DDoS or Distributed Denial of Service attacks have been around since the earliest days of the web. Whilst there have been concerted efforts by bodies such as the US Department of Homeland Security, DARPA, ISP’s and websites themselves, DDos attacks still pose significant security risks for businesses and organisations of all sizes and across every vertical. Whilst your network or website security team is responsible or prevention, detection and mitigation of DDos attacks, defence against them is not confined to network security teams.
As a DDoS attack can shut down not just an organization’s website, but the organisation itself for hours or days, the repercussions for a business, charity or other body can be significant. The inconvenient truth is that you can’t bullet-proof your network to completely block DDoS attacks. However, there are things you can do to minimise the chances of an attack being successful and to maximise your defences against them.
Staying security smart
The first place to begin is with security smart configurations and settings on your network, networked devices and online accounts. It is essential that team members dedicated to network security understand all the ways a potential attacker can exploit systems and system settings. Understanding where and how an attack may come allows you to ensure your critical network infrastructure and applications are configured with the maximum possible level of security and minimise any systemic vulnerabilities.
Once you have identified the critical parts of your network infrastructure and any applications which can be penetrated by a DDoS the next step, following securing these, it to ensure you remain up to date with current patches and software updates. Software vendors work as quickly as possible to to develop patches and updates when zero-day vulnerabilities are identified, issuing updates or patches to re secure their system/ application. Auto updates are a good way to ensure you are always covered, but running regular updates checks and keeping up with industry developments is also advised. The longer the lag between a vulnerability being exposed by a patch/ update and you installing it to your systems, the greater the likelihood you could be successfully attacked.
Our networks are more than just hardware and software architecture. There is always the human element in end users across your business. As well as directly protecting against DDoS attacks it is advisable to ensure your systems are not being used as an intermediary for attacks on other networks or that other vulnerabilities are not being exposed. Attackers will typically gain control of terminals across distributed networks (having infected them with a Trojan virus) to carry out attacks. As well as software solutions to secure against viruses, it is critical to train staff to recognise suspicious links or emails which could be backdoors for a trojan.
As explored network security is critical to your businesses operations. One way to monitor what is happening on your network in real-time is by monitoring network flows. These provide you with real-time information about communications taking place across your network. You can see who is sending/ recieving data and information across the network as well as how much data, with whom and when. It also shows you IP addresses, protocol and port, exporting device and timestamps on the packets. This data is gathered from networked devices such as routers, switches, firewalls, down to the software installed on individual terminals. You can stream data from these sources to you to monitor, giving you an overview of the network. By analysing this flow data, you can flag any traffic anomalies and immediately take action against any suspicious behaviour, preventing an attack before it can take hold.
The market has several solutions currently available which can help your network team protect and defend against DDoS attacks. These fall into two categories, detection and mitigation.
Detection and mitigation of network threats
The best place to start is in detection network threats. You should configure all your network systems (firewalls, IPS etc) to minimise any exposure to DDoS attacks. However many of these tools are not up to the job of defending against these types of (DDoS) attack. Due to the nature of DDoS traffic, you can’t always rely on signatures or source details to identify when an attack is underway. Neither can you afford to wait till network traffic builds to a critical mass and affects your systems availability. This is why implementing a flow-based solution which can detect an attack with a few seconds is vital to ensure competent security.
The next step is mitigation. As every second counts in mitigating and defending against a DDoS attack, your detection system needs to automatically trigger an mitigation solution which directs traffic to a scrubber server or appliance. Additionally to handling the traffic volume associated with a DDoS attack, the mitigation/ defence solution needs to filter ‘bad’ and ‘good’ traffic, allowing the ‘good’ through to your system/ site. Whilst you need to defend against the attacking traffic, legitimate traffic still needs to cross your network borders.
DDoS attacks have been around as long as the world wide web has and they aren’t going away any time soon. Today, the signs all point to an increase in the future. To find the best position to defend against DDoS attacks, organisations need to protect critical systems against the wide range of vulnerabilities on their networks and systems and have the tools necessary to secure a site, whilst detecting and reacting to attacks as quickly as possible without disrupting normal business traffic and operations.
September 1, 2016
September 1, 2016
February 4, 2016