Thursday, July 26, 2012

DDOS Tuning for Checkpoint IPS Blade

These are the main things to check against ddos related attacks on checkpoint,
but of course not enough for sophisticated layer 7 attack techniques, checkout new radware based checkpoint ddos appliance; ddos protector.

Aggressive aging: protection against connection-consuming attacks
Lower Stateful Inspection timers: defense against slow attack
Geo protection: Rules to block by country and direction of traffic
Network quota: limit number of connections by source IP
Worm catcher signature: block known worms (HTTP and CIFS)
TCP window size enforcement: small TCP window and flood
SYN flood protection: cookie-based validation
HTTP flooding / UDP Flooding: rate-based blocking
non-TCP Flooding: restrict non-TCP traffic from occupying more than a given percentage of an enforcement point State table