Security isn't a big strong point of mine, but was always curious how this is done.... A lot of places I have seen the nuclear option of disconnecting from the Internet, then contain, forensically check and rebuild if necessary any possible effected devices when an attack is seen..
what if a connection is kept up though... what are the mitigations to keep the connection up? Im assuming you can whitelist/blacklist connections with firewalls, IDS/IPS, how are unclassified UDP connections dealt with then?
if you get to a point where your device is only responding to legitimate traffic, whats the next issue? bandwidth utilisation on inbound connections if the attacker is flooding with UDP or ICMP packets?
any better ways of dealing with it?
No comments:
Post a Comment