Software-Defined Perimeter as a DDoS Prevention Mechanism
Release Date: 10/27/2019
Working Group: SDP and Zero Trust
In this paper by the Zero Trust Working Group, we advocate for Software Defined Perimeter (SDP) as a tool to protect private services from DDoS attacks. SDP is an architecture that provides integrated security, which is otherwise hard to achieve with existing security point products. SDP is efficient and effective against several well-known attacks, including HTTP Flood, TCP SYN, and UDP Reflection.
- An explanation of DDoS attack vectors and their layers and logical protocols according to the OSI and TCP/IP models
- An overview of non-SDP mitigation methods
- The steps for setting up an SDP configured as a DDoS defense mechanism
- An explanation of three well-known attacks and how to use SDP to defend against them: HTTP Flood, TCP SYN Flood, UDP Reflection
- A list of DDoS and other attack monitoring maps
- People in security, enterprise architecture, and compliance roles within enterprises
- Solution providers, service providers, and technology vendors
CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.
Provide feedback on this form