The NIX.CZ association has prepared a presentation of projects for its working group, aimed at increasing the security of the Czech internet space, particularly in the case of massive (D)DoS attacks led from abroad, which is always a sensitive topic as Christmas approaches. Representatives of NIX.CZ management presented two possible solution proposals to their members - Remotely-Triggered Black Hole Filtering and Secure VLAN. Remotely-Triggered Black Hole Filtering is a technique that provides regulation of unwanted traffic already at the entry to the "protected" network. There are many methods and technologies for defending against (D)DOS attacks, but usually several need to be combined, one cannot rely on just one. At the network infrastructure level, we talk about defense using RTBH (remotely triggered black hole filtering), the use of so-called Load Balancer devices, Scrubber-type devices (cleaners, where most bad traffic is separated from good), prefix-lists (AS propagation restriction), rate-limits, access lists at the network layer, firewall, IDS, IPS, etc. Ensuring the availability of a specific service can be further increased by strengthening the robustness of the entire architecture using anycast technology, DNS round-robin, which ensures load distribution among multiple machines with identical content, and so on. The next step can then be placing servers providing one service into multiple networks. z. NIX.cz
