Investigating Open-Source DDoS Mitigation Tool iptables, vs. Cisco ASA for Small Enterprises
2025 (English)Independent thesis Basic level (university diploma), 5 credits / 7,5 HE credits
Student thesis
Abstract [en]
Internet-based businesses are prime targets for Distributed Denial of service “DDoS” at-tacks that can grind operations to a standstill and inflict severe financial and reputation harm. Commercial products such as Cisco ASA are extremely effective but usually cost a lot and are so complex that they are often out of smaller businesses' budget brackets. Is there, however, a real-world, budget-friendly alternative?
This thesis explores whether open-source product iptables is able to create a practical defense for common DDoS at-tacks such as SYN floods and HTTP floods. We do so by controlled testing, comparing protected and unprotected configurations and monitoring key metrics such as throughput, CPU usage, bandwidth , memory and latency. And finally, we superimpose these with those for Cisco ASA to establish whether or not open-source solutions are able to hold their own.
The task? To offer small businesses practical, affordable cybersecurity solutions because not all businesses can justify enterprise solutions, but that’s not a reason they need to be defenseless.
Place, publisher, year, edition, pages
2025. , p. 23
Keywords [en]
Iptables, Cisco ASA, DDos attacks, SYN flood, UDP flood
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:hv:diva-23721Local ID: EXN300OAI: oai:DiVA.org:hv-23721DiVA, id: diva2:1981412
Subject / course
Computer engineering
Educational program
Nätverksteknik med IT-säkerhet
Supervisors
Examiners
2025-07-222025-07-042025-09-30Bibliographically approved