White Papers

Minimizing Collateral Damage by Proactive Surge Protection

Overview Existing mechanisms for defending against Distributed Denial-of-Service (DDoS) attacks are generally reactive in nature. However, the onset of large-scale bandwidth-based attacks can occur suddenly, potentially knocking out substantial parts of a network before reactive defenses can respond. Even for traffic flows that are not under direct attack, significant collateral damage will result if these flows pass through links that are common to attack routes. This paper presents a Proactive-Surge-Protection (PSP) mechanism that aims to provide a broad first line of defense against DDoS attacks. Their solution aims to minimize collateral damage by providing bandwidth isolation between traffic flows. This isolation is achieved through a combination of traffic forecasting, proportional allocation of network capacity, metering and tagging of packets at the network perimeter, and preferential dropping of packets inside the network.

By downloading you agree to our Terms and Conditions. These include information regarding use of your personal data.

Publisher: Association for Computing Machinery
File Format: PDF
Date Published: May 29, 2009
Format: White Papers
Topics: Denial of Service, Network Security, Security Management

Similiar White Papers

X-Force®Threat Insight Quarterly Voice over Internet Protocol (VoIP) ? Find out what the threats and challenges are for anyone deploying VoIP

The X-Force Threat Insight Quarterly (Threat IQ) highlights the most significant threats and challenges facing security

Publisher: Internet Security Systems | Tags: homeland security, security flaws, voip

An independent report by ICSA Labs on the performance of ISS' VoIP-enabled Intrusion Prevention devices

This technical product evaluation is focused on the ISS VoIP-enabled Intrusion Prevention devices. These are built to su

Publisher: Internet Security Systems | Tags: voip

Cisco - Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks

In order to facilitate Distributed Denial of Service (DDoS), the attackers need to have several hundred to several thous

Publisher: Cisco Systems | Tags: ddos, linux

Jargon, jargon, jargon. Find out what the IT industries acronyms really mean

ISS provide you with a simple glossary of major VoIP terms. What do they really mean, when can they be used? Make yourse

Publisher: Internet Security Systems | Tags: voip

IT's New Role: Defining and Managing Risk

This article explores how a Security Risk Management (SRM) approach can protect your company from the most severe threat

Publisher: McAfee | Tags: srm

Association for Computing Machinery White Papers

Featured white papers

The Value of Location Intelligence in the Communications Industry

Pitney Bowes

Public Services are under pressure, the challenge is to do more with less. How do you improve citizen satisfaction, increase cost efficiencies and improve service delivery? The power of location intelligence is helping many local authorities...

Download now »
Best Practices for Translating Customer Satisfaction into Revenue

Citrix Online

Today's support organisations are focused on two top-level metrics: financial results and customer satisfaction. For most, it's easy to track financial performance, but customer satisfaction is akin to speaking a foreign language...

Download now »
HP print solutions and 3M

Hewlett-Packard (HP)

The objective for 3M was to optimize office printing infrastructure at 3M locations worldwide, reduce total cost and environmental footprint. Some of the business benefits acheived by switching to HP print solutions...

Download now »