Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ddos protection

Posted on 2007-11-14
7
Medium Priority
?
1,254 Views
Last Modified: 2013-12-25
We are asked as a hosting company to provide ddos protection. Is there a per server software we can install also what reasonably priced hardware options are there? We already have an optional per port Cisco ASA firewall, but anything additional?
0
Comment
Question by:ostsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20353731
this is always a compromise for an ISP as you are damned if you do and damned if you dont.

ISA Server and similar types of application gateways provide various forms of ddos protection from half scans, dns poisoning, fragmentation, floods etc as do the majority of layer 3 boxes such as PIX. The compromise is, for example, that most vpn's use fragmenting as do routers etc where the size of the MTU has been lowered from the standard.

Was there a particular form you had in mind?

0
 

Author Comment

by:ostsupport
ID: 20354066
Not really we are just looking to help protect the network and such. The Cisco ASA firewall does not seem to have IDS or really anything to do in case of DDOS. We host 100's of dedicated servers with all different operating systems and want to ensure that number one an attacked customer does not affect the other customers and number 2 that the attacked customer themselves has a remedy.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20355859
If you're concerned about DDoS Protection, you shouldn't be using a hosting company that doesn't provide it at the perimeter level.  You definitely don't want to be having your server itself handling this task since just the act of handling the DDoS Attack would produce it's own DDoS event.

I use The Planet for all my hosting, and they provide this as part of their service: http://www.theplanet.com/why_the_planet/security/

Jeff
TechSoEasy
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 

Author Comment

by:ostsupport
ID: 20357933
We are the hosting company. We are trying to provide DDoS Protection and other netowrk security as well.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20360331
Can you give an overview of the perimeter environment?

You mention ASA (version?) but I assume with a sizeable profile like yours you must be using more than that.


0
 

Author Comment

by:ostsupport
ID: 20361593
I am not 100% sure as I am not a tech myself but i believe it goes

2811 cisco router
3550 cisco switch
Optional 5510 ASA firewall
then each rack has its own 3550 to control the bandwith allocated to each server

I believe that is correct, but if you need more i can get the info from one of the techs.
0
 

Accepted Solution

by:
ostsupport earned 0 total points
ID: 20509026
We were looking more like the below solutions

1. IntruGuard: Very cost effective. Has large userbase in Europe and US. Done using ASICs (custom hardware). Can withstand 2 Gbps throughput during worst attacks. Great reviews by analysts and users. Must look at this. Custom solution for DDoS, easy to use GUI. Google for Planeetta and MetaNet and you will find out why webhosts like the appliance. It is very easy to use. Easy to plug-in - bump-in-the-wire. Self-learning and adaptive as your business grows. Tolly Group has great things to say in their performance test for this box. Google Tolly+IntruGuard.

2. Top Layer: Has a user base. Combines IPS with DDoS. IPS is not so much essential in data center. More suited for enterprise deployment. You can cluster multiple of these boxes to get throughput. Costs becomes higher as throughput grows - obviously. Tested by Tolly Group. Google Tolly+Top Layer.

3. Riorey: DDoS solution. Appliance done in software - our current favorite

4.prolexic

Ect
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing h…
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question