Compare cert salaries and plan your next career move
DevilWAH wrote: » if you have mutiply links in and run some BGP routing protocol you can redirect set policys to only allow known good traffic down one link and other routing policies to mitigate attacks.
Eildor wrote: » Could you please elaborate on that a little bit further? Not quite sure what you mean.
networker050184 wrote: » Yep pretty much. Look into Remote Triggered Black Hole RTBH.
DevilWAH wrote: » If all the DDOS traffic is coming in to a single IP address on the network (say my DNS servers). with BGP I can alter the advertised routes so that all traffic to your DNS servers comes on via Link A and all other traffic uses LINK B. These leaves link B to deal with outgoing, and other business critical traffic, and dedicated the enter link A to deal with the DDoS traffic.
docrice wrote: » Unfortunately DDoS isn't all that simple to deal with even if you're a large entity. DDoS comes in many forms and flooding is only one of them. If you have a 10 Gig pipe to your provider and you get flooded with 50 Gigs per second, you're still not going to be able to handle that. There are also slow-and-under-the-cover type of attacks that work more at the app layer. Once your firewalls, IPS sensors, and other inline devices get pushed to overload, things just don't work so well. There's a reason why players like Verisign, Prolexic, and Neustar are in business. I looked into this issue a while back and unless you're able to live with noticeable downtime (not really practical for customer-facing online presences with significant branding / marketing concerns), this is something businesses have to be worried about. There are also other players like Akamai but they're more about leveraging their CDN infrastructure. If you don't mind hosting your content outside of your perimeter and in a place like Cloudflare, then that's another option. I also saw a bunch of other small players scattered around that provide DDoS mitigation services, but they seemed very low-end. You could also buy equipment from the likes of Arbor and others, but those aren't cheap either. The bigger mitigation providers use a combination of these commercial solutions as well as their own proprietary secret sauce and leverage geographically-diverse cleaning centers to handle significant (hundreds of Gigs) bandwidth. But as I said, they come with a hefty price tag.
Eildor wrote: » It's not going to make a difference if the attack is greater than the bandwidth you have though, is it? The DNS server is going to go down. Might as well just complete the DDoS attack and shut it down yourself?
docrice wrote: » The question then becomes how do you identify what's an attack and what's not? What if your customer base comes from just about everywhere?
docrice wrote: » On the other hand, if your network is only involved in select communication with specific partners that are well-known beforehand, it gets much easier (unless spoofable protocols like UDP and ICMP are involved).
Eildor wrote: » But DDoS mitigation providers have that same problem, right?
DevilWAH wrote: » Nope, even if the attack is greater than the link then say 1 in 500 packets is legit, logic say some will get through to the DNS server, even is the link is dropping 90% of traffic. setting on the DNS server and inbond link can prevent he DNS server crashing, so while you DNS service might be slow and require retries you can prevent a total fail.
DevilWAH wrote: » Yes but they have the computing resources and the technical expertise to analyse the traffic quickly and apply rules to mitigate it. They work by assuming that they might be paid to protect 500 companies, but only one or two will be under attack at any one time. So in simple terms they might have data center full of DNS servers that they place in front of your company when you get hit by an attack. So they spread the DoDS attack over say 5000 DNS servers to insure that you services are still avalible while they analyse the attack and write rules to black the indivual machines carrying it out. then apply these rules and move the DNS service back to your own devices.
Eildor wrote: » I don't know... I recall reading about a $10,000 per month contract for DDoS mitigation... for that price you could hire a group of people to analyse your traffic for you and work with the ISP to mitigate attacks. Out of curiosity, how much does a 100 Gbps internet connection cost?
Eildor wrote: » Out of curiosity, how much does a 100 Gbps internet connection cost?
Eildor wrote: » Security sounds a lot more interesting than routing and switching.
DevilWAH wrote: » I am saying you devide you traffic in to site in to known good services (VPN to remote branches for example) and unknown (if its a DNS DoS attack all DNS traffic) you then insure the known good traffic always gets though, and deal with the DoS traffic as a separate issue. This way while you may lose part of your services, (in this case the DNS). your other business services continue to run as normal. So yes the DoS traffic in this case is still coming in to your origination over the link, but it is only affecting a single service and not saturating the link and causing other outages. This then gives you some breathing space to analyse the DoS attack, either mitigating it to a 3rd party, or in house. As I said if I see all the traffc coming from "china" I can make my company drop of the internet as far as china is concerned. If they don't have a route across the internet to me then they can send me traffic and can't saturate my links. OK I lose all of china but this is better than the entire world. Maybe then I would then request a rate limit put on to DNS traffic from China, and advertise my self to them again. Now the wide world has a normal service and China has a reduced service. mitigating and sorting out a DoS attack is not a one stop quick fix
DevilWAH wrote: » Security, its just routing and switching on steroids is true the same logic is true for all of networking (and computing) with switching you read the mac address and make a choice what to do with it. Routing you do the same with the IP address. Security you just use a lot more thing to class the traffic and have lots more choices of what to do with it. In myview good security is a progression from switching and routing, it is not a separate field.
Eildor wrote: » I'd love to learn more about security, but I think I'll leave a lot of it until I have some real world experience. I graduate this year, and I doubt I'd be doing much security wherever I get a job until I have some experience under my belt. I wouldn't give a newbie a security job
DevilWAH wrote: » Just make sure when you get a job to sit near the security guy and show an interest. It should not take years to get in to the area you want, showing willingness to learn and an interest in a subject, is can be surprising how quickly you can end up doing the things you enjoy.
Eildor wrote: » That's if I can get a job. I don't see a great deal of positions for graduates without experience in networking related jobs. Even the low paying NOC jobs with 12 hour shifts want experience
nerdydad wrote: » I found that they ask for experience, but there seems to be a shortage of networking people. Apply for the positions and knock their socks off in the interview.
Compare salaries for top cybersecurity certifications. Free download for TechExams community.
