Anti-DDoS products must be able to detect and block at least 80% of attack traffic

One of the technical requirements for a Denial of Service (Anti-DDoS) prevention and control product is to ensure the ability to detect and block attack traffic at least 80%, the ability to protect Minimum 85% purity.
The Ministry of Information and Communications has just issued Decision 923 to issue: "Basic technical requirements for products to prevent and combat denial of service attacks (Anti-DDoS)".

Anti-DDoS is the 9th network safety and security product that the Ministry of Information and Communications has provided with basic technical requirements in order to realize the goal of developing a safe and secure product ecosystem in the country and serving domestic activities. assessment and verification of information security products and services.

The Ministry of Information and Communications recommends agencies and organizations to research, develop, select and use Anti-DDoS products that meet basic technical requirements (Artwork: Internet).
According to the newly issued decision, the Ministry of Information and Communications recommends that agencies and organizations research, develop, select and use Anti-DDoS products that meet basic technical requirements in 9 groups including: documentation, system administration requirements, error control requirements, logging requirements, processing performance requirements, protection requirements, alarm requirements, monitoring requirements and automation requirements.

To ensure the quality of Anti-DDoS products, the Ministry of Information and Communications also clearly guides the criteria and conditions that need to be met for each group of requirements. 

Cụ thể, với nhóm yêu cầu về hiệu năng xử lý, sản phẩm Anti-DDoS cần đảm bảo rằng độ trễ của gói tin được xử lý không vượt quá 3 ms; cho phép xử lý các cuộc tấn công từ chối dịch vụ phân tán - DDoS băng thông tối thiểu 1Gbps/1 thiết bị; đảm bảo khả năng phát hiện và chặn lọc lưu lượng tấn công tối thiểu 80%; cùng khả năng bảo vệ lưu lượng sạch tối thiểu 85%...

For the group of requirements for protection, according to the recommendation of the Ministry of Information and Communications, the Anti-DDoS product must ensure that the customer's service is still working properly before at least DDoS attacks: Flood attack bandwidth, resource exhaustion attack via TCP (transmission control protocol - PV), attack using invalid packets, attack sending packets/requests with high frequency and suddenly, attacks through user behavior analysis, the ability to block and filter packets according to ALC usage policy (ALC is an access control list – PV).

Regarding the warning request, the Anti-DDoS product needs to allow the user to configure the alert, including: Allow to configure the content to send the alert via one of the email/SMS/OTT forms; Allows configuring multiple recipients at the same time via email or SMS; Allows configuration to only send alerts based on desired conditions; Allows to configure separate alarms according to different groups of protected IP addresses; Allows configuring attack alarm detection thresholds for each group of different protected IP addresses.

Along with that, Anti-DDoS also needs to meet the requirement to automatically warn users in real time for types of events such as: Warning when DDoS attack occurs, warning about automatic handling DDoS attack management, warning when DDoS attack is over.

The Ministry of Information and Communications assigns the Information Security Department to assume the prime responsibility for, and coordinate with relevant agencies and organizations in, guiding the application of the requirements in: "Basic technical requirements for Anti-DDoS products".

Before Anti-DDoS, the Ministry of Information and Communications issued basic technical requirements for 8 network safety and security products and recommended agencies and organizations to apply, which are: Web application firewall; Information security event management and analysis; Information security threat knowledge base; Prevention and control of network layer intrusion; Virtual private network; Coordinate, automate and secure information response; Prevention and combat of malicious code; Detect and respond to information security incidents on terminals.