Advanced DDoS Security - Technical FAQ

On which layers is the protection applied?       
What are the advantages of Out of Path architecture?       
How long does it take to mitigate an attack?       
Does the solution slow down data traffic on our network?

About scrubbing centers

When is a cloud scrubbing center used?       
How do Belnet's router-based detectors work?       
Why is the rerouting to the Cloud scrubbing center manual?       
Is the internal scrubbing center redundant?

About monitoring

Does the solution have a dashboard?       
Without a dashboard, how do I know when mitigation is triggered?       
When mitigation is triggered, to whom is the notification sent?       
How often are reports sent?       
How are the reports presented?

About onboarding

What are the steps in the onboarding process?

About emergency onboarding

If my organisation is not protected, is there an emergency onboarding procedure?

 

On which layers is the protection applied?

Protection is applied out on layers 3 and 4 of the OSI model but not on the application layer (L7).

 

What are the advantages of Out of Path architecture?

  • The traffic no longer passes permanently through the scrubbing center (no extra hop)
  • Bugs or solution maintenance no longer affect the customer
  • Less risk of packet loss
  • Fewer false positives

 

How long does it take to mitigate an attack?

Depending on the type of attack, mitigation can take a few seconds and up to 60 seconds for the most complex attacks.

 

Does the solution slow down data traffic on our network?

Outside of the attacks: no. During an attack, the traffic is redirected to the scrubbing center. There is therefore a slightly higher latency since the traffic has to pass through an additional device and this device has to do the work. This happens very quickly and there should not be a big difference compared to normal.

 

When is a cloud scrubbing center used?

The Cloud scrubbing center is additional "insurance" to protect us against DDoS attacks. As soon as an excessively large attack arrives on the Belnet network and our network risks saturation, we manually reroute the traffic to the external scrubbing center. This has nodes scattered around the world that will do the mitigation as close as possible to the source of the traffic.

 

How do Belnet's router-based detectors work?

The detectors analyse traffic entering Belnet's network. They detect attacks based on anomalies. When an attack is detected, traffic is rerouted to the internal scrubbing center.

 

Why is the rerouting to the Cloud scrubbing center manual?

Manual handling by our technicians in the event of a very large attack is an essential step in ensuring the overall security of the Belnet network. In order to ensure further control when traffic is redirected to an external party.

 

Is the internal scrubbing center redundant?

The scrubbing equipment is hosted in Belnet's datacenters with redundancy.

 

Does the solution have a dashboard?

A dashboard is not necessary thanks to two features:

  • The Advanced DDoS Security service sends alert notifications by email as soon as an attack is detected and traffic is rerouted.
  • You will also receive a 'very' detailed report after the attack.

A self-service portal could be considered in the future.

 

Without a dashboard, how do I know when mitigation is triggered?

An email notification is sent to your contact person once mitigation is triggered.

 

When mitigation is triggered, to whom is the notification sent?

To your organisation's designated DDoS manager (DDoS-CP) listed on the contract.

 

How often are reports sent?

A detailed report is sent by email to your contact person (DDoS_CP) after each attack. If there is no attack, there is no report.

 

How are the reports presented?

In the form of a template that includes:

  • Graphics of the different events
  • A very detailed history
  • The target(s) of the attack
  • The most active sources during the attack
  • The vectors used by the attack
  • The amount of blocked traffic

 

What are the steps in the onboarding process?

You must provide us with:

  • The names and email addresses of the contact persons (DDoS_CP)
  • The list of prefixes you use
  • A (new) signed Advanced DDoS Security contract

You don't have to do anything else. We will then contact your DDoS_CP to make the necessary settings.

 

If my organisation is not protected, is there an emergency onboarding procedure?

Yes, if your organisation has not yet subscribed to the service and it is attacked, it can use Belnet's Emergency Onboarding.

From 2024, Belnet will charge 10,000 EURO for an emergency onboarding, in line with commercial DDoS providers, and require your organisation to purchase 1 year of Advanced DDoS Security.

Did you find this FAQ useful?
Copyright © 2024 Belnet.