Cloud Security Alliance releases anti-DDoS research paper
- Published: Wednesday, 30 October 2019 09:37
The Cloud Security Alliance (CSA) has published new research on using a software-defined perimeter (SDP) as a distributed denial-of-service (DDoS) attack prevention mechanism.
Produced by CSA’s Software-Defined Working Group, the paper sheds light on the use of a SDP as a tool to prevent DDoS attacks. It demonstrates the efficiency and effectiveness of a SDP against several well-known attacks including HTTP Flood, TCP SYN, and UDP Reflection.
The document focuses on protecting private services, such as private business applications, employee or customer portals, and email servers, which are well-suited to being protected from DDoS attacks by a software-defined perimeter. Utilizing the ‘Seven Layer OSI Model’, various scenarios are laid out based on where attacks may be targeted (i.e. applications, transportation, and networks), which security professionals can use as guides for securing their own enterprise systems.
“Denial of Service attacks are - and continue to be - a problem. With the adoption of cloud services, the threat of network attacks against application infrastructure increases, since traditional perimeter-defense techniques cannot adequately protect servers,” said Juanita Koilpillai, co-chair, CSA Software-Defined Perimeter Working Group, and CEO and President of Waverley Labs. “This document, the latest from the SDP Working Group, was created to aid those responsible for the evaluation, design, deployment, or operation of DDoS prevention solutions within their enterprise.”