Question
You are the security admin of a company that is worried about Distributed Denial of Service attacks affecting your organization. As a consequence, the companies
You are the security admin of a company that is worried about Distributed Denial of Service attacks affecting your organization. As a consequence, the companies Financial CEO argues that EVERY PACKET entering the network must the logged and stored for later inspection. The result of inspection can be to update firewalls to filter and prevent packets from suspect IP address from entering the network, or possibly attempts to trace back the source of the packet (the actual machine that launched the attack).
You argue back saying that storage overhead will be enormous, and state that you will design a logger to sample packets and log. For instance, you can choose a sampling rate of 1 out or 1000 packets, or 1 out of 2000 packets or so for logging. The exact rate of sampling is not important. What is important is your argument to sample packets and log, rather than log every packet. In a practical sense, why would your approach make sense to sample packets for defending against a DDoS attack as compared to logging every packet entering the network?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started