[120828] in North American Network Operators' Group
Re: D/DoS mitigation hardware/software needed.
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Tue Jan 5 00:53:22 2010
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Tue, 5 Jan 2010 05:47:05 +0000
In-Reply-To: <005501ca8dc9$7e43b5b0$7acb2110$@net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 5, 2010, at 12:39 PM, Stefan Fouant wrote:
> The trick is to try to automate as much around the process as possible - =
I've worked in environments where just making little changes to incident ha=
ndling response methods reduced the time to mitigate an attack from hours t=
o minutes, all the while still requiring an operator to press the "big red =
button" to offramp and enable the mitigation.
Concur 100% - and when the end-customer is under attack and screaming, this=
reduction in time to detect/classify/traceback/mitigate makes all the diff=
erence.
Your very salient comments highlight the paramount importance of preparatio=
n as the key enabling phase of the six-phase security incident-handling met=
hodology:
1. Preparation.
2. Detection/identification.
3. Classification.
4. Traceback.
5. Reaction.
6. Post-mortem (feeding lessons learned back into the Preparation phase).
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
