Radware DDoS攻击防御解决方案.ppt

* * Radware solution for top threats (non-vulnerability attacks, zero-minute attacks, SSL based attacks and VoIP threats) is the APSolute Immunity with DefensePro: Radware award wining DefensePro? is a real-time Intrusion Prevention System (IPS) and DoS protection device that maintains your business continuity by protecting your application infrastructure against existing and emerging network based threats that cannot be detected by traditional IPS such as: application misuse threats, SSL attacks and VoIP service mis-use. DefensePro features full protection from vulnerability based threats thru proactive signature updates preventing the already known attacks including worms, Trojans, Bots, SSL based attacks and VoIP threats. Unlike market alternatives that rely on static signatures, DefensePro provides unique behavioral based, automatically generated real-time signatures, preventing non-vulnerability based threats and zero-minute attacks such as application misuse attacks, server brute force attacks, application and network flooding – all without blocking legitimate users traffic and with no need for human intervention. * * * * * * * * * * * * * What is rate based technology. Network traffic rate is measured and compared to either pre-configured or learned thresholds. Once traffic crossed the threshold mitigation starts, limiting traffic back to the threshold. The cause of the change is not identified and there is not clear separation between attack and legitimate traffic. False Positive – there is no way to identify flash crowd accessing the site. Once traffic exceeded the threshold mitigation starts. False Negative – slow scans and server based attacks can pass beneath the threshold radar without detection. There is no way to tune the threshold to this level without increasing false positive rate. False Prevention – since there is no way to distinguish between legitimate traffic and attack traffic any connection that is over the threshold will be blocked. St