Anyone who follows tech news at all knows there's been a serious spate of high-profile DDOS attacks aimed at various entities recently, including outages affecting both the PlayStation Network and XBox Live online services over Christmas.
What fewer know is that the attacks only ceased because a third party -Kim Dotcom, the controversial founder of Megaupload- actually paid a bounty to the hackers to make them stop.
Many are (finally) seeing this as a wake-up call to start taking network security seriously. A DDOS attack is relatively easy for a hacker group to set up, and it's relatively hard to defend against. But given the huge costs -and embarrassment- associated with such attacks, self-defense is vital.
In this two-part article, we'll take an in-depth look at the problem and how to strenghten your DDOS protection.
The Distributed Denial-of-Service Attack is one of the most basic techniques in the repertoire of black-hat online actors, dating back to at least 1998. Simply put, it means flooding a server with so many requests -or just ping hits- that it overwhelms the server and prevents its legitimate functioning.
Sometimes the packets are deliberately incomplete, or corrupted, to eat up more server resources trying to handle them.
These have become extremely easy to pull off, in large part thanks to viruses which hijack everyday computers without their owners knowing, then use their network connections as part of a distributed attack. These "zombie botnets," as they're often called, can include thousands or millions of unsuspecting participants around the world.
More enterprising hacking groups will even lease usage of their botnet through black-market channels, in a dark adaptation of the usual Software-as-a-Service model. Malicious parties no longer need any skills at all to attack a company, if they can just find a hookup to hire a botnet.
This makes blackmail-style schemes very attractive to online miscreants.
And according to one study earlier this year, malicious DDOS attacks are now occurring at a staggering twenty-eight per hour. This is not a problem that will go away if it's ignored. It's only getting worse and, at present, there is simply no reason to think higher authorities (like governments) will be able to change things any time soon.
Right now, it's a "wild west" situation. It's on every company to provide their own DDOS security. No one can protect you except you.
Your Firewall Is NOT Your First Line Of Defense
Time for more bad news, I'm afraid: Those stateful inspection firewalls will only do so much in regards to DDOS protection. They still attempt to handle and control every packet coming in, comparing it against lookup tables of valid requests, which eat up system time.
Also, most firewalls are too far inside the network architecture. Ideally, DDOS attacks need to be turned away at the network border. Firewalls -especially those integrated into routers- don't come into action until late in the process.
In short, they can be easily overwhelmed.
A firewall in combination with an IDS (Intrusion Detection System) will be a better bet. An IDS is a software-layer protocol with the power to oversee every packet on the network, even before they get to a firewall.
However, they lack enforcement power. Most merely monitor and report to the system administrator, although occasionally they can be empowered to automatically shut down IP addresses or take other proactive measures. Generally, they still require an active administrator acting on the activity they spot.
Invest In Backups
In many cases, insurance may be your best policy. If you have an offsite backup network with a cloud-based architecture linking to it, it's often possible to mitigate a DDOS attack by switching over to other servers for the duration. With proper tunneling and routing, this can be largely invisible to the attackers.
That wraps up this half. In the next blog, we'll discuss more advanced border security systems now on offer, and more response strategies. Stay tuned!
Images Courtesy of: StockPhotos via http://stockphotos.io/