| ||
Step | Description |
---|---|
Understand how your ISP can help you during a DDoS attack. | Refer to Chapter 4 and make an action plan for dealing with DDoS attacks that includes strategies that leverage your ISP's capabilities in the realm of real-time blackholing. Open dialogue between your organization and your ISP about enabling you to create customer-triggered real-time blackholes to protect yourself without spending precious time with their escalation procedures. |
Consider implementing an internal darknet. | Remember, an internal darknet gives you the ability to catch worms earlier than your anti-virus vendor. Likewise, it exposes network misconfigurations that you'll be glad you knew about. |
Consider implementing an external darknet. | External darknets can give you insight to what your network is being hit with from the outside and the tools you use with it may be easier on the eyes than a standard firewall log. The backscatter collected from an external darknet can give you intelligence about when your network is being implicated in an attack on a third party. |
Explore using honeypots for research if you have the time and resources. | Though most organizations won't see significant benefit from implementing a honeynet (outside of awareness), they are invaluable to information security researchers. Consider the implications of deploying a honeynet within your organization. Such consideration should include exploration of state laws that might have a bearing on your decision. |
RFCs 3330 and 3882
http://www.cymru.com/Darknet/
http://www.tcpdump.org/
http://www.qosient.com/argus/flow.htm
http://www.honeyd.org
http://www.honeynet.org
http://lcamtuf.coredump.cx/p0f.shtml
http://www.secsup.org/Tracking/
http://phoenixinfragard.net/meetings/past/200407hawrylkiw.pdf
| ||