Using Ansible to Defend against DDoS Attacks

Building a Basic Layer of Protection from Common DDoS Attacks

Distributed Denial of Service (DDoS) has been one of the most successful yet least understood types of security attacks. Companies under attack experience painful downtime that hurts their bottom line and results in irrevocable damage to reputation.

Using Ansible, engineers have the ability to mitigate attacks using the entirety of their infrastructure. Applications, Network Devices, and Hosts all working together through Ansible orchestration. Ansible has the technology breadth to be used from the cloud to on-premise, and can be used in the form of pre-written code or written from scratch to serve customized purposes.

In this session we plan to give an overview of a few varieties of DDoS attacks including a current breakdown which we track. We will talk about using this data and other open source intelligence to reduce your attack surface through Ansible orchestrated policies.

  • Do you need to take UDP traffic at all?
  • Are you using only one Layer 4 port to serve traffic?
  • Why take traffic from public cloud providers if you don’t have to?
  • Are you offering services to China? Russia? If not, drop them!

We will go over methods for dropping BOGONS, common DDoS ports, troublesome ASNs and gelocations at ingress. Dropping hosts with questionable reputation attempting to load malware on IOT devices. Updating cloud security settings as well as influencing network paths and even interacting with A10’s API to help reduce the collateral damage of your policy.

Join us at AnsibleFest 2018, where we’ll be giving a screen by screen walk-through and answering questions about how to use Ansible to defend your organization.

Ansible for Network: Distributed Denial of Service Mitigation

Eric Chou and Rich Groves

Date: Tuesday, October 2
Time: 11:00 AM - 11:45 AM
Location: JW Marriott, Austin, TX
Room: Lone Star A/B/C

Add new comment