252&amp;fmt=gif">

{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1100px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

What You NEED To Know About DDOS Attacks, Part 2

by John Ciarlone on February 11, 2015

DDOS protection Welcome back!  In the first half of this blog, we discussed why DDOS attacks are such a big concern, where they come from, and why traditional security measures like router-and-firewall combinations really are not sufficient to stop a major attack.

The tactics being used by attack groups are becoming more advanced, and the only real solution is to step up your own security as well.  Backup network systems at a separate location are a good idea, but they're expensive to maintain, and largely a stopgap solution.

The good news is that new defenses are being developed for DDOS protection.  Let's take a look at what the latest-generation anti-DDOS systems look like.

Short on time? Download our guide to network security and PCI compliance for  tips on how to keep your network secure

meraki security appliance New Tools To For DDOS Protection

1 - Active Intrusion Prevention Systems

IPSes are different from Intrusion Detection Systems (IDS) because the software systems are much more empowered.  At the risk of being anthropomorphic, an IPS is something like an automated security officer, patrolling your network with the ability to shut down connections or re-configure routers on its own initiative. 

They all work on similar systems of statistical anomalies.  They run for a while and compile a database of "normal" network usage, then watch for anything outside that norm.  Minor events are merely reported to the admin, while major ones get immediate action.

Modern IPS systems are highly robust, although configuring them can be a challenge.  The more empowered a "smart" software system is, the more chance it can mess things up if it's poorly-directed.  They have a tendency towards false alarms (a "better safe than sorry" attitude) and need ongoing oversight.

2 - Upstream Mitigation Gear

The other main focus in anti-DDOS systems is putting more hardware at the very edge of the network boundary, preferably as the first connection at the handoff point between you and your ISP.  This effectively establishes a new firewall, but at the border rather than near the user-access level.

These buffed-out firewalls can handle a gigabyte of data flow per second or more, with the explicit function of filtering out all improper requests before they get anywhere near your mission-critical hardware.  

At present, the combination of upstream mitigation gear, such as newer Cisco Firewalls and active IPS systems is considered the "state of the art" in most enterprise-level networking.  

3 - Enterprise Border Session Control

eSBC virtually always includes elements of both hardware and software, and as the name suggests, it's aimed towards protecting the outer edge of a network's boundary.  It's generally focused on VoIP applications and hardware, which are now becoming popular targets of attack.

eSBC can greatly reduce the chances of spoofed Session Initiation Protocol requests (which are plaintext) by insisting on end-to-end encryption.  It can also oversee VoIP traffic or limit connection streams if high demand (or malicious activity) threaten to overwhelm the network.


There's Always A Bigger Storm

In the years to come, eSBC will almost certainly become a bigger area of investment as more companies come to embrace VoIP and need to mitigate the security concerns it creates.

Finally, a small dose of realism:  Right now, the theoretical ability of botnets to overwhelm servers greatly exceeds any current defense mechanisms if someone is REALLY serious about attacking you.   The good news is that such attacks are almost solely reserved for high-level multinational targets like Sony and Microsoft.

These measures will provide reasonably reliable security for most everyday businesses against everyday attacks.

Do you need more advice in protecting yourself against attack?  Please don't hesitate to ask your questions below, or contact Hummingbird for a free security consultation!

cheap routers

Images Courtesy of: https://www.flickr.com/photos/bensonkua/2287190763/sizes/l/in/photostream/ and http://commons.wikimedia.org/wiki/File:Giovanna_Feb_14_2012_0715Z.jpg

Topics: Cisco, Wireless

Explore Our Full Cisco Line Up
cisco devices-2