Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Firewall model suggestions 2
Dear Experts, based on your experience, what are the important parameters that you will focus in defending DDoS attack when choosing Firewall model?
Many thanks!
Many thanks!
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You will need multi layer defense against DDoS attack. Push the "fight" way far beyond your premise's perimeter. Can look out for the article at the end of the post. That said for on-premise defence, below are some suggestion for takeaway.
Capability to block DDoS type of attacks
- Volumetric (high traffic surge),
- Protocol (non-conform traffic),
- Application based (data session hording)
Capability to extend robust response on attack
- Blacklist source IP addresses and block it
- Put up Tarpit response to delay or slow the attack
- Sinkhole the malicious traffic
- Receive upstream network device alert on identified anomalous or suspected traffic (carrying malice)
Capability to leverage on external security services
- Divert traffic to scrubbing centre (and allow clean traffic through)
- Receive or send to intelligence and reputation service for greater coverage on known/unknown malicious (beyond the signature)
- Employ threat analysis team that the provider has as extended arm (like security threat/security lab available)
Capability to allow customised actions
- Rule crafting and importing for specific traffic packet identification (analogous Snort rule)
- Support indicator of compromise (IOC) identification that is from the community (say OpenIOC type)
Capability for management and assurance proof
- Provide central management of the security policy settings and allow timely device vulnerability patches
- Provide secure remote admin access and support 2FA
- Provide high credential proof of handling DDoS attack (in the like of Mirai type or cloud based attack)
- Provide security evaluated or accredited status (say having FIPS 140-2 or CC EAL for appliance and secure design)
Thought this article will be of interest too
https://www.experts-exchange.com/articles/26039/Going-for-effective-DDoS-mitigation-measures.html
Capability to block DDoS type of attacks
- Volumetric (high traffic surge),
- Protocol (non-conform traffic),
- Application based (data session hording)
Capability to extend robust response on attack
- Blacklist source IP addresses and block it
- Put up Tarpit response to delay or slow the attack
- Sinkhole the malicious traffic
- Receive upstream network device alert on identified anomalous or suspected traffic (carrying malice)
Capability to leverage on external security services
- Divert traffic to scrubbing centre (and allow clean traffic through)
- Receive or send to intelligence and reputation service for greater coverage on known/unknown malicious (beyond the signature)
- Employ threat analysis team that the provider has as extended arm (like security threat/security lab available)
Capability to allow customised actions
- Rule crafting and importing for specific traffic packet identification (analogous Snort rule)
- Support indicator of compromise (IOC) identification that is from the community (say OpenIOC type)
Capability for management and assurance proof
- Provide central management of the security policy settings and allow timely device vulnerability patches
- Provide secure remote admin access and support 2FA
- Provide high credential proof of handling DDoS attack (in the like of Mirai type or cloud based attack)
- Provide security evaluated or accredited status (say having FIPS 140-2 or CC EAL for appliance and secure design)
Thought this article will be of interest too
https://www.experts-exchange.com/articles/26039/Going-for-effective-DDoS-mitigation-measures.html
What size organization?
For enterprise
The leader is PaloAlto
Also Juniper
Cisco and checkpoint have decent market share....but their technology is old
Smaller business.....fortinet....m
So depending on your size....they address DDOS in different ways
Most always it includes a threshold limit...when X volume is triggered traffic is dropped
Also a proactive defense is a key point....what type of business are you protecting....then the advice can be more pointed...and less generic
For enterprise
The leader is PaloAlto
Also Juniper
Cisco and checkpoint have decent market share....but their technology is old
Smaller business.....fortinet....m
So depending on your size....they address DDOS in different ways
Most always it includes a threshold limit...when X volume is triggered traffic is dropped
Also a proactive defense is a key point....what type of business are you protecting....then the advice can be more pointed...and less generic
We have about 300 users here and 30 servers, how about the parameters such as Concurrent connections and New connections per second?
We are thinking of Sophos and Fortinet
We are thinking of Sophos and Fortinet
Yes. Here is one example from Corero
https://www.corero.com/resources/files/datasheets/SmartWall%2520TDS%2520Network%2520Threat%2520Defense%2520Appliance%2520Datasheet.pdf
Maximum Throughput (Gbps) 10 Gbps full-duplex or 20 Gbps unidirectional (1 Gbps when deployed with 1G SFP modules)
Maximum Throughput (Packets Per Second) 30 Mpps (3 Mpps when deployed with 1G SFP modules)
MTU Performance Max PDU 9100 Line rate, 10 Gbps 30 Mpps
Jumbo Frames Yes
Typical Latency <0.5uS
Typical Inspected Latency < 60 uSec
Maximum Concurrent Sessions 16 Million
Maximum Session Setup/Teardown 1 Million/Sec
Maximum SYN Flood DoS Protection Rate Line-rate
Attack Reaction Time < 3 seconds
IP Reputation / Geolocation lookups per second 1 Million/Sec
IP Addresses Blocked/Shunned Per Second 15 Million/Sec blocked, 1 Million/Sec shunned
Maximum Number of TCP Connections/ UDP flows 16 Million
https://www.corero.com/resources/files/datasheets/SmartWall%2520TDS%2520Network%2520Threat%2520Defense%2520Appliance%2520Datasheet.pdf
Maximum Throughput (Gbps) 10 Gbps full-duplex or 20 Gbps unidirectional (1 Gbps when deployed with 1G SFP modules)
Maximum Throughput (Packets Per Second) 30 Mpps (3 Mpps when deployed with 1G SFP modules)
MTU Performance Max PDU 9100 Line rate, 10 Gbps 30 Mpps
Jumbo Frames Yes
Typical Latency <0.5uS
Typical Inspected Latency < 60 uSec
Maximum Concurrent Sessions 16 Million
Maximum Session Setup/Teardown 1 Million/Sec
Maximum SYN Flood DoS Protection Rate Line-rate
Attack Reaction Time < 3 seconds
IP Reputation / Geolocation lookups per second 1 Million/Sec
IP Addresses Blocked/Shunned Per Second 15 Million/Sec blocked, 1 Million/Sec shunned
Maximum Number of TCP Connections/ UDP flows 16 Million
I would still say PALO for that size -- but its pricey
then again you get what you pay for and has many other features....
these days security is more about Malware - BOTNETS - Ransomware - malicious code and sites
my company rarely sees DDOS anymore
pretty much limited these days to a few industries...financial...e
these guys have decent GUI also - not Cisco tho
Fortinet would be my choice for the smaller and mid size company if budget conscious
here is a report that has them at the top
https://www.itcentralstation.com/categories/firewalls
and a gartner link - from fortinet
https://www.fortinet.com/solutions/gartner-enterprise-firewalls-mq.html
then again you get what you pay for and has many other features....
these days security is more about Malware - BOTNETS - Ransomware - malicious code and sites
my company rarely sees DDOS anymore
pretty much limited these days to a few industries...financial...e
these guys have decent GUI also - not Cisco tho
Fortinet would be my choice for the smaller and mid size company if budget conscious
here is a report that has them at the top
https://www.itcentralstation.com/categories/firewalls
and a gartner link - from fortinet
https://www.fortinet.com/solutions/gartner-enterprise-firewalls-mq.html
one more
PAN was best but costly and Fortinet was more affordable
https://www.esecurityplanet.com/products/top-ngfw-vendors.html
PAN was best but costly and Fortinet was more affordable
https://www.esecurityplanet.com/products/top-ngfw-vendors.html
Can also check out forrester report (though old but relevant) on the various key DDoS providers, mainly on cloud service and on premise. Enterprise support can still consider DDoS cloud service like in your case if server publicly accessible - more worthy as the attack scale up beyond a on premise for those system.
Regardless, of interest below is info on Fortinet :
Fortinet partners with Verisign for a cloud-based DDoS offering for those customers requiring a hybrid solution. Customer references gave Fortinet positive feedback for detecting and mitigating layer 3 and layer 4 attacks, as well as for its on-premises implementation services and ongoing technical support.
One shortcoming of the standalone Fortinet DDoS solution is that it cannot inspect SSL traffic. Customers rated the firm below-average for reporting and visibility in areas ranging from the ability to customize dashboards and reports to executive level and compliance reporting.
Existing enterprise and service provider clients of Fortinet that need an on-premises DDoS solution as part of their hybrid strategy should consider Fortinet.
Regardless, of interest below is info on Fortinet :
Fortinet partners with Verisign for a cloud-based DDoS offering for those customers requiring a hybrid solution. Customer references gave Fortinet positive feedback for detecting and mitigating layer 3 and layer 4 attacks, as well as for its on-premises implementation services and ongoing technical support.
One shortcoming of the standalone Fortinet DDoS solution is that it cannot inspect SSL traffic. Customers rated the firm below-average for reporting and visibility in areas ranging from the ability to customize dashboards and reports to executive level and compliance reporting.
Existing enterprise and service provider clients of Fortinet that need an on-premises DDoS solution as part of their hybrid strategy should consider Fortinet.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial