Planner: Calculating the Costs of a Defense System
So, don't wait for that e-mail requesting $50,000 for "protection" from the garbage traffic bursts that DoS gangs use to take Web sites out of service for days at a time. This project will take a critical look at your network's security vulnerabilities and spec out requirements for a DoS mitigation system that matches your in-house capabilities with enhanced services from your Internet service provider.
DoS defenses are evolving as fast as the attacks themselves, but two major preventive options have emerged, says Eric Greenberg, chief technical officer of NetFrameworks, a Web security consultancy in McLean, Va. The first option, which we'll use for this project, is a sophisticated traffic "scrubbing" system that combines detection software, firewalls and dedicated bandwidth to identify, siphon off and trace suspicious traffic.
Another option is a "box" solution, in which DoS mitigation hardware, with embedded filtering software, is placed between routers and firewalls. Box systems require in-house installation and expertise, and, in the event of an attack, while they will filter out bad requests and keep your Web site up and running, they may leave your internal network paralyzed by the garbage traffic runoffa problem for high-traffic sites.
For this project, you'll turn to security consultants and your ISP for help, and pay the monthly service fee that many online-dependent operations are starting to acknowledge is a cost of doing business. "The equipment is embedded within the Internet backbone, and the service provider's infrastructure scrubs traffic destined to the customer," Greenberg says. "Think of it as a water filter that's within the network. You only get clean water."
To see the details behind this Planner and fill in your own estimates, click on the "Get the Tool" icon above and download the interactive worksheet.