Scribd Logo
Upload

Welcome to Scribd!

  • NE - 8 - Apply Profile Capture

    Uploaded by

    Roberth
    1 views3 pages
    This document provides instructions for applying profile capture settings to protection groups in an AED system. The steps include stopping an existing profile capture, viewing suggested settings, applying thresholds for various protections like bits per second and packets per second using the auto option, and deleting low protection level values. The process is then repeated for additional protection groups covering web servers, file servers and DNS servers. Upon completing the configuration, the protections will automatically block traffic exceeding the measured thresholds to prevent volumetric DDoS attacks.

    Original Description:

    Original Title

    NE _ 8 - Apply Profile Capture

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for applying profile capture settings to protection groups in an AED system. The steps include stopping an existing profile capture, viewing suggested settings, applying thresholds for various protections like bits per second and packets per second using the auto option, and deleting low protection level values. The process is then repeated for additional protection groups covering web servers, file servers and DNS servers. Upon completing the configuration, the protections will automatically block traffic exceeding the measured thresholds to prevent volumetric DDoS attacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1 views3 pages

    NE - 8 - Apply Profile Capture

    Uploaded by

    Roberth
    This document provides instructions for applying profile capture settings to protection groups in an AED system. The steps include stopping an existing profile capture, viewing suggested settings, applying thresholds for various protections like bits per second and packets per second using the auto option, and deleting low protection level values. The process is then repeated for additional protection groups covering web servers, file servers and DNS servers. Upon completing the configuration, the protections will automatically block traffic exceeding the measured thresholds to prevent volumetric DDoS attacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    14/9/22, 17:55 NE | 8 - Apply Profile Capture

    AED Training
    Applying Profile Capture
    Overview
    Description

    In this lab you will apply the suggested settings from your Profile Capture to AED's rate-based
    protection settings.

    Objectives

    After completing this lab exercise, you will be able to:


    Apply the suggested settings from your Profile Capture to AED's rate-based protection settings.

    Estimated Completion Time

    The estimated completion time for this lab is 20 minutes.

    Lab Topology

    Please ensure you read each step carefully before performing the required task in the order described.

    If you are asked for your [POD] number in this lab, use the number that is part of your NE
    username.

    Example: Username NE312 <=> [POD] = 312

    Apply Your the Profile Capture


    The Profile Capture you started at the end of Lab 8 should have enough data for our lab, so first you will
    apply those suggested threshold values to the Server Types for each of your Protection Groups. In practice
    you should wait until the scheduled time completes for your Profile Capture.

    Next, once the protection settings are updated, you will monitor for, view indicators of, and take action
    against different volumteric-based DDoS attacks.

    1. Skip to Step 3 if a tab to the AED web UI is open. If not, then from your NETSCOUT Experience user
    dashboard click on the AED link to open a new tab to the web UI.

    2. Login to your AED web UI with your NETSCOUT Experience user credentials.

    Username: NE102
    https://portal.ne.netscout.com/dashboard/lab_guide/444/45085/ 1/3
    14/9/22, 17:55 NE | 8 - Apply Profile Capture

    Password: Kinemumo4^

    or

    Username: admin
    Password: Welcome123!

    3. Apply Your the Profile Capture

    To view and apply the Profile Capture select Protect > Inbound Protection > Protection Groups.

    4. Click on the link for your web servers Protection Group. (If you did not use "web servers" as the name,
    then use the name that you created.)

    5. On the View Protection Group page, next to the Server Type setting click on the web servers link (if
    you did not use "web servers" as the name, then use the name that you created).

    6. On the Configure Server Type (web servers) page there should be a message indicating "You cannot
    modify this server type while a profile capture is in progress".

    Click the Stop Profile Capture button.

    7. On the Confirmation Needed pop-up click OK.

    Notice that the Stop Profile Capture button now changed to the Tune Profiled Settings button.

    8. Click the Tune Profiled Settings button.

    9. At the Tuning window that appears, scroll down the page and record which protections have
    suggestions, don't worry about the values for suggested rates for now, just record which protections
    here:

    10. Click on Cancel (at the top right of the page).

    11. Because this is a lab environment we ONLY want to use certain "Suggested Settings".

    Scroll down from the top of the Configure Server Type (web servers) page to the Rate-Based
    Blocking protection.
    Click the View Profile Icon (red/blue/green bars) that is located after the Bits per Second
    Threshold.

    12. In the pop-up window Bits per Second Threshold:

    Click the Auto button.

    Close this window using the "X" in the upper right-hand corner.

    13. Delete the value entered for the Low Protection Level (green shield) column, for the lab
    environment we do not want this threshold at this time.

    14. Click the View Profile Icon (red/blue/green bars) that is located after the Packets per Second
    Threshold.

    In the pop-up window Packets per Second Threshold:

    Click the Auto button.

    Close this window using the "X" in the upper right-hand corner.

    15. Again delete the value entered for the Low Protection Level (green shield) column, for the lab
    environment.

    16. Scroll down the Configure Server Type (web servers) page to the HTTP Rate Limiting protection.

    Click the View Profile Icon (red/blue/green bars) that is located after the HTTP Request Limit .
    In the pop-up window HTTP Request Limit:

    Click the Auto button.

    https://portal.ne.netscout.com/dashboard/lab_guide/444/45085/ 2/3
    14/9/22, 17:55 NE | 8 - Apply Profile Capture

    Close this window using the "X" in the upper right-hand corner.

    17. As previously done, delete the value entered for the Low Protection Level (green shield) column, for
    the lab environment.

    18. Now delete all the values in the Low, Medium, and High Protection Level for the HTTP URL Limit
    setting, all settings should be blank (or empty) for the lab.

    19. Click Save to apply the new protection settings.

    20. For the file servers Protection Group, repeat steps 3-15, then click Save.

    21. For the dns servers Protection Group, repeat steps 3-15 AND scroll down the page to do the same for
    the DNS Rate Limit protection. As previously done, delete the value entered in the Low Protection
    Level setting, then click Save.

    Enter any additional observations or details you may want to include here:

    22. Good work!

    You have applied some Profile Capture suggested settings to your the three Protection Groups. These
    settings will automatically block any misuse traffic that exceeds these measured thresholds. By defining
    these acceptable use policies, these rate-based settings are very good at blocking volumetric DDoS
    attacks.

    23. Please notify the instructor that you have completed this lab exercise.

    If you would like a copy of this lab select either the Print or the Save Page As (Control-S) menu
    options from your browser’s dropdown menu.

    Depending on which browser you are using, to access these menu options select either:

    Select "File" from the your browser's menu, then choose either:

    1.) Print > Print to PDF


    2.) Save Page As > Web Page Complete.

    Or select the three dot vertical ellipsis, then choose either:

    1.) Print > Print to PDF


    2.) Save Page As > Web Page Complete.

    Or select the three line hamburger menu button, then choose either:

    1.) Print > Print to PDF


    2.) Save Page As > Web Page Complete.

    Select whichever method that works best with your browser.

    This completes the lab exercise for the quick installation script for your AED. For more information about the
    configuration settings for your AED's installation, refer to the AED Quick Start Card / Installation
    Guide and/or the Arbor Edge Defense User Guide.

    © Copyright 2022 NETSCOUT, Inc. All rights reserved

    https://portal.ne.netscout.com/dashboard/lab_guide/444/45085/ 3/3

    You might also like