F5 White Papers on integrating Citrix Applications

Introduction

For over 15 years, F5 has worked with customers to defend their applications against distributed denial of service (DDoS) attacks. Over time, many core features of the F5® TMOS® system have been made resilient against DDoS attacks. The high profile attacks since 2012 have large financial customers and enterprises redesigning their networks to include DDoS protection. Working with these customers, F5 has developed a DDoS Protection reference architecture that includes both cloud and on-premises components. The cloud component of the DDoS Protection reference architecture works as an insurance policy for volumetric attack mitigation. On premises, the reference architecture includes multiple tiers of defense to protect layers 3 through 7. The network defense tier protects DNS and layers 3 and 4. Freed from the noise of the network attacks, the application defense tier can use its CPU resources to protect the high-layer applications. This strategy enables organizations to defend against all types of DDoS attacks and is already providing benefits at several F5 customer data
centers.

The Four Categories of DDoS

While the DDoS threat landscape is constantly evolving, F5 has found that attacks
continue to fall within four attack types: volumetric, asymmetric, computational, and
vulnerability-based. These attack categories have the following characteristics:

  • Volumetric—Flood-based attacks that can be at layer 3, 4, or 7.
  • Asymmetric—Attacks designed to invoke timeouts or session-state changes.
  • Computational—Attacks designed to consume CPU and memory.
  • Vulnerability-based—Attacks that exploit software vulnerabilities.

Defensive mechanisms have evolved to deal with these different categories, and today’s high-profile organizations have learned to deploy them in specific arrangements to maximize their security posture. By working with these companies and fine-tuning their components, F5 has developed a recommended DDoS mitigation architecture that can accommodate specific data center size and industry requirements.

In order to learn more about the topic please click on the following link.

The F5 DDoS Protection Reference Architecture