Technology
Microfine™ Granularity
Adaptive Threshold Estimation
Virtual Identifiers
Scan Prevention
Source Tracking
Protocol Anomaly
Custom ASICs
White Papers
FAQs
Overview Presentation
DoS Articles
 

How to Add IntruGuard Appliances to Cisco Guard Set Up

Introduction

Now that Cisco Guard has declared EOL for its DDoS mitigation products, IntruGuard appliances can be placed in the existing cleaning center with negligible changes in how the center is currently organized.


The IG2000 is a state of the art DDoS mitigation appliance. It will operate at full-line rate speed which means it can filter good and bad traffic at 3 Mpps. This gives you tremendous price-performance for cleaning large volumes of traffic.


For Telco customers, the IG2000 has a fully redundant architecture that provides 99.999% system availability

In the sections below, we describe a typical configuration where Cisco Guard is not able to totally stop all the attacks.

Network Diagram

Following two diagrams show the typical Cisco Guard infrastructure required for a web host/ISP. IntruGuard IG2000 appliance has been added along side the Cisco Guard appliance. IntruGuard appliances provide additional mitigation not provided by Cisco Guard equipment.

 

Some Key Protections Provided by IntruGuard Appliances Not Provided by Cisco Guard

    1. Continuous learning and adaptive filtering to ensure that you don't have to keep changing the policies as your business gradually grows.
    2. Statistical Analysis and Anomaly Recognition filtering for zero day attacks. Using statistical Analysis, unusual number of packets or high traffic rate from spoofed and non-spoofed clients can be identified and filtered. Using Anomaly recognition, auto-learning of normal baselines for granular header parameters can be used to identify and filter malicious activities.
    3. Source Tracking. Patented Source Tracking algorithms involve associating identified attacks with non-spoofed sources (esp. from botnets).
    4. Application Level Filtering. IG2000 deep packet inspection engine provides comprehensive application-layer intelligence, allowing the engine to understand User-Agent, Cookie, Referer and Host fields besides the URLs. Any attack that involves repeated access using one of them, is immediately thwarted in hardware logic within mili-seconds.
    5. Prevention of slow, resource exhaustion attacks. IG200/2000 appliances monitor up to 1 M TCP connections and look for misbehavior and can optionally aggressively age connections that are idling without activity. Similarly if a source establishes too many concurrent connections, it can be identified automatically.
    6. Prevention of botnet HTTP attacks. To further mitigate HTTP application level attacks, IG200/2000 can enforce intelligent HTTP filtering to ensure the certain restrictions on HTTP header parameters. These can identify scripted botnet attacks that all appear similar to a trained logic.