Firewalls and other security products are essential elements of a layered-defense strategy; however, issues they were designed to resolve or mitigate might not not directly relate to DDoS attacks. Firewalls address fundamental network security challenges such as zoning and traffic inspection, but they do not address a fundamental target of DDoS attacks: network availability.
Often, when it comes to protecting against a DDoS attack, many enterprises have a false sense of security. Organizations believe that they have secured their key services against attacks by deploying firewalls in front of their servers; however, the truth is that a multi-layered approach is needed, requiring security controls deployed at various points within the application flow.
There are many things that can be done with existing network infrastructure to protect against network-layer attacks. Network equipment, which is already heavily taxed with production traffic, is vulnerable to minimal increases in traffic, causing availability disruptions. AlgoSec, a leading provider of network security policy management, offers five tips for defending against a DDoS attack.