Implementing Distributed Denial of Service (ddos) Sytem in Abc, Inc. Backbone Network

[pic 1]

Prepared by: Kaija Maria R. Vargas

Table of Contents

1. Scope         2

2. Deliverables         3

3. Work Breakdown Structure         6

4. Project Duration Estimate         11

5. Estimated Cost         13

6. Schedule         14

7. Risk Management         15

8. Communication Plan        17

1. Scope

DDoS is a malicious traffic that made the network and system resource unavailable to users. ABC, Inc Domain Name System (DNS) servers that translates Internet domain names to corresponding IP (Internet Protocol) addresses, went down last XXX 13, 201X as a result of Distributed Denial of Service (DDoS) attack.  During that time, DDoS attacks from different sources from China denied legitimate ABC, Inc internet users to DNS resources. As a result of the DDoS attack at the DNS servers, the whole ABC Broadband services became unavailable.  There is currently no system in place to actively mitigate such anomalous traffic in ABC, Inc. network. Due to the nature of the attack coming from different sources and due to the amount of incoming traffic, it was difficult to block all sources from Network Access Points (NAP) of IP Backbone. The issue was temporarily resolved by changing the DNS servers to open DNS or public DNS servers across ABC, Inc.

The goal of this project is to implement a system that will mitigate DDoS attack to the following identified critical services of ABC broadband network:

• Domain Name System (DNS)
• Email Servers
• Base stations (where end-users are connected to)

The DDoS mitigation system will ensure that the enumerated systems will still be available during DDoS attack.

The project will have three phases: 1. Proof-of-concept (Test Environment) 2. Implementation to Live Network 3. Operational turnover. The three phases will be staged in the period of 5 months. The DDoS mitigation system is expected to be fully operational before XXX 2, 201X.

The project will cover the implementation of the DDoS mitigation system as per the design document submitted by vendor XYZ (covered by another project). The project will be facilitated by ABC, Inc. Planning and Engineering department. Vendor XYZ will implement the approved design document by Planning and Engineering team and IP Backbone Operations team.  All vendor XYZ activities will be done in parallel with 2 Senior Engineers from IP Backbone Operations team. System Acceptance Test (SAT) and User Acceptance Test (UAT) will be performed, which will serve as a sign-off that the DDoS mitigation system is already ready for operations. The system will be turned over to IP Backbone Operations after SAT and UAT.

 The project will:

• Implement the approved DDoS mitigation system designed by vendor XYZ
• Simulate attack controlled by vendor XYZ from outside of ABC, Inc. network during Phases 1 and 2
• Provide bi-weekly progress reports
• Provide baseline for IP Backbone operational metrics
• Provide training plan on how to operate the DDoS mitigation system to IP backbone Operations
• Provide parallel manned operations of vendor XYZ for the period of 1 month after SAT and UAT

The following activities are beyond the scope of the project:

• All scope enumerated by DDoS mitigation design document
• Providing mitigation system for other services not identified in this document
• Optimizing DDoS mitigation system for other purposes outside the scope of the design document provided by vendor XYZ
• Implementing other system not included in vendor XYZ design document
• Providing operational plan between IP Backbone Operations and System owners of DNS, Email and Base station

1. Deliverables

The DDoS Mitigation System has three components: Anomaly Detector Module (ADM), Anomaly Guard Module (AGM), and DDoS Multi-Device Manager (MDM). The Anomaly Detector Module (ADM) monitors a copy of the ABC network Traffic and continuously looks for indications of a Distributed Denial of Service (DDoS) attack against a network element, such as the above enumerated systems (DNS, Email Servers). Once a malicious traffic is detected, the Anomaly Guard Module (AGM) will mitigate the attack by diverting the suspected traffic from its normal network path to itself for cleaning. During the traffic cleaning process, the AGM identifies then drops the attack packets, and then forwards the legitimate packets to the targeted network destinations. All Anomaly Detector and Guard modules will be remotely operated and monitored using a web-based manager Multi-Device Manager (MDM).

As per the three phases indicated in the scope of the project, the following is a list of major tasks to be accomplished:

Task-1: Proof-of Concept (Test Environment)

The DDoS mitigation system designed by vendor XYZ has not been implemented in any company across the Philippines. This system being provided by vendor XYZ will be first one to be implemeted in Asia. For these reasons and due to the impact that simulating a DDoS attack can cause to the whole ABC, Inc. network, implementing the DDoS mitigation system and simulating an attack in a test lab or test environment is critical. Test lab will have some restrictions, such as limited amount of network traffic and unable to replicate the DNS and email servers. A regular computer (PC) that will download data using torrent sites will be used instead. Proof-of-concept aims to test the basic functionality of Anomaly Detector and Anomaly Guard modules in lesser scale of network traffic. Proof-of-concept will test if the Anomaly Detector module will learn the normal network traffic and test if it will detect the anomalous traffic during DDoS attack simulation, then trigger the Anomaly Guard. The AGM should then divert the traffic and clean the traffic. Proof-of-concept is completed if there is no disruption in the download using the PC.

...