Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
en:security [2019/08/30 16:52]
Thomas Lukaseder
en:security [2019/08/30 17:13] (current)
Thomas Lukaseder [Concept of the DDoS Mitigation Setup]
Line 22: Line 22:
 {{:​en:​environment.png?​nolink&​400 |}} {{:​en:​environment.png?​nolink&​400 |}}
  
-The system we are looking into is a network-based mitigation system set up within the network infrastructure. Potential targets in the network infrastructure are known by the defenders but are neither in contact with nor controlled by neither the DDoS mitigation administrators nor the mitigation service. The figure shows a simplified, schematic view of the environment in which the mitigation system is set up. In red, the mitigation system itself is shown, while the gray parts represent the parts of the network infrastructure that are directly connected to the mitigation system. On the left side, the data aggregation based on information from the core routers of the network is shown. The Baden-Württemberg Extended Lan (BelWü) — among other parts — contains several core routers connected to other ISPs (e.g. the Swiss research network SWITCH) and Internet Exchange Points (IXPs, e. g. DE-CIX in Frankfurt) as peering partners. We are collaborating here with the bwNetFlow project, which is another research project financed by the state of Baden-Württemberg and focuses on the realization of an interface between the core routers to collect flow information,​ establish an automated processing platform, and detect anomalies. The project exports the NetFlow data of the core routers, aggregates the data, enriches the data with additional information and provides the data to subscribers. On the right, the mitigation system close to the servers we want to defend — the attack target T — is shown. SDN capable switches in front of the targets provide the necessary flexibility to realize an effective mitigation. An SDN controller controls the switch and can forward attack traffic to the observer for analysis or drop traffic identified as attack traffic. A CAPTCHA server can be used to white list legitimate clients during an attack.+The system we are looking into is a network-based mitigation system set up within the network infrastructure. Potential targets in the network infrastructure are known by the defenders but are neither in contact with nor controlled by neither the DDoS mitigation administrators nor the mitigation service. The figure shows a simplified, schematic view of the environment in which the mitigation system is set up. In red, the mitigation system itself is shown, while the gray parts represent the parts of the network infrastructure that are directly connected to the mitigation system. On the left side, the data aggregation based on information from the core routers of the network is shown. The Baden-Württemberg Extended Lan (BelWü) — among other parts — contains several core routers connected to other ISPs (e.g. the Swiss research network SWITCH) and Internet Exchange Points (IXPs, e. g. DE-CIX in Frankfurt) as peering partners. We are collaborating here with the [[https://​www.alwr-bw.de/​kooperationen/​bwnetflow/​|bwNetFlow]]  ​project, which is another research project financed by the state of Baden-Württemberg and focuses on the realization of an interface between the core routers to collect flow information,​ establish an automated processing platform, and detect anomalies. The project exports the NetFlow data of the core routers, aggregates the data, enriches the data with additional information and provides the data to subscribers. On the right, the mitigation system close to the servers we want to defend — the attack target T — is shown. SDN capable switches in front of the targets provide the necessary flexibility to realize an effective mitigation. An SDN controller controls the switch and can forward attack traffic to the observer for analysis or drop traffic identified as attack traffic. A CAPTCHA server can be used to white list legitimate clients during an attack.
  
 ==== Prototype Setup ==== ==== Prototype Setup ====
en/security.txt · Last modified: 2019/08/30 17:13 by Thomas Lukaseder