Technical reads
Technical readss from Comtest
Verifying Resilience to DDoS Attacks
717 717
Distributed Denial of Service (DDoS) attacks can target any application or service that is reachable from the internet. Web servers, DNS servers, routers, session border controllers, and many other services are constantly subject to attack. Identifying and mitigating these attacks is done using on-premises solutions, cloud-based solutions, or a hybrid solution combing both.
DDoS mitigation is not static. With the power, sophistication, and frequency of DDoS attacks rising, DDoS mitigation must continually evolve in order to protect against the latest attack scenarios. But how can you be sure you are protected? Waiting for an attack to happen to test your resilience is a risky proposition. NETSCOUT's SpectraSecure offers a solution to help eliminate that risk.
The NETSCOUT Solution for DDoS Mitigation Testing
SpectraSecure tests DDoS resilience in a controlled manner using configurable threat vectors that can mimic the malicious traffic launched by botnets. SpectraSecure uses test-botnets to simulate real-world attack scenarios in a customer’s controlled environment.
Using SpectraSecure, the resilience of any potential target can be validated, including networks, applications, and services. Test attacks launched by SpectraSecure appear massively distributed, even when the test-botnet consists of a small number of Virtual Machines. A single test using a volumetric attack vector may appear to originate from millions of unique endpoints.
War Games
Although traditional lab testing is essential, it cannot assess the organisational readiness required for holistic DDoS attack mitigation. Conducting war games is one of the best ways to verify that the teams, tools, and processes will all be on the same page when an attack occurs.
Blacklist Verification
Maintaining a blacklist of source addresses can present a challenge. Use SpectraSecure in the lab to verify the target can handle high volume DDoS attacks from blacklisted sources. In a production network, SpectraSecure can launch low-bandwidth attacks to verify that blacklisted packets are handled properly.
Deep Packet Inspection Testing
Solutions that use Deep Packet Inspection (DPI) to identify attacks require test traffic with specific content at the application layer. Using SpectraSecure, simulated attacks can contain a mix of traditional attack vectors and packets that contain application-specific content to trigger DPI-based filters.
Notification Testing
Identifying and mitigating DDoS attacks often involves automatic notification of staff and external systems. Use SpectraSecure to verify these critical steps are occurring as required.
Multi-Vector and Custom Attacks
Use SpectraSecure to stay ahead of threat actors by verifying resilience to multi-vector attacks and custom attack scenarios. SpectraSecure's built-in attack vectors can be modified and combined together to create unique scenarios that exercise all aspects of a mitigation system.
TEST SCENARIOS
Testing in the Lab
Lab testing provides a controlled environment to verify DDoS resilience of applications
and standalone mitigation systems. Use SpectraSecure’s web-based interface to create new attack scenarios and launch them using a high-performance server or one or more VMs to emulate botnets.
Automated Testing and DevOps
Make DDoS resilience testing part of the normal test cycle by integrating SpectraSecure into DevOps test process. SpectraSecure’s REST API makes it a natural fit for automated