Peaches Posted February 3, 2011 Report Share Posted February 3, 2011 Bad firewall practice helps DDoS attacksFirewalls and IPS put in wrong place on networksJohn E Dunn During 2010, nearly half of all respondents had experienced a failure of their firewall or IPS due to DDoS, something that could have been avoided in many cases using better router security configuration. "They [firewalls] should not be placed in front of servers. Folks do it because they have been programmed to do it," says Arbor's solutions architect, Roland Dobbins. In many cases, these devices became immediate bottlenecks in the face of DDoS, achieving the attackers' aims with ease. Firewalls and IPS were fine for LANs where they filtered outgoing traffic, but turned into obvious points of failure when used as a barrier to protect servers receiving large volumes of inbound packets, he says. One thing that is clear form Arbor's report is that DDoS size will go on increasing, fed ironically by increased investment in defences against DDoS generally. Rather like the growth in spam after the advent of efficient filtering, better defences force attackers to up their game, throwing more and more traffic at targets in the hope of having some effect. An interesting blind spot suggested by Arbor could be mobile networks, which Dobbins describes as being almost "accidental ISPs." Read full story - http://www.pcadvisor...wsid=3258932 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.