DDoS Protection System DPS

DDoS Protection Solution#Terabit Security LLC, 2016

2015 © Terabit Security - All rights reserved

https://www.facebook.com/terabitsec


https://plus.google.com/+TerabitsecurityDPS


https://twitter.com/terabitsecurity


https://www.linkedin.com/company/terabit-security


2015 © Terabit Security, All rights reserved

AGENDA

About DDoS

Terabit Security DPS

Technical Specialty

Contact UsRequest a Demo

https://terabitsecurity.com/










About DDoS











ABOUT DDoS












SOME FIGURES ABOUT DDoS












IMPACT OF DDoS ATTACKS ON YOUR BUSINESS

TheftAttacks are becoming more advanced and now

include stolen funds, customer data, and

intellectual property

Productivity lossWhen critical network system are shut down,

your workforce’s productivity comes to a halt

Revenue lossDowntime affects your bottom-line. The average

costs of downtime is $5,600/minute, or over

$300K/hour

Reputation DamageYour band suffers if customers can't access your

site or became casualties of data breach











Even with a large staff of IT

professionals it is almost impossible

for companies to handle a serious

DDoS attack and recover their

services on their own

Kaspersky LabE.Vigovsky, head of DDoS protection


PROFESSIONALS SAYS ABOUT DDoS

Hackers' improving and evolving

techniques are especially obvious

when it comes to distributed-denial-

of-service attacks.

DDos is on a trend that is only

going to continue

Businesses are facing a number of

threats in today's economy. When a

DDoS attack or DNS failure hits a

website or network, companies are

losing significant revenue and

employee productivity, and are likely

seeing decreasing customer

satisfaction and loyalty

Arbor NetworksMatt Moynahan, president

VerisignBen Petro, senior VC











Terabit Security DPS











TERABIT SECURITY DPS

Terabit DPS is solution for the detection of

DDoS attacks and their subsequent

treatment. Terabit DPS will help to ensure

maximum availability of your network and

eliminate any disruptions caused by DoS /

DDoS attacks












WHY DPS

Fast DeploymentDisparately fast deployment of DDoS protection system – 10 minutes to start

ClusteringClustering option for performance and redundancy. Sflow capture – up to 10Tbps (1Tbps per server), traffic mirroring – up to 6.4Tbps (40Gbps per server)

Premium SupportAll support inquiries are answered by experienced engineers. Terabit DPS Proffesional Support with SLA 24×5, 24×7, 24×365

Advanced WEB GUIWeb application offers single-point DPS management, network monitoring and reporting of data received from Collector, Explorer and Filters deployed within the network

Affordable DDoS ProtectionThe most cost-effective on-premise DDoSmitigation solution on the market! Annual subscriptions include free support and upgrades.

Traffic Visualization ToolVisualization of traffic Upstream / Donwstream in bps and pps for whole network or dedicated host

Short response timeImmediate detection of DoS/DDoS attack in 1-2 seconds

Low hardware requirementsUp to 10GE with 12 Mpps on E5-1650V3 with Intel NIC 82599 10GE











Primary uplink

CustomersBorder router

Access switch

Backup uplink

DPS Server

BGP, BGP Flowspec

NetFlow/IPFIXsFlow, Port mirror


HOW DPS WORKS

Supported border routersExtreme X460/X670

Juniper EX, MX seriesCisco ASR-series












HOW DPS WORKS

Traffic CapturingNetFlow v5, v9IPFIXsFlow v4 (dev branch only), v5Port mirror/SPAN capture with PF_RING (with ZC/DNA mode), SnabbSwitch, NETMAP and PCAP

DDoS MitigationComplete BGP Flowspec support, RFC 5575Can process incoming and outgoing trafficCan trigger block script if certain IP loads network with a large amount of packets/bytes/flows per secondThresholds could be configured in per subnet basis withhostgroups featureCould announce blocked IPs to BGP router with ExaBGPGoBGP integration for unicast IPv4 announces












OUR SOLUTIONS

DPS SOFTWARE APPLIENCE DPS VIRTUAL APPLIENCE DPS HARDWARE APPLIENCE

GET FULL FUNCTIONALITY OF DPS

Install DPS on your own serverProtection up to 400GbpsMost popular OS supported

GET SAFETY WITHIN 15 MINUTES

Restore image to your hypervisorProtection up to 400GbpsMost popular hypervisors supported

GET ENTERPRISE LEVEL SOLUTION

Guaranteed SLAProtection up to 6.4TbpsAdvanced support included












PROFESSIONAL SUPPORT

Basic Intermediate Advanced8×5 support service | 20 cases per year 12×7 support service | unlimited cases per year 24×7 support service | unlimited cases per year

Provides an engaged response for

small companies with a limited number of cases

Provides professional support for

non-critical systems based on 12x7 schedule

Provides an enterprise level 24x7

support for critical systems with unlimited number of cases












OUR CUSTOMERS

1000+ customers20+ countriesTerabits of protected traffic

* Includes community versionWhat people say about us



https://terabitsecurity.com/company/our-customers/

https://terabitsecurity.com/company/our-customers/









Technical Specialty











DDoS MITIGATION HOW IT WORKS W/O FLOWSPEC

o Еаsy of implementation and uses well

understood constructs

o Requires high degree of co-ordination

between customer and provider

o Cumbersome to scale in a large network

perimeter

o Mis-configuration possible and expansive

Destination Remotely Triggered Black Hole (D/RTBH)












o RFC 5635 circa 2009

o Requires pre-configuration of discard route

and uRPF on all edge routers

o Victim`s destination address is still useable

o Only works for single (or small number)

source

Source Remotely Triggered Black Hole (S/RTBH)

DDoS MITIGATION HOW IT WORKS W/O FLOWSPEC












WHY BGP FLOWSPEC

FlowSpec Leverages the BGP Control-plane to simplify the distribution of ACL's, greatly improving operations.

• Inject new filter/firewall rules to all routers at the same time without changing router config

• Reuse existing BGP operational knowledge and best practices• Control policy propagation via BGP communities

Improve response time to mitigate DDOS attacks

Same Automation as RTBH

Route validation is performed for eBGP sessions.

RFC5575BGP Flowspec












BGP FLOWSPEC SPECIFICATION

Flowspec is very useful feature against today’sDDOS.Rule was too long, so forwarding router could notapply filter as the result not only DDOS but alsonormal traffic down.This is defined in RFC 5575 . Specific informationabout the flow can now be distributed using a BGPNLRI.AFI/SAFI = 1/133: Unicast Traffic FilteringApplicationsAFI/SAFI = 1/134 : VPN traffic filtering applications.

BGP Flow Specification can include the following information

Type 1 - Destination PrefixType 2 - Source PrefixType 3 - IP Protocol Type 4 - Source or Dest. PortType 5 - Destination PortType 6 - Source Port

Type 7 - ICMP TypeType 8 - ICMP CodeType 9 - TCP flagsType 10 - Packet lengthType 11 - DSCPType 12 - Fragment Encodins

Actions are defined using BGPExtended Communities

0x8006 - traffic-rate (set to 0 to drop all traffic)0x8007 - traffic-action (sampling)0x8008 - redirect to VRF (route target0x8009 - traffic-marking (DSCP value)












BGP FLOWSPEC VENDOR SUPPORT

Supported by router vendors

SR OS 9.0R1 JUNOS 7.3 ASR and CRS

Supported by DDoS protection vendors

Peakflow SP 3.5 DDoS Secure 5.14.2-0 Defense Pro

since












CONTACT US

Sales OfficeRocklin CA, USA

Development OfficeKiev, Ukraine


Sales+1 650 460 14 86

[email protected]

Terabit Security LLC

Rocklin CA, USA

SupportSupport Center

http://support.terabitsecurity.com/

[email protected]











KEEPCALM

AND

ENJOYWORK

Request a Demo


REQUEST A DEMO

RequestA Demo











https://terabitsecurity.com/demo

https://terabitsecurity.com/demo

Technology

DDoS Protection System DPS