Sunday , 25 June 2017


Managing a Distributed Denial of Service Attack

– Bill Barry, executive vice president of Nexusguard, says:

Large scale hacking incidents are repeatedly making the news, which is naturally causing concern among data center operators. While the media often focuses on hackings that go after vulnerable systems (the big Target breach), Distributed Denial of Service (DDoS) attacks don’t always receive the same coverage. This is an oversight, as organizations such as the European Agency for Network and Information Security (ENISA) reported online attacks including DDoS were on the rise in 2014. DDoS incidents not only cause financial losses, they also result in a loss of reputation. DDoS are especially damaging because they target websites, which are the vital storefront, social media hub, game site, and communications portal; essentially the website is the business.

DDoS attacks are powerful tools for hackers, hacktivists, and even rogue states because they are simple to construct and can produce immediate and severe impacts. While intrusions that go after security vulnerabilities usually require hackers with in-depth systems knowledge, DDoS attacks are decidedly “lower tech.” Many DDoS incidents, such as the one on Scandinavian banks a few weeks ago, involve flooding the victim with packets of data which will overwhelm their bandwidth.

Data centers typically have protocols such as patches to stop malware or viruses, but very few have established DDoS defenses. For more thorough protection, companies should partner with DDoS mitigation vendors who have extensive experience in this space. However, for firms that want to manage protection in-house, here are four key tips:

 

  • Establish who is in charge of system protection and managing the aftermath. Operators should know what party is responsible for preventing DDoS attacks and who will address incidents; whether it’s the hosting company, ISP, or the hosted customer. There are risks with shared infrastructures, so operators need to clearly establish protection responsibilities for every client. Operators cannot force clients to implement individual DDoS protection, but they are responsible if a high-risk tenant crashes the entire data center after an attack occurs.

 

  • Cloud or appliance – weighing the protection options. The faster the DDoS incident is stopped, the less money is lost. Therefore, data centers should proactively determine the type of protection needed, whether it’s a cloud or appliance-based solution. Implementing both takes time, but cloud solutions are naturally easier to deploy. Security professionals should look at both deployment times and outage tolerances to find the best protection choice.

 

  •  Reserve backup IPs. If the operator or hosted customer decide to bypass on dedicated DDoS protection, it is crucial to have a reserve set of back up IPs on hand.  In a situation where an unexpected attack comes , the most swift and effective DDoS mitigation set up will be rendered useless if the back end IPs are already exposed to the attacker.  Therefore, it’s important that these IPs are not exposed publicly to the internet and not in the same address range as the production IPs.  This simple measure can mean recovering within the day, to being down for over a week. 

 

  • Damage control planning is essential. Data centers dealing with a DDoS attack are mainly looking at the technical aspects; how to stop the incident and prevent them in the future. There is another side to the incident that involves the company’s PR and branding. Centers should have a script for vendors, partners, and customers that transparently discusses the incident, including the likely duration of any outage, and concrete mitigation steps. If the outage will affect SLAs, then that needs to be discussed. Responding quickly and forthrightly can help the center preserve some brand goodwill.

Patching security holes to stop breaches is important, but simple yet effective DDoS attacks also deserve increased scrutiny. Websites are critical to any business, and a successful DDoS attack that disrupts the site can cost millions of dollars. Data centers that want to manage DDoS threats in-house should proactively set responsibilities, pick a solution, and build a communications plan to limit the impact.

About the Author:

Bill Barry is executive vice president of Nexusguard, a technology innovator providing highly customized Internet security solutions for global customers of all sizes across a range of industries.  www.nexusguard.com

Host in Ireland