Protecting Internet Cafes from DoS/DDoS

Internet cafes have grown significantly in the past decade in China as a very popular way to access the Internet. This has been especially true for young people who often spend hours a day in an Internet cafe to play interactive games, chat and socialize
online, or simply to hang out. Many Internet cafes house hundreds of PCs and most are filled with users at the peak time in the evenings. Along with the rapid growth,  competition has also heated up. Due to the ease of launching DDoS attacks, the effectiveness the attacks often achieve, and the difficulty to catch the attacker,
some competitors resort to DDoS attacks as a simple and effective way to severely slow down or completely shut down competing Internet cafes. DDoS attacks on Internet cafes have been on the rise both in frequency and in magnitude.

IntruGuard's IG2000 is deployed for its demonstrated ASIC based Gbps line-rate performance and operating stability. Virtualization is used to group Internet cafes into multiple independent channels for easier management and differentiated service levels.
Benefit: The MSSP has successfully defended against regular and increasingly heavy attacks. These successes have allowed the MSSP to demonstrate its value proposition and grow its business

Download:

On Demand DDoS Mitigation for Internet Data Centers

At the data centers with busy Web sites, ecommerce vendors, financial institutions, network administrators spend significant time and resources putting out DDoS fires. They are limited in identifying sources or causes of attacks. Many administrators react to problems instead of efficiently managing their networks.
IntruGuard’s unique DDoS mitigation appliance provides the data center administrator with a cleansing mechanism which is available on demand for an attacked customer. Such on-demand solution ensures that during normal times, the traffic flows un-interrupted and during attack, only specific traffic is passed through tighter checks.

The solution from IntruGuard provides proactive capability to stop DDoS attacks on-demand thus avoiding expensive and complex DDoS mitigation appliances. The solution provides ability to stop known and unknown, slow and fast, stealth and non-stealth attacks, a rock-steady infrastructure that is worry-free and with a high uptime and manifold availability. A solution that meets and exceeds the compliance with SoX and PCI/DSS for end customers
View the white-paper.

Download:

Denial of Service Attacks and PCI/DSS Compliance

Internet security and regulatory compliance are taking center stage with financial  systems becoming exposed to the Internet and with the growth of Ecommerce.
PCI/DSS emphasizes vulnerabilities to Denial of Service attacks and treats them as level 3 (High) severity. DoS/DDoS attacks are growing and services can easily be shut down. From regulatory point of view, besides preventing DoS/DDoS attacks immediately, it is important to maintain a history of traffic patterns and breaches for audit and reporting purpose. With IntruGuard’s IG200/2000 you not only meet the firewall configuration requirements, you also exceed the requirements related to DoS attack vulnerabilities.

Infrastructure Protection for Service Providers through Network Behavior Analysis (NBA)

Service Providers' business and operations depends on their ability to ensure bandwidth availability to their customers at all times. To this end, they need to be able to understand the traffic behavior in their network. They need to protect their network from malicious attacks and anomalous traffic that can bring down their service or clutter their network. In this white paper, we describe the constant and evolving threats that service providers face today. We analyze the limitations of the current generation network analysis and security devices and why they fail to effectively protect a service provider's key assets. We then highlight need for a new generation of network analysis and protection products, and describe their key attributes.

IntruGuard NBA Systems for Service Providers

No resource is more important to Service Providers than the bandwidth made available to customers. Bandwidth is a finite resource and as the Service Provider's business grows, better management is a key requirement. With new threats on bandwidth growing, particularly from the ever expanding and more sophisticated BotNets, bandwidth utilization is key to Service Providers. Customers expect rapid response times coupled with uninterrupted service. With growing competition it is easy for customers to switch to a different Service Provider if the expectation is not met. A rogue user or BotNet should not be able to bring down policies that prevent network congestion. Service Provides need to prioritize services and guarantee bandwidth for their delivery. Current generation network analysis tools and security devices fail to efficiently protect a service provider's key assets in a cost-effective manner. Network appliances such as firewalls, switches, routers, bandwidth management systems, intrusion prevention systems (IPS) do not have the visibility required in such cases and the ability to mitigate such threats. Many current generation Network Behavior Analysis (NBA) devices are enterprise-centric. Those which are Service Provider oriented are too complex to deploy and configure or too expensive. IntruGuard's IG2000 Network Behavior Analysis systems fill this void to provide the visibility, and security. With the ability to segregate networks, analyze network trends and protect the networks, they can help the Service Providers to identify and resolve problems quickly

Infrastructure Protection for Data Centers through Network Behavior Analysis (NBA)

Enterprise Data Centers operations staff are relied upon to ensure uptime at all times. To ensure uptime, they need to understand the traffic behavior in their network. They need to protect their network from malicious attacks and anomalous traffic that can bring down their service or clutter their network.
In this white paper, we describe the constant and evolving threats that Data Center staff face today. We analyze the limitations of the current generation network analysis and security devices and why they fail to effectively protect a data center’s key assets. We then highlight need for a new generation of network analysis and protection products, and describe their key attributes.

Ensuring uptime at Data Centers

Hosting centers, whether shared, dedicated, managed, or co-location based, all suffer from denial of service attacks. Existing solutions are too slow, too insufficient under attack, require manual intervention, and are too expensive. Solutions need to be built-for-purpose, and respond automatically within seconds without user intervention. Solutions must allow traffic segmentation for multiple independent networks.

Denial of Service Internet Scourge or "Trust" Issue

According to Visa, 10% of all its sales, over $26 billion were conducted on-line during the 2005 holiday season. While e-commerce is on the rise, so are DoS/DDoS attacks with the FBI/CSI survey ranking them as one of the top four cyber related crimes. Security concerns are eroding Internet user’ confidence and having such a chilling effect that business-to-consumer sales will grow more slowly than expected. Financial service firms have to prevent DoS/DDoS attacks to retain trust with solutions that are built-for-purpose and can respond within seconds without manual intervention.

Ensuring Availability of On-Demand Applications and Software as a Service (SAAS)

On-demand software revenues exceeded $1.4 billion in 2004 with payroll, accounting, web-conferencing and workforce management leading the growth. Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) have grown in numbers with increases in Botnets that run in the hundreds of thousands across the world. These are unsuspecting zombie machines used to launch the attack. To prevent these assaults before they shut down servers and cost business and trust, solutions must be built-for-purpose, respond in seconds, and require no manual intervention.

Ensuring Availability of Internet Gaming and Mobile Gaming Sites

With the growth of Internet and mobile connectivity, online and mobile gaming are thriving. Yet, due to their low value, high volume transactions, online sports sites are easy targets for criminal DDoS attacks. Many such sites have suffered sustained DDoS attacks that have shut down some websites for days. Technical staff work with ISPs or Web Hosts to increase bandwidth or move the website to different IP addresses. In either case, long delays and increased connectivity costs lower vendor profitability. Existing DoS/DDoS protection is inadequate given the rapid response required. Only a built-for-purpose RBIPS can respond accurately and within seconds to prevent server shutdowns.

Denial of Service Attacks and SOX Compliance

Internet security and regulatory compliance are taking center stage with financial systems becoming exposed to the Internet and with the growth of Ecommerce. SOX Act was not specifically written for  information security but there are sections in the Act that directly affect corporations exposed to the Internet. DoS/DDoS attacks are growing and services can easily be shut down. From regulatory point
of view, besides preventing DoS/DDoS attacks immediately, it is important to maintain a history of traffic patterns and breaches for audit and reporting purpose

Denial of Service Attacks and Social Networking Infrastructure

Social networking sites have millions of users. They are easy target for DDoS due to rivalry among social networks or competing social networking sites. This case studies discusses Yonja.com and how they averted serious DDoS threats using IntruGuard's DDoS mitigation equipment.