http://www.computerworld.com/cwi/stories/0,1199,NAV65-663_STO61568,00.html By JAIKUMAR VIJAYAN June 25, 2001 Asta Networks Inc. last week launched its Vantage System software, which the company claims will help users quickly detect and respond to distributed denial-of-service (DDOS) attacks. Such attacks, which are considered to be one of the most serious security threats on the Internet, basically make Web sites inaccessible to legitimate users by overloading servers or networks with useless traffic. Asta's Vantage System makes it possible for companies to automatically identify the abnormalities in network traffic that signal such attacks, claimed Joe Devich, president and CEO of Seattle-based Asta. The technology is composed of two primary components: network sensors that collect samples of traffic data from key routers, and coordinators that aggregate and analyze the data from the sensors. Vantage System uses proprietary signature-based and anomaly-based algorithms to detect attacks. Signature-based technology looks for traffic patterns that match those of previously publicized DDOS attacks. Anomaly-based algorithms look for traffic patterns that are different from the usual traffic on a network. Automatic alerts then notify network administrators of potential attacks. Such capabilities are crucial, said Charles Kolodgy, an analyst at IDC in Framingham, Mass. There is little that companies can do to prevent DDOS attacks from being launched against them. But with early detection and the right technologies, it's possible to choke off a lot of the disruptive traffic, he said. "[Such technology] is designed to give [service providers] and users a better handle on the volumes of data going through their networks, so that they can try and stop the bad traffic closer to the source," Kolodgy said. But a lot depends on the ability of such technologies to scale in high-bandwidth service provider networks, said Russ Cooper, an analyst at TruSecure Corp., a consultancy in Reston, Va. Also crucial is the ability of such technologies to really sift the bad traffic from the good traffic. For instance, it's possible to have sudden, sharp spikes in traffic for legitimate reasons. If a DDOS alert is raised each time something like this happens, users will ultimately not pay attention at all, Cooper warned. Several other firms have begun offering similar capabilities, including Mazu Networks Inc. in Cambridge, Mass., Arbor Networks Inc. in Waltham, Mass., and Niksun Inc. in Monmouth Junction, N.J. ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 00:00:53 PDT