Protecting Dedicated Servers from DDOS Attacks with Arbor Peakflow SP
At the beginning of May, Hostkey together with Sinterra launched a new service to protect client servers from DDoS attacks located in a data center on Michurinsky Avenue in Moscow. For these purposes, a combination of the Arbor Peakflow SP complex, Synterra's own developments in the field of protection of carrier-class networks and the significant capacity of Synterra’s upstream is used, which allows to avoid accidents during flood.
Arbor Peakflow SP will include two functional blocks:
')
- platform for collecting and analyzing route information (Convergent Platform - CP)
- Threat Management System (TMS).
CP solves the problem of current traffic analysis, comparing actual traffic statistics with predefined traffic profiles and adaptive correction of these profiles in the working mode (“work-like training”) or by statistical processing of data arrays with traffic that was previously classified by the operator as typical ( "Learning with the teacher"). When abnormal deviations occur in the traffic structure, the CP classifies such deviations, determines the type of attack, and gives the command to process the traffic to the TMS system.
TMS, receiving a command from the CP, processes traffic in order to counter network attacks on the server.
Thus, Arbor Peakflow SP cleans up traffic by removing attack packets based on a priori information about the attacked resource, using extensive logic and complex heuristic algorithms. At the same time, the device, acting as a router, creates a path to return traffic to the network, forming a GRE tunnel to the next router on the way to the customer's resource. “Cleared” traffic over the formed GRE tunnel is returned to the Sinterra network and delivered to the customer.
An equally important factor in protecting against DDoS is the capacity of the upstream provider. In our case, Synterra has redundant speeds that are tens of times faster than DDoS attacks. At the same time, stable operation of the attacked server and the rest of the network is guaranteed.
In parallel with Arbor, other security and intrusion detection systems developed by Synterra specialists work on the network, which forms an additional security layer for the server.
Protection is set to a range of addresses with a limited speed band. Tariffing is carried out by the bank. By results of work reports on incidents are provided.
More information about the service can be found here .
Arbor Peakflow SP will include two functional blocks:
')
- platform for collecting and analyzing route information (Convergent Platform - CP)
- Threat Management System (TMS).
CP solves the problem of current traffic analysis, comparing actual traffic statistics with predefined traffic profiles and adaptive correction of these profiles in the working mode (“work-like training”) or by statistical processing of data arrays with traffic that was previously classified by the operator as typical ( "Learning with the teacher"). When abnormal deviations occur in the traffic structure, the CP classifies such deviations, determines the type of attack, and gives the command to process the traffic to the TMS system.
TMS, receiving a command from the CP, processes traffic in order to counter network attacks on the server.
Thus, Arbor Peakflow SP cleans up traffic by removing attack packets based on a priori information about the attacked resource, using extensive logic and complex heuristic algorithms. At the same time, the device, acting as a router, creates a path to return traffic to the network, forming a GRE tunnel to the next router on the way to the customer's resource. “Cleared” traffic over the formed GRE tunnel is returned to the Sinterra network and delivered to the customer.
An equally important factor in protecting against DDoS is the capacity of the upstream provider. In our case, Synterra has redundant speeds that are tens of times faster than DDoS attacks. At the same time, stable operation of the attacked server and the rest of the network is guaranteed.
In parallel with Arbor, other security and intrusion detection systems developed by Synterra specialists work on the network, which forms an additional security layer for the server.
Protection is set to a range of addresses with a limited speed band. Tariffing is carried out by the bank. By results of work reports on incidents are provided.
More information about the service can be found here .
Source: https://habr.com/ru/post/96065/
All Articles