voice, data, and managed IT services DDOS Security Appliance
As organizations roll out Voice-over IP, multimedia conferencing and other real-time applications, the need to protect networks from denial of service attacks, viruses, and intrusion has become critical. VocalNet engineers have implemented industry-leading security solutions such as Fortinet’s suite of unified threat management systems and ReoRay’s denial of service mitigator (DDOS) to secure our customers networks. Because of our years of first-hand experience, we realize security is fundamental to the success of any VoIP deployment-considering any network degradation will significantly affect voice quality and most importantly compromise our customer’s security.
RX Platform
The RX1200, RX2300 and RX3300 belong to our family of specialized DDOS equipment designed for high sustained throughput with unmatched system availability. Designed for data centers that must maintain complex mission-critical applications, the RX platform simplifies the network administrator's tasks during a DDOS attack.
With the RX, there is no need to write tens of thousands of rules to recover from an attack, and no need to clean up the filter rules after an attack. The RioRey™ RX family of products simply keeps the data center running, while informing the network administrator of critical information about DDOS attacks.
The RX is available in copper Ethernet, single-mode fiber, and multi-mode fiber interfaces.
In addition to protecting your network from a DDOS attack, certain RX models can screen outbound traffic for DDOS, preventing your network from becoming an unwitting DDOS attacker.
rCare Service
rCare is an online DDOS analysis tool available to RioRey™ customers. To use this service, you must subscribe with RioRey™ and obtain a login account. The account allows you to include your RX platforms in the collaborative DDOS analysis pool.
Users in the rCare pool contribute their DDOS attack data to our database through an automatic download.
rCare allows subscribers to examine their own historical data as well as an aggregate anonymous view of all attacks in the database.
This method provides security to the data contributors, but at the same time, gives all subscribers a view of DDOS trends.
rCare analysis includes:
- Attack duration
- Attack types
- Attack size in packet and byte counts
- Attacker IP and port distribution
- Attacker geographical distribution
- Victim IP and port distribution
rView Software
rView is a Java application that provides a convenient interface to monitor attacking traffic, attack alarm notifications, traffic summaries, real-time and historic traffic pollution, and real-time and historic victim lists. It uses the standard secure SSH protocol to connect to the RioRey™ platform and can simultaneously manage all RioRey™ units installed on the network
rView is located remotely from the RX equipment via an encrypted channel on your network. The rView screen represented here is the primary view for monitoring network activity.
The center panel provides a high-level view of the platform and the protected link. The right panel shows the statistics for each type of traffic entering the network (TCP, UDP, ICMP, etc.). The bottom panel shows the status for each category of traffic.
rView's key functions are:
- Platform configuration
- Alarm notification
- Monitor traffic statistics and attack status
- Historical view of activities
- Download and upload data
- System upgrades
The RioRey™ Advantage
Why are traditional network protection schemes effective against threats such as viruses and Trojan horses, but not well-suited to DDOS protection? To answer this question, we will look at an historic view of network designers’ notions about protection prior to the emergence of the DDOS threat and compare that to our approach.
Traditional Approach:
This traditional scheme is very effective against common network security threats, such as viruses and Trojan horses, unauthorized attempts to compromise databases or hosts, and other illegitimate actions that the attacker wishes to accomplish unnoticed. However, adapting these techniques to combat DDOS attacks is problematic.
Router
- Main function - Packet routing
- Auxiliary function - Provide netflow information for billing and network diagnostics. Netflow information is used by anomaly detection devices to detect unusual network utilization, signaling a potential DDOS attack.
- During a DDOS attack, once the attacker is identified, network operators can eliminate the attack by manually "null routing" (dropping) attack traffic, one attacking host or domain at a time.
Access Control List and/or Firewalls
- Maintain a list of rules detailing the restriction of use for each host and device on the network.
- Restricts traffic to and from a host unless it is a permitted and known type of service.
- Can be configured to control both inbound and outbound traffic.
- Once a DDOS attacker is identified, network operators can eliminate the attack by manually changing the ACL or Firewall table, one attacking host or domain at a time.
Intrusion Detection Systems (IDS)
- Use deep packet inspection to analyze packets for virus, trojan horse and other application attacks.
- Deep packet inspection technique is applied to DDOS protection, but must examine every packet in real-time.
RioRey™ Approach:
RioRey's innovative protection architecture, which features our Perimeter Protection Platform (PPP), is depicted in the diagram below. Our Platform removes attack traffic at the edge of the network, delivering line rate filtering to the entire infrastructure downstream. Because RioRey algorithms recognize good traffic and allow it to flow unimpeded, network communication is not hampered.
Perimeter Protection Platform
- Added in front of the router, dedicated to DDOS mitigation.
- High throughput, delivering line rate filtering to the entire network.
- Filters out the majority of DDOS, preserving good data to the network.
Router, with the added Perimeter Protection
- Relieves router congestion during a DDOS attack, maintains network performance despite an attack.
- No need to update thousands of "null route" tables and clean up after an attack.
Access Control List and or Firewalls with the added Perimeter Protection
- No manual intervention such as updating access lists during and after an attack
Intrusion Detection Systems with the added RioRey Perimeter Protection
- Without the extra DDOS packets flooding the IDS, the system can now devote all resources to monitor and filter traditional attacks, which often attempt to penetrate under the cover of a DDOS attack.
- Value Proposition
- Unified Threat Management
- Fortinet UTM Appliances
- Riorey DDOS Appliance
PowerPoint
