Mitigating Strategy to Shield the VPN Service from DoS Attack

The exponential growth of internet and drastic enhancement in telecommunication has made the Internet a part of every aspect in the world. Internet is now the heart of the day to day business dealings throughout the world. This has increased the seeking for sensitive data by the attacker. This in turn increased the necessity to protect data through the Internet. Virtual Private Network (VPN) is a popular service to logically construct private network using the existing public infrastructure. It helps in constructing a geographically dispersed LAN that can securely communicate data using the Internet as the backbone communication network. VPN provides confidentiality, integrity and availability through tunneling and encryption. IPSec protocol based VPN provides various security features but it does not provide any protection against Denial of Service (DoS) attack. DoS attacks to VPN represent a serious threat to enterprises operating over the Internet. It also hinders the services provided by the service providers. It is necessary to provide an uninterrupted VPN service to the enterprises by adding some protection mechanisms. The protection mechanism must be added near the source of the attack to prevent the attack from saturating the high speed link. This paper discusses edge network based protection strategy to shield the VPN service from packet flooding DoS attack.