Question
You are the security admin of a company that is worried about Distributed Denial of Service attacks affecting your organization. As a consequence, the companies
You are the security admin of a company that is worried about Distributed Denial of Service attacks affecting your organization. As a consequence, the companies Financial CEO argues that EVERY PACKET entering the network must the logged and stored for later inspection. The result of inspection can be to update firewalls to filter and prevent packets from suspect IP address from entering the network, or possibly attempts to trace back the source of the packet (the actual machine that launched the attack).
You argue back saying that storage overhead will be enormous, and state that you will design a logger to sample packets and log. For instance, you can choose a sampling rate of 1 out or 1000 packets, or 1 out of 2000 packets or so for logging. The exact rate of sampling is not important. What is important is your argument to sample packets and log, rather than log every packet. In a practical sense, why would your approach make sense to sample packets for defending against a DDoS attack as compared to logging every packet entering the network?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Database Systems For Advanced Applications 16th International Conference Dasfaa 2011 International Workshops Gdb Sim3 Flashdb Snsmw Damen Dqis Hong Kong China April 2011 Proceedings Lncs 6637
Authors: Jianliang Xu ,Ge Yu ,Shuigeng Zhou ,Rainer Unland
2011th Edition
3642202438, 978-3642202438
