search

DDoS Mitigation at Source

CAR - Committed Access Rate.

  • Limits (a class of traffic) traffic to a specific rate.

  • Token bucket model.

  • Avoids that a single source may generate/transmit traffic above a pre-defined threshold.

hashtag
Firewalls

hashtag
Remote-Access VPN

Firewalls need to work with VPN gateways.

  • To filter all traffic.

  • To filter and decrypt VPN traffic.

Most firewalls integrate both Security and VPN gateway services.

hashtag
Performance Evaluation

hashtag
Basic Firewall

IP Throughput.

  • The raw capability of the firewall to pass traffic from interface to interface.

Latency.

  • Time traffic delay in the firewall.

  • Should be measured and reported when the firewall is at its operating load.

hashtag
Traditional Enterprise Firewall

Connection Establishment Rate.

  • The speed at which firewalls can set up connections.

Concurrent Connection Capability.

  • Total number of open connections through the firewall at any given moment.

Connection Teardown Rate.

  • The speed at which firewalls can teardown connections and free resources.

hashtag
Next-Generation Firewall

Application Transaction Rate.

  • The capability of the firewall to secure discrete application-layer transactions contained in an open connection.

  • May include application-layer gateways, intrusion prevention, or deep-inspection technology.

  • Application transaction rates are highly data-dependent.

PreviousHalf-Open TCP Connection ProblemNextCisco’s Access Control Lists (ACL)

Last updated