Everything You Needed To Know About DDoS … And More!

Flood! Ping of death! Teardrop! Zero-Day! The terminology used by security experts may cause you to avoid wanting to learn more about it. But today’s business is fueled by the Internet, and your organization is running mission-critical applications on the web.

It may be up to you and your team to ensure that your sites continue to connect you with your customers, end users, suppliers and partners. Since DDoS attacks are increasing in frequency, size and notoriety, I thought it might be important to gain a basic understanding of this type of Internet threat.

We are seeing a sharp rise in the amount of internet attacks that seek to steal, disrupt or disable access to resources and systems. These attacks jeopardize the operation of the enterprise by disrupting sales, causing productivity loss and degrading brand image. Organizations should implement actions to protect not only against the short term effects such as site disruptions and business losses, but also against the long term effects such as brand image and reputation loss.

In simple terms, DDoS attacks affect systems or networks by exhausting resources or exploiting vulnerabilities. DDoS attacks have been evolving rapidly and newer threats are a much more advanced class of attack. The challenge with application-layer attacks is that these attacks are harder to detect; they’re stealthier, and they don’t generate a large network bandwidth but they’re equally capable of taking down a network.

Newer forms of DDoS attacks avoid signature-based defenses, leaving networks vulnerable. A few examples of these types of threats include:

? ICMP Flood or Smurf, in which an attacker depends on misconfigured network devices and uses a fake source IP address that makes it appear as if the attack is coming from inside the network.

? Slowloris is a highly targeted attack that enables one web server to take down another web server by holding open the maximum number of web connections for as long as possible. It does this in a stealthy mode without visibly affecting other services or ports on the target network.

? Zero-day DDoS attacks refers to attacks that target new or unknown vulnerabilities for which a fix may not be currently available.

One of the consequences of the sophistication of DDoS attacks is that it has become challenging for protection technology to keep up. As a result, an organization’s defense strategy will depend on the specific situation at hand, because no single approach will be capable of defending against the increasing variety of DDoS attacks.

According to Gartner’s Anton Chuvakin, “No single type of a security safeguard can reliably stop all DDoS attacks, and thus, enterprise DDoS defense strategy must involve multiple components and safeguard types.“ He goes on to state that “the defense calculus for denial of service is different because no organization can prevent or block all DDoS attacks on its own.”

A layered approach leveraging multiple technologies, security experts and security processes can provide a more effective protection to help mitigate the risks from DDoS attacks.

Commercial Cloud providers host systems for thousands for customers and offer a range of defense mechanisms to help protect customers’ hosted environments. The technology components of a DDoS defense strategy may include the following:

? Firewalls and Load Balancers: These provide basic threat prevention and protection with features like Blocking, Whitelisting, Packet Inspection, and Virtual Private Networks.

? Intrusion Detection & Prevention Systems (IDS): An IDS inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack. An IDS also watches for attacks that originate from inside a system. The primary difference between an IDS and Intrusion Prevention System (IPS) is that in addition to detecting intrusions, an IPS also actively blocks intrusions.

? Web Application Firewalls (WAF): A WAF inspects web traffic and dynamically learns from incoming traffic and adapts to allow legitimate traffic. Unlike traditional firewalls, WAFs have the ability to inspect http and https traffic.

? DDoS Mitigation Services: Commercial Cloud providers’ DDoS mitigation services are hardware-based programs that help keep customer systems online in the event of a DDoS attack. Features include network-wide packet scanning, granular traffic analysis, server-level anomaly detection and a three layer approach to help detect, identify and filter hostile traffic 24x7x365. When an attack occurs, DDoS processing is offloaded from the customer’s configuration to the Cloud providers’ infrastructure allowing the customer to continue to do business as usual even during the attack.

Dealing with DoS and DDoS attacks has become one of the costs of internet applications and infrastructure. These attacks tend to be sophisticated, and no single approach can be effective against all forms of attack. Attacks are highly situational and avoidance can never be guaranteed.

However, a comprehensive and pragmatic security policy, together with a combination of mitigation technologies and assistance from experienced security and network technicians, can help provide guidance and mitigate risks.

For more information about DDoS and how to prevent them, please write me at [email protected].