GÉANT community working groups initiate DDoS
focused security collaboration
17 November 2015 | Amsterdam, Netherlands
recognises the continually growing need for security threat mitigation and for international and cross-discipline collaboration to support the
research and education networking community in this work. A recent workshop about DDoS (distributed denial of service) mitigation,
plans for international collaboration in this area.
50 representatives of 24 organisations from around the world discussed a wide
range of issues concerning DDoS and how to manage security processes for national
research and education networking organisations (NRENs).
DDoS mitigation workshop was hosted by ACOnet at the University of Vienna on 10-11 November, and was initiated by several
GÉANT community working groups: SIG-NOC (special interest group on network
operation centres), SIG-ISM (information security management), TF-CSIRT (task
force on computer security incident response teams) and TF-MSP (management of
service portfolios). Each of these had seen the subject of DDoS mitigation
arise within their group meetings and organised the workshop together in order
to explore current DDoS mitigation solutions and identify goals for future
service solutions and information sharing to support the NREN community and its
Common issues raised during the workshop
included the need for well-developed business case documents for DDoS
mitigation, as the value of this generally expensive service is often not seen
until an attack takes place.
Another important point was the potential for joint
procurement of mitigation services. Attendees also agreed that work on
open-source and homegrown solutions s necessary to ensure that NRENs can
have access to affordable approaches to the DDoS mitigation problem. A closed discussion list has been created
to follow up on the
Request access to the closed DDoS discussion list.
A growing concern
DDoS is a type of denial of service (Denial of Service) attack, in which networks or systems are flooded with useless traffic by attackers in an attempt to make a service unusable or to force an organisation to take a service out of use. The distributed nature of DoS means that multiple source addresses can participate in the attack, which makes it difficult to identify and mitigate the effects. Although DDoS attacks on universities and other educational institutions are currently not very common, it is a growing concern.
The majority of attacks in the research and education environment are simple OSI/ISO Layer 2-4 attacks, mostly initiated by students. 'Black-holing' is the easiest solution, but this cuts customers off the network completely. More sophisticated 'traffic washing' can be used against complex Layer 4-7 attacks, but this technique is not widely used.
The biggest impact of a DDoS attack would be if the NRENs’ upstream connectivity went down. As GÉANT provides ever more peering services, NRENs are increasingly looking to GÉANT to serve as their upstream provider. Firewall-on-demand and a three-step filtering architecture helps GÉANT to mitigate attacks in the pan-European backbone network.
The DDoS workshop forms part of the growing security support provided through GÉANT, joining the recent highly successful
WISE workhop, the well-established SIG-ISM and TF-CSIRT groups, and services such as the Trusted Certificate Service, Trusted Introducer and
This growing focus on collaborative approaches to security echoes developments happening across internet intitatives, as described by ISOC in the 2015 whitepaper
Collaborative Security, An approach to tackling Internet Security issues.