With unprecedented large-scale work-from-home policies being enforced, the VPN gateway has become a crucial, but weak link in the chain of communication from home/remote users to corporate resources. A DDoS attack poses a major threat to the availability of the VPN gateway. Running at or near capacity, even a small DDoS attack can impact the performance or bring down a VPN gateway.

The result? Business essentially stops for the remote/home user.

There are two types of DDoS attacks that are designed to impact a VPN gateway:

TCP State Exhaustion Attack

A TCP State Exhaustion attack is specifically designed to fill the TCP state table with bogus TCP connections. When this occurs in the VPN gateway, legitimate users cannot traverse through the gateway to the corporate resources behind it.

TCP State Exhaustion attack
Click to Enlarge Image

Network Layer Flooding Attack

A VPN gateway interface will typically be smaller in size than its upstream internet circuit size, so a DDoS attack doesn’t have to be as large - only large enough to saturate the VPN gateway’s network interfaces. From the user’s perspective, the corporate resources are down.

Network Layer Flooding Attack
Click to Enlarge Image
AED Detecting a TCP SYN Flood attack
Click to enlarge image

When a VPN gateway is performing poorly or is down, it can manifest itself as a network problem. As such, it can be challenging to determine the cause of the problem using traditional network management and troubleshooting tools. What’s required is smart visibility into network traffic coming into the VPN gateway that can detect traffic anomalies that are indicative of a DDoS attack.

NETSCOUT’s Arbor Edge Defense (AED) is such a solution. AED is an inline security appliance (or virtual device) deployed at the network perimeter, in between the internet router and VPN Gateway/ firewall. Because AED uses highly scalable, stateless packet processing technology, it is not susceptible to TCP state exhaustion attacks and others that can impact a VPN gateway.

Detecting a DDoS attack is not enough. Stopping it before it impacts the availability of the VPN gateway is what’s required to maintain remote worker productivity. In addition to blocking the attack, AED provides real-time and post attacks details such as attack type, size, rate, protocols, and more, enabling the user to interact with and modify mitigation countermeasures as required.

AED’s on-premise location, stateless packet processing technology, automatic detection, and mitigation of DDoS attacks are the best practice in defense of VPN gateways and to maintain remote/home user access to corporate resources.

Call us today to help ensure end user access to corporate resources.