Radware DDoS攻击防御解决方案精品.pptVIP

* * * * What is rate based technology. Network traffic rate is measured and compared to either pre-configured or learned thresholds. Once traffic crossed the threshold mitigation starts, limiting traffic back to the threshold. The cause of the change is not identified and there is not clear separation between attack and legitimate traffic. False Positive – there is no way to identify flash crowd accessing the site. Once traffic exceeded the threshold mitigation starts. False Negative – slow scans and server based attacks can pass beneath the threshold radar without detection. There is no way to tune the threshold to this level without increasing false positive rate. False Prevention – since there is no way to distinguish between legitimate traffic and attack traffic any connection that is over the threshold will be blocked. Statistically if there is an attack there is more chance for attack traffic to pass and legitimate traffic to be blocked. * * * * Non-vulnerability threats aims to exploit weaknesses in the service application that cannot necessarily be defined as a vulnerability due to a software design flaw. Non-vulnerability threats can be typified by a sequence of “legitimate” events that are used to break authentication mechanisms, scan the application for existing vulnerabilities, usually followed by the successful exploitation of it and could be used for taking control of the server’s application operations. More sophisticated application attacks from this non-vulnerability-based type include well chosen repeated sets of legitimate application requests that misuse server CPUs and memory resources thus, creating a full or partial denial of service condition in the application. The Non-Vulnerability threats cannot be addressed by signature detection due to: The attacks are not based on vulnerabilities, therefore a vulnerability-based signature does not exist. The attack uses legitimate application transactions, therefore there is no way by looking into the