07 - IDNOG04 - Leontinus Alpha Edison (Tokopedia) - Data Driven Innovation
08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mitigation Solution...
-
Upload
indonesia-network-operators-group -
Category
Internet
-
view
83 -
download
1
Transcript of 08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mitigation Solution...
Powered by
Firewall/IPS/IDS=>Protected
“Clean” and “Comply” Network
DDoS=>Large Volume of Traffic
Minimum Financial Impact
Misconceptions About DDoS
Powered by
CIATRIAD
Availability
Objective
Make online resources unavailable to customers and legitimated users
What is DDoS ?
Powered by
DDoS Attack Resource ImpactVolu
me
Sophisticationus-cert.gov
NETWORK
CPU, MEMORY, DISK
TCP, UDP, ICMP Floods
Network Level
Volumetric Attacks
Reflective/Amplified
DNS, NTP, SNMP, SSDP Floods
Fragmented Packet
Overlapping, Missing, Too Many
Protocol Attacks
Specially CraftedPacket
Stack, Protocol, Buffer
Application Layer(L7)
Repetitive GET, Slowloris, SlowRead
ApplicationAttacks
NETWORK,CPU, MEMORY, DISK
Powered by
Mitigation Approach
On-Premises Solutions
• 50% DDoS Attack < 10G
• DDoS Attack Durations < 30minutes
• Increasingly of Multiple Type Attack
Cloud Solutions
• Limited Internet Capacity
• Low Cost Investment
Powered by
Our Technologies
Internet
Anti-DDoS
System Manager
MANAGEMENT AND
REPORTING
Traffic Analyzer
FLOW/TRAFFIC MONITORING
Anti-DDoS System
ATTACK MITIGATION
Automatic Signaling
Protected Infrastructure
Perimeter
Security
Leg
itim
ate
d T
raffic
Malic
ious T
raff
ic
Legitimated
Traffic
Malicious
Traffic
On-Premise
DDS Protection
Leg
itim
ate
d
Tra
ffic
Clod DDoS Protection Services
FLOW/TRAFFIC
MONITORING
Leg
itim
ate
d T
raffic
Powered by
Our Services
Protected
Customer
Volumetric Attack Diversion (BGP)
INTERNET
Clean Traffic (GRE/VLAN)
Application/Protocol Attack
Diversion (BGP)
Flow Statistics/SNMP
Clean Traffic (GRE)
Scrubbing
CenterINTERNET
Powered by
On-Premises Solutions
• Protect your CUSTOMERS
• Quick and Effective Immediate
Mitigation
• Shortens Time to Redirection and
Cloud Mitigation
• Increased Visibility and Traffic
Threshold Monitoring
Powered by
Cloud Solutions
• Protect your INFRASTRUCTURE
• Quick and Easy Network Integration with
BGP
• Flexible Connectivity for Clean Traffic
Reinjection
• Low Network Latency for Effective
Mitigation
• Always-on, On-demand, Flat-rate
Powered by
Hybrid Solutions
• Protects Both Customers and
Infrastructure
• Mitigate Volumetric DDoS attacks to
low-and-slow DDoS attacks
• Avoids Latency Issues in Always-on
Cloud Models
Powered by
Anti DDoS Solutions
• Up to 100GB Regional Scrubbing Center
• Multi-Tenant/Self Service Portal
• Up to 10G On-Premise Scrubbing Center
• 24/7 Security Operation Center
• “HYBRID”/Multi Layered DDoS Mitigation