This interview is part of a longer article on NeMo, the DDoS attack detection and mitigation solution for NRENs. Read part 1, in which we interviewed GÉANT’s Senior Information Security Officer Roderick Mooi: https://connect.geant.org/2023/11/22/nemo-the-ddos-solution-for-nrens-interview-with-roderick-mooi-senior-information-security-officer-geant
NeMo in the NREN landscape
In recent years, the NREN landscape has experienced notable new challenges specifically on the security front. Traditional commercial analysis and monitoring solutions adopted by GÉANT were becoming prohibitively expensive, prompting GÉANT to re-evaluate its IT security suppliers. In the quest for more cost-effective and efficient alternatives, GÉANT conducted a comprehensive NREN survey, at the end of which NeMo emerged as a compelling option. Following meticulous evaluations, GÉANT made the strategic decision to transition its entire DDoS C&A service to NeMo in 2020.
NRENs within the GÉANT community are very different in their characteristics, in terms of history, organisational maturity, funding and availability of resources. In the context of DDoS prevention, some NRENs have successfully developed capabilities to monitor and mitigate attacks effectively. However, many NRENs face challenges stemming from limited visibility of what happens on their networks, making them more vulnerable to potential threats.
- In the context of network monitoring and visibility, NRENs within GÉANT can be categorised into three groups:
- Low Network Visibility and Limited DDoS Mitigation Abilities: NRENs in this category grapple with both limited network visibility and a reduced capacity for DDoS mitigation.
- Moderate Visibility or Intermediate Mitigation Abilities: some NRENs fall into this intermediate category.
- Robust Visibility and Effective Mitigation Ability: NRENs in this category boast robust network visibility and effective DDoS mitigation capabilities. However, they are occasionally constrained by financial considerations, as they often rely on commercial, sometimes pay-as-you-go DDoS mitigation service providers.
Evolution of NeMo
Since its inception, NeMo’s development was driven by the motivation to address the unique requirements of NRENs. The field was largely dominated by commercial solutions, but none was tailored to meet the specific needs of NRENs. The origins of NeMo trace back to over ten years ago, when under the leadership of Jochen Schönfelder, the DFN-CERT R&D team invested several person-years on the project. As a co-lead of the security tooling within WP8 in GN5-1 Jochen currently is also advancing SOC’s analytics capabilities with NeMo – which is another direction the software is evolving towards.
While NeMo’s journey is marked by its creators’ intrinsic motivation to cater for the unique requirements of NRENs, its academic-driven development approach is reflected in the well-researched design of algorithms, efficient software implementations, and the strategic selection of mitigation techniques suited to various situations. Due to its efficient design, NeMo is suited to NRENs and academic networks of all three maturity groups.
From Detection to Auto-Mitigation
In the past five years, particularly during GN4-3, the focus for GÉANT has been the creation of visibility and analytics capabilities. As we transitioned into GN5-1, our focus was dominated by detection, however that soon expanded to encompass the complexities of mitigation.
Mitigation, as the final phase in an effective response to DDoS attacks, bears additional complexity as it hinges on intricate hardware dependencies and demands seamless integration into the network’s core. Consequently, deployment of mitigation capabilities necessitates delicate fine-tuning, tailored to the unique network configuration and deployed hardware.
Today, we’re venturing into the field of auto-mitigation, reflecting our unwavering commitment to address the ever-changing requirements of NRENs.
About Eugene
Eugene, a senior software engineer in the R&D unit of DFN-CERT, has been leading NeMo project’s software development in recent years. Currently, he co-leads the DDoS activity for GN5-1 in WP8, while his active involvement on Security within the GÉANT Project dates back to GN4-3. Eugene’s passion is learning and sharing experiences with the community on the topics of Software Architecture & Development, IT Security and Decentralised Systems.
This article is featured on CONNECT 44, the latest issue of the GÉANT CONNECT Magazine!
Read or download the full magazine here