DDOS Prevention

Comments

9 comments

  • Avatar
    Ryan Hopkins

    DDoS comes in all shapes and sizes and a lot harder to combat than you think. I sincerely doubt that functionality could be included as DDoS mitigation is all about filtering. It's not as simple as writing YARA rules.

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    Nothing at the endpoint can protect against DDoS ... Flooding from multiple sources of anything on the network will disable any device (given DDoS bandwidth is higher than your allocated bandwidth).  The only effective way of blocking DDoS is at the source of the attack and filtering as close to the source possible. 

    2
    Comment actions Permalink
  • Avatar
    FF

    if I may add my 2 cents...

     

    DDOS stands for Distributed Denial of Service...

    normally this should not apply to a "home" use-case as you are unlikely to run a "service" at "home"....

    • even if you do, (let's say a minecraft public server), it is unlikely that someone would want to build a DDOS against it in the first place...
    • even if they do, an attacker is likely to find a much easier way to "denial service", for instance by accessing your server and destroying your world in the game itself or harassing other players...
    • if for some reasons your home network is actually targeted by a real DDOS, your own ISP is likely to take you out of their network before you can do anything about it at your side...

    now, for your SCADA, that's a different story. a much better question would be why would you expose your SCADA to the public internet in the first place?? depending on the criticality of the systems you should really consider your own private WAN. Or as a minimum a full blown VPN which should at least "hide" your components from the common internet. if someone does leak your VPN entry points, AFAIK, the only way to handle an actual DDOS would be to buy special counter measures services through your ISPs (akamai and cloudflare  have such offering), in addition you will need the ability to switch your external ISP from  1 vendor to another with a completely different set of public addresses, certificates and domains.

    firewalla does provide the abilty to setup VPN between appliances in a  multi-nodes VPN configuration (same as ASUS routers with merlin) however, depending on your scala specific use-case you really need some expertise to setup this securely.

    my 2 cents.

     

     

     

    -1
    Comment actions Permalink
  • Avatar
    Chris Thomas

    ^^ what FF said.

    You can't do DDoS mitigation at the endpoint. Even if the endpoint doesn't fall over, the network links are saturated and no legitimate traffic can get in or out.

    Attacker 1
    Defender 0

    0
    Comment actions Permalink
  • Avatar
    Pimbox

    Ok, but if the atacks coming to France for example. If France is block in my FireWalla Geo rule, the atack will stop in FireWalla Cloud or will arrive to my device ?

    Geo block is done by FireWalla Cloud or by local FireWalla device?

    0
    Comment actions Permalink
  • Avatar
    Chris Thomas

    The Firewalla Cloud does not handle traffic.

    And again, you cannot do DDoS mitigation at the endpoint, whether that is a home firewall or an enterprise data center environment. Your internet connection is only so big, you need a globally distributed DDoS solution that has the ability to block the traffic near the source so that it cannot get anywhere near your environment.

    0
    Comment actions Permalink
  • Avatar
    Pimbox

    Okay, we know that it is impossible to contain a DDoS with defenses in the final line, but I just wanted to better understand the purpose and especially what the FireWalla cloud does that the device itself cannot do on its own?

    0
    Comment actions Permalink
  • Avatar
    Chris Thomas

    https://cdn.shopify.com/s/files/1/1766/2665/files/howitworks_c1adf4db-6e23-41b1-add5-8752ac3c46ac_4320x1920.gif?v=1531297567

    Firewalla is providing the following

    Regular software updates and patches via CI/CD
    Remote access to your Firewall from the Firewalla Mobile App, via the Cloud
    Push notifications to Firewalla Mobile App, via Cloud
    Simplified deployment of geo-ip access lists and a IDS/IPS using a common ruleset

    It's not some magic box, it's just a Linux based firewall and some nice-to-have capabilities such as DoH, IPS, and VPN, wrapped up in a pretty UI.

    1
    Comment actions Permalink
  • Avatar
    Pimbox

    Thx Chris, great way to explain!

    Is a linux firewall with a friendly graphical interface and easy operations, with the cloud assisting some parameters like IP list and things that can be taken as a shortcut. All this with the ease of having it all always updated in a simple and as invisible as possible.

    0
    Comment actions Permalink

Please sign in to leave a comment.