A Recent DDoS Prevention Experience


I recently helped our company deploy an interesting technological solution for a distributed denial-of-service (DDoS) attack.  A denial-of-service (DoS) attack happens when an attacker floods a network with information.  A distributed denial-of service attack happens when a sophisticated attacker with access to many computers, launches a similar attack from many, many computers, overwhelming the computing services in the target network, and preventing legitimate users from accessing information or services (McDowell, 2009).

My company has web based applications related to consumer credit.  We have various internet WAN connections, but they add up to about one Gigabit Ethernet WAN connection.  This may sound like a lot, but modern DDoS attackers could easily overwhelm a connection like this or the servers we have with waves of malicious data from their botnets.

We deployed a hybrid solution from Arbor Networks, so we have both on premises devices as well as a cloud based service.  We first deployed on premise Arbor Availability Protection System (APS) devices online in our WAN connections.  These devices can detect DDoS attacks, and also “black hole” traffic from them.  So they themselves can detect and re-mediate smaller attacks (Arbor, 2016).

We also have the “Arbor Cloud for Enterprises” solution.  To prepare for using this, we made network routing changes to allow the Arbor Networks’ “Scrubbing Centers” to insert themselves on demand into our network path.  Normally, Internet traffic comes in directly to us.  When a large volumetric DDoS attack is detected, one that is too large for the on premises devices to deal with, then we “flip the switch” and our traffic is re-routed through the Arbor “Scrubbing Centers” who in aggregate can handle 1 Terabit WAN traffic flows (much larger than ours).  The DDoS traffic is removed from the incoming data, and normal legitimate traffic is allow to pass through (Arbor, 2015).

I first thought that this was marketing “hokum” but then I assisted with testing our Arbor Cloud solution last week.  It really does work.  When we invoked the scrubbing, our traffic was almost instantaneously routed through the scrubbing centers, and legitimate traffic continued to make its way to us correctly.  I did various network tests before and after scrubbing was invoked, and I could tell no difference.  I feel more reassured now than we have some protection against DDoS.

Arbor Cloud DDoS Protection Service for Enterprises. (2015). Retrieved September 17, 2016, from https://www.arbornetworks.com/images/documents/Data Sheets/DS_Arbor_Cloud_Enterprise.pdf

Arbor Networks ® APS. (2016). Retrieved September 17, 2016, from https://www.arbornetworks.com/images/documents/Data Sheets/DS_APS_EN.pdf

McDowell, M. (2009, November 04). Security Tip (ST04-015) Understanding Denial-of-Service Attacks. Retrieved September 17, 2016, from https://www.us-cert.gov/ncas/tips/ST04-015

I passed the Juniper Networks Certified Associate – Junos (JNCIA-Junos) exam!



I took the Juniper Networks Certified Associate – Junos (JNCIA-Junos) on 02 Jun 2016 and passed!  Here’s my thoughts on the test and how I prepared for it.



Read more

Junos Foundations: JNCIA-Junos Boot Camp (IJOS, JRE) – April 07 – 08 2016


At TransUnion Interactive, we are a Juniper shop.  We have various network switches like QFabric, and a large variety of network devices, routers, firewalls, etc.  As a Senior Infrastructure Engineer, I work on and are responsible for design, deployment, and maintenance of this equipment.  Supporting Juniper is new for me, and I am enjoying learning more about Juniper.  I recently had the opportunity to take a class to prepare me for the Juniper Networks Certified Associate – Junos (JNCIA-Junos) certification, and here are a few notes about that class.


Read more

VMware Horizon (With View): Install, Configure, Manage [V6.0] – Jan 4 – 7 2016


At TransUnion Interactive, we offer each associate a desktop virtual machine.  We use VMware Horizon View for this.  I am the primary system administrator responsible for our Horizon infrastructure.  Another team deals with the details of desktop support.  I recently had the opportunity to sit for the VMware training for Horizon, and here are a few notes about that class.


Read more

3000 Virtual Machines!

At work, we just went over 3000 VMs.  vmware-logoThis is with a relatively small team, thanks to some innovative automation of provisioning and management.



Read more

I passed the VMware Certified Professional 5 – Data Center Virtualization (VCP5-DCV) exam!

I took the VCP550 exam for VCP5-DCV on 26 Feb 2015 and passed!  Here’s my thoughts on the test and how I prepared for it.


Read more

I’m now at TransUnion Interactive in San Luis Obispo, CA!

After a few years of working at Cal Poly, SLO and SJSU, I retired from the CSU on Halloween 2014 (Boo!).  I was retired 2 days, and I started the following Monday 03 Nov 2014 as a Senior Infrastructure Engineer at TransUnion Interactive in San Luis Obispo, CA.  TransUnion Interactive (TUI) is a wholly owned subsidiary of TransUnion.  We provide credit reporting and other service directly to consumers, and also support other major partners with highly available web services 24X7.  TUI has about 150 employees and is growing rapidly…

I’m doing storage, virtualization and system administration work, making the magic happen with NetApp, Nimble, HP BladeSystems and a little Cisco UCS.

My recruitment process should be a LinkedIn commercial.  TUI HR found me on LinkedIn, contacted me through them, and did a successful non-traditional LinkedIn style recruitment.

ITIL Foundations Class – March 26-28, 2014

Our organization at SJSU is implementing IT service management based upon ITIL.  To support this, I recently took a ITIL Foundation class from Global Knowledge on site at SJSU from March 26-28, 2014…

Read more

Cisco DCUCI v5.0 – Data Center Unified Computing Implementation, 22-26 July 2013

I recently attended Cisco DCUCI v5.0 – Data Center Unified Computing Implementation at Global Knowledge in Santa Clara.  This is one of the Cisco classes for using their Unified Computing System, which are basically a blade chassis system for servers.

Implementing Cisco Data Center Unified Computing (DCUCI) is designed to serve the needs of engineers who implement Cisco Unified Computing System (UCS) B-Series Blade Servers and Cisco UCS C-Series Rack-Mount Servers.

Read more

VMware View: Desktop Fast Track [V5.1] Course – Online June 10-14, 2013

I recently had the pleasure of attending VMware View: Desktop Fast Track [V5.1] online.  We bought this directly from VMware, which gives you the (BONUS!) free voucher for the VMware Certified Professional 5 – Desktop examination.  The Fast Track class is actually a 5 day version of 2 standard classes (boot camp style) – it combines View 5.1 Install, Manage, Configure (4 days) with View 5.1 Design (3 days) into one fun filled 5 day week.  VMware says:

This fast-paced, extended-hours training course includes the content of the following courses:
•  VMware View: Install, Configure, Manage
•  VMware View: Design Best Practices
This hands-on training course builds your skills in the VMware® View™ suite: VMware® View Manager™, VMware® View Composer™, and VMware® ThinApp®. The course provides applications-oriented administrators with the knowledge and skills to virtualize Windows applications with ThinApp and to choose the best deployment and updating processes for their environment. The course also presents a methodology for analyzing and designing a View solution for the VMware® vSphere® infrastructure.

Read more