Preparing for your next cyber attack

Distributed Denial of Service (DDoS) attacks continue to dominate the news headlines, and they're not going to stop any time soon.  I recently searched Google for "DDoS attacks" and found some interesting activity including a recent attack on the "dark web" marketplace Silk Road (kids, don't try this website at home), an attack on Go Daddy sites in Europe, and a DirtJumper attack on an unnamed financial institution.  I also found the following video from some of our own F5 experts that shows a pretty cool live capture of a DDoS attack.

 

Cool video showing DDoS attack

 

Now you can see why it's tough (or impossible) to access a server that's being bombarded with DDoS traffic!  DDoS attacks (or cyber attacks in general) are all around us and are here to stay.  So, what does an organization do about it?  Is it all fear and no redemption?

Alas, at F5, we've developed some cutting-edge solutions that will defend against these pestilential cyber attacks.  I know everybody claims to have the next best thing for cyber defense, but I'm telling you...these F5 solutions are as good as it gets!

The BIG-IP Advanced Firewall Manager (AFM) is a high-performance, stateful, full-proxy network firewall that is designed to guard an organization's data center against incoming threats that enter the network on the most widely deployed protocols—including HTTP/S, SMTP, DNS, and FTP.  Further, the BIG-IP Application Security Manager (ASM) protects an organization's critical applications with an agile, certified web application firewall and comprehensive, policy-based web application security.

Now for the fun, user-interactive, choose-your-own-ending part:  Let's say an organization was really smart and they employed both an AFM and an ASM to protect their network.  They could decide to load both the AFM and the ASM on one piece of hardware, or they could choose to load them on separate pieces of hardware.  A benefit of loading on the same hardware is the cost savings of less hardware, but a problem with this implementation is that they would lose all defense capabilities if anything happened to that one piece of hardware.  So, some would say that loading the AFM and ASM on one box is the way to go, while others would claim that using separate hardware is better. 

What do you think?  Let's share our lessons learned and get some dialogue going!!

Published May 07, 2013
Version 1.0
ddos
security
us

Was this article helpful?

No CommentsBe the first to comment