You are the security admin of a company that is worried aboutDistributed Denial of Service abacks affecting your organiza8on. Let usassume other abacks are NOT considered. As a consequence, thecompanies Financial CEO argues that EVERY PACKET entering the networkmust the logged and stored for later inspection. The result of inspection canbe to update firewalls to filter and prevent packets from suspect IP addressfrom entering the network, or possibly abempts to traceback the source ofthe packet (the actual machine that launched the aback).You argue back saying that storage overhead will be enormous, and statethat you will design a logger to sample packets and log. For instance, youcan choose a sampling rate of 1 out or 1000 packets, or 1 out of 2000packets or so for logging. The exact rate of sampling is not important. Whatis important is your argument to sample packets and log, rather than logevery packet. In a practical sense, why would your approach make sense tosample packets for comba8ng against a DDoS aback as compared tologging every packet entering the network?
You are the security admin of a company that is worried aboutDistributed Denial of Service abacks affecting your organiza8on. Let usassume other abacks are NOT considered. As a consequence, thecompanies Financial CEO argues that EVERY PACKET entering the networkmust the logged and stored for later inspection. The result of inspection canbe to update firewalls to filter and prevent packets from suspect IP addressfrom entering the network, or possibly abempts to traceback the source ofthe packet (the actual machine that launched the aback).You argue back saying that storage overhead will be enormous, and statethat you will design a logger to sample packets and log. For instance, youcan choose a sampling rate of 1 out or 1000 packets, or 1 out of 2000packets or so for logging. The exact rate of sampling is not important. Whatis important is your argument to sample packets and log, rather than logevery packet. In a practical sense, why would your approach make sense tosample packets for comba8ng against a DDoS aback as compared tologging every packet entering the network?
Related questions
Question
You are the security admin of a company that is worried about
Distributed Denial of Service abacks affecting your organiza8on. Let us
assume other abacks are NOT considered. As a consequence, the
companies Financial CEO argues that EVERY PACKET entering the network
must the logged and stored for later inspection. The result of inspection can
be to update firewalls to filter and prevent packets from suspect IP address
from entering the network, or possibly abempts to traceback the source of
the packet (the actual machine that launched the aback).
You argue back saying that storage overhead will be enormous, and state
that you will design a logger to sample packets and log. For instance, you
can choose a sampling rate of 1 out or 1000 packets, or 1 out of 2000
packets or so for logging. The exact rate of sampling is not important. What
is important is your argument to sample packets and log, rather than log
every packet. In a practical sense, why would your approach make sense to
sample packets for comba8ng against a DDoS aback as compared to
logging every packet entering the network?
Distributed Denial of Service abacks affecting your organiza8on. Let us
assume other abacks are NOT considered. As a consequence, the
companies Financial CEO argues that EVERY PACKET entering the network
must the logged and stored for later inspection. The result of inspection can
be to update firewalls to filter and prevent packets from suspect IP address
from entering the network, or possibly abempts to traceback the source of
the packet (the actual machine that launched the aback).
You argue back saying that storage overhead will be enormous, and state
that you will design a logger to sample packets and log. For instance, you
can choose a sampling rate of 1 out or 1000 packets, or 1 out of 2000
packets or so for logging. The exact rate of sampling is not important. What
is important is your argument to sample packets and log, rather than log
every packet. In a practical sense, why would your approach make sense to
sample packets for comba8ng against a DDoS aback as compared to
logging every packet entering the network?
Expert Solution
This question has been solved!
Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.
This is a popular solution!
Trending now
This is a popular solution!
Step by step
Solved in 2 steps
