Integrated Management of Denial-of-Service Attacks Michael H. Behringer Cisco Systems, Inc. 400, Av Roumanille, Bat 3 06410 Biot, Sophia Antipolis France [email protected] Abstract Denial-of-service attacks have become a permanent issue on service provider networks. Over the last years network operators have had to adjust their operations to cover these new attack forms. This includes the management of the routers and the network, as well as operational procedures to communicate security issues to other providers, customers and third parties. This tutorial gives an introduction on how DoS attacks affect an Internet network, and how they can be managed. It includes an overview of the threats, methods to detect and classify an attack, as well as mitigation techniques. Whilst many techniques presented can be executed directly on network devices, an efficient network management is required to scale operations to large networks and high number of attacks. This includes efficient communications methods for security incidents, as well as operational procedures to successfully mitigate the attacks. Finally, the mitigation of DoS attacks is being introduced in many service provider networks as a managed service. We will outline here management issues to this approach, and how to secure this service. 792

[IEEE 2005 9th IFIP/IEEE International Symposium on Integrated Network Management, 2005. IM 2005. - Nice, France (15-19 May 2005)] 2005 9th IFIP/IEEE International Symposium on Integrated

Download PDF Report

Upload
mh
View
214
Download
2

Embed Size (px)

Citation preview

Page 1: [IEEE 2005 9th IFIP/IEEE International Symposium on Integrated Network Management, 2005. IM 2005. - Nice, France (15-19 May 2005)] 2005 9th IFIP/IEEE International Symposium on Integrated

Integrated Management of Denial-of-Service Attacks

Michael H. Behringer Cisco Systems, Inc. 400, Av Roumanille, Bat 3 06410 Biot, Sophia Antipolis France [email protected]

Abstract Denial-of-service attacks have become a permanent issue on service provider networks. Over the last years network operators have had to adjust their operations to cover these new attack forms. This includes the management of the routers and the network, as well as operational procedures to communicate security issues to other providers, customers and third parties.

This tutorial gives an introduction on how DoS attacks affect an Internet network, and how they can be managed. It includes an overview of the threats, methods to detect and classify an attack, as well as mitigation techniques. Whilst many techniques presented can be executed directly on network devices, an efficient network management is required to scale operations to large networks and high number of attacks. This includes efficient communications methods for security incidents, as well as operational procedures to successfully mitigate the attacks.

Finally, the mitigation of DoS attacks is being introduced in many service provider networks as a managed service. We will outline here management issues to this approach, and how to secure this service.

792