Controls

Terug naar overzicht
Version

SB.11.007 DDoS Network Protections

High
Network Security
nvt
nvt
Organisation
v2.0 (Q1 2024)

Description

Network of IT services must be hardened against Distributed Denial of Service (DDoS) attacks.

Services are configured to avoid participating in DDoS attacks.

There is a documented procedure in the event of high network load (in the case of DDoS attacks for example).

A procedure is in place to throttle traffic from non-critical sources, to ensure continued minimal essential functioning of the service.

Specification

The (D)DoS protection of a preferred supplier is used.

No open DNS resolvers, NTP amplification.

Blocking of broadcasting requests to internal IP addresses originating outside of the network.

Routers with Access Control Lists.

Configure BPDU guard against Spanning Tree Attacks.

Rate-limiting is applied either consistently or dynamically to substantial and potentially malicious traffic.

Integrate Quality of Service into network design.

Specification

ISO

The (D)DoS protection of a preferred supplier is used.

No open DNS resolvers, NTP amplification

Blocking of broadcasting requests to internal IP addresses originating outside of the network

Routers with Access Control Lists

Configure BPDU guard against Spanning Tree Attacks

Rate-limiting is applied either consistently or dynamically to substantial and potentially malicious traffic

Integrate Quality of Service into network design

NBA