One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1921911 |
| Date de publication | 2020-09-17 05:01:00 (vue: 2020-09-17 05:05:48) |
| Titre | What is DDoS mitigation and how does it work? |
| Texte | This blog was written by a third party author. Distributed denial of service (DDoS) attacks are a favorite method for attackers to disrupt or debilitate firewalls, online services, and websites by overwhelming systems with malicious traffic or transaction requests. DDoS attackers accomplish this by coordinating an army of compromised machines, or 'bots', into a network of devices they control from a remote location that focus a stream of activity toward a single target. These botnets may be used to perpetrate DDoS with a range of malicious techniques including: Saturating bandwidth with massive volumes of traffic, Filling up system resources with half-open connection requests Crashing web application servers with voluminous requests for random information What is DDoS mitigation? DDoS mitigation is the practice of blocking and absorbing malicious spikes in network traffic and application usage caused by DDoS attacks, while allowing legitimate traffic to flow unimpeded. DDoS mitigation strategies and technologies are meant to counteract the business risks posed by the full range of DDoS attack methods that may be employed against an organization. They are foremost designed to preserve the availability of resources that attackers seek to disrupt. But DDoS mitigation is also meant to expedite the amount of time it takes to respond to DDoS, which is frequently used by the bad guys as a diversionary tactic to carry out other kinds of attacks, such as exfiltration, elsewhere on the network. Techniques and strategies for DDoS mitigation There are several crucial strategies and techniques that typically contribute to DDoS mitigation's ability reduce the impact of these attacks. The foundation of DDoS mitigation certainly rests in building up robust infrastructure. Keeping resilience and redundancy top-of-mind through the following are all crucial first steps for DDoS mitigation: Strengthening bandwidth capabilities Securely segmenting networks and data centers Establishing mirroring and failover Configuring applications and protocols for resiliency Bolstering availability and performance through resources like content delivery networks (CDNs) However, beefier architecture and CDN services alone are no match for modern DDoS attacks, which require more layers of protection for effective DDoS mitigation. Security researchers are increasingly running into massive DDoS attack volumes over 500 Gps and even over 1 TBps and intensely long attacks that can last over days and even weeks. What's more, attackers are increasing the cadence of attacks and the diversity of protocols and system types they target with their DDoS attempts. Without some means of detecting and blocking malicious DDoS traffic, the most resilient system resources—even those backed by CDN services--can still easily be exhausted by modern DDoS techniques, leaving none left to fulfil legitimate connections and activity requests. This is why effective DDoS mitigation requires some method for scrubbing out the bad traffic in as quickly as possible without impeding legitimate traffic, connection requests, or application transactions. Additionally, most organizations bolster their DDoS mitigation strategies through effective incident response planning. This includes developing playbooks for numerous attack scenarios and regularly stress-testing capabilities to ensure that defenses can perform as expected. What people or technologies are needed to respond to an attack? Security teams running DDoS mitigation programs usually seek out technolog |
| Envoyé | Oui |
| Condensat | make 24x7 500 ability absorb absorbing accomplish activity actual addition additionally adjust against all allowing alone also amount analysis analysts and/or anomaly appliance appliances application applications architecture are army around associated attack attackers attacks attempts author automated automatically availability backed backstopped bad bandwidth based baselines beefier before better between block blocking blog bolster bolstering botnets building business but cadence can capabilities carry caused cdn cdns centers certainly changes cloud combination completely compromise compromised conduct configuring connection connections content continue contribute control coordinating cost could counteract crashing crossing crucial data days ddos debilitate defenses deflect degrade delivery denial designed detected detecting detection detections determine developing devices difference disrupt distributed diversionary diversity does done downtime early easily edge effective elsewhere employed ensure establishing even exfiltration exhausted existing expected expedite experts extended external eye face failover favorite fill filling filtering firewalls first flow fly focus following foremost foundation frequently from fulfil full future gps guys half hardware have help helps high how however ideally impact impeding incident includes including: increasing increasingly indicators information infrastructure initial intelligence intensely iocs keep keeping kinds last latest layers lean leaving left legitimate like limits lingers location long low machines maintaining make malicious managed management many massive match may means meant method methods mind minimizing mirroring mitigation mitigation's mitigation: modern monitoring more mortem most much need needed network networks none not numerous offline online open organization organizations other out over overwhelming party people perform performance perpetrate planning playbooks polices posed possible post practice premises preserve productivity programs protection protocols provide providers quickly random range reactive recent reduce redundancy regularly remote requests require requires reroute rerouting researchers resilience resiliency resilient resource resources resources—even respond response responses rests result reviews risks robust role running saturating scenarios scrubbing securely security seek segmenting senses servers service services several significant signs single slow snowballs solution solutions some sources spikes spot staff steps strategies stream strengthening stress such system systems tactic tactics takes taking target targeting tbps team teams techniques technologies technology testing that's them then these third those threat threats through throw time tools top toward track traffic trained transaction transactions trigger tuned tuning turn turning types typically unabated unified unimpeded unmanageable unusual uptime usage used usual usually utilize volume volumes voluminous wake web websites weeks well what what's when which why will without work written |
| Tags | Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.