Defending Against DDoS Attacks Using Arbor Networks APS

This two-day course focuses on using Arbor Networks APS for protection from availability threats such as volumetric, state-exhaustion, and application-layer Distributed Denial of Service (DDoS) attacks.

The goal of the course is to build the attendee’s confidence by providing hands-on experience in using the Arbor Networks APS to identify and mitigate malicious DDoS traffic. Attendees will learn about the different types of DDoS attacks and how to use the Arbor Networks APS to monitor and analyze the traffic. Then, during lab exercises, students will experience different inbound and outbound DDoS attack types, and then use the Arbor Networks APS to mitigate malicious traffic that is targeting the server they are assigned to protect.

Target Audience

Security administrators, network operations personnel, and staff responsible for monitoring network traffic, mitigating against DDoS attacks and ensuring peak performance of the Arbor Networks APS deployment.

Duration

16 Course Hours (1.6 CEUs)

Upon completion, participants should be able to

  • Identify the characteristics of the different types of DDoS attacks.
  • Use protection groups to focus attack visibility.
  • Tune and optimize protection group and server type settings.
  • Mitigate a DDoS attack on a server and adjust protection levels to thwart the attack.
  • Apply Layer 3/4 protections to mitigate threat traffic during an attack.
  • Apply Application Layer protections to mitigate threat traffic during an attack.
  • Identify which traffic is passed and which traffic is blocked during a mitigation.
  • Determine which protection categories are responsible for the mitigation.
  • Manage blacklist and white list entries.

Course Topics

  • Optimize and tune Protection Group settings
  • Standard and Custom Server types
  • Email, SNMP, and Syslog Notifications
  • Traffic Thresholds
  • Blacklists and Whitelists
  • Blocked Host Log
  • Explore Packets
  • DDoS Attack Mitigation

Course Outline

  1. Protection Groups and Tuning
    • Establish UI familiarity and workflow
    • Verify current APS operational status
    • Establish perspective by identifying current traffic characteristics
    • Lab: Protection Group Setup and Tuning
      • View and verify system status
      • Create Protection Group for each server type protected
      • Identify and adjust default protection settings
      • Perform a Profile Capture
      • Set alerting thresholds
  2. Block Unwanted Traffic/Noise
    • Use blacklists and whitelists
    • Lab: using blacklist to block traffic
  3. Defend against volumetric attacks
    • Attack identification
    • Analyze attack characteristics
    • Determine mitigation strategy
    • Monitor mitigation status and effectiveness
    • Lab: Mitigate volumetric-based attacks
  4. Defend an outbound attack
    • Identify and mitigate an outbound attack
    • Lab: Block an outbound attack
  5. State-exhausting attacks
    • Attack identification
    • Analyze attack characteristics
    • Determine mitigation strategy
    • Monitor mitigation status and effectiveness
    • Lab: Mitigate state-exhaustion attacks
  6. Application-layer attacks
    • Attack identification
    • Analyze attack characteristics
    • Determine mitigation strategy
    • Monitor mitigation status and effectiveness
    • Lab: Mitigate application-layer attacks
  7. SSL attacks
    • Exercise: Identify and mitigate an attack on the SSL handshake setup.
  8. Open, unknown attack types, multiple attack vectors
    • Exercise: further develop the attendee’s confidence by launching new attacks which the attendee identifies and successfully mitigates. The attendee will continue to monitor effectiveness of that mitigation and watch for changes in the attack vector to adapt to those changes.