How to protect your enterprise from DDoS attacks
Summary
Avoid downtime by protecting your enterprise from devastating DDoS attacks.
Read time: 4 minutes
As DDoS attacks become more frequent, IT needs to add preventive measures to its security roster.
"If you push something hard enough, it will fall over.”
This concept may have comedic origins (it’s Fudd’s First Law of Opposition, from The Firesign Theater), but it’s all too accurate in the world of IT security as well.
Yes, if you overload a system, it will fall over — that’s what Denial-of-Service attacks (“DoS”) are all about. And while one given source might not be able to hit hard or often enough to do serious damage to your system, a million attackers can, all too easily. That’s a Distributed Denial-of-Service (“DDoS”) attack.
Granted, not all DoS and DDoS events begin with malicious intent; legitimate users can easily overwhelm services — both digital and non — that haven’t been provisioned or architected for massive surges in use. Consider downloads of major new songs, videos, operating system releases, or movie trailers; “Black Friday” opening hour at malls; traffic on major holiday weekends; slowdowns and crashes at popular sites like Twitter, Google, and Amazon — and at sites linked to or recommended by Slashdot, Reddit, Digg, or other popular sites. Even the phone system on maximum-calling times like Mother’s Day can inadvertently experience denials of service (this problem still persists in some places).
But Distributed Denial-of-Service Attacks are, increasingly, being used maliciously. Over the past year or so, DDoS attacks have hit PayPal, Bitcoin, HSBC, Sony, and gaming sites like Microsoft’s Xbox Live and Blizzard’s Battle.net, along with many other businesses and government organizations.
And the number, type and range of DDoS attacks continues to grow, making DDoS detection, prevention and mitigation yet one more security to-do on IT’s already long security list.
The Challenges of DDoS
Because DDoS attacks can come from hundreds, thousands, or even millions of different IP addresses, it is often hard to identify the attacking machines and to filter attacks. The tools to create and conduct DDoS attacks are startlingly available and inexpensive — as low as a few dollars — while the cost to the attacked organization can range from $50,000 to $500,000 in lost sales or business disruption for each hour of the attack.
And attacks can last hours and even a full day.
DDoS attacks are often measured by how much network bandwidth they consume, or by the number of simultaneous connections being requested. Is it enough to saturate the network connection to the server or service? Or to overwhelm the application? While most attacks have been single-digit Gbps (billions of bits per second), at least one DDoS attack on a data center was pegged at over 330 Gbps, and tens of thousands of connections were affected. On the other hand, many new attacks use less bandwidth, while lasting longer and doing more damage.
There are many types of DoS and DDoS attacks, including DNS attacks, Layer 3-4 and Layer 7 attacks, ICMP flooding, peer-to-peer attacks, and SYN flooding. There is even one type called “Permanent DoS” (PDoS), or “plashing,” which refers to attacks that require hardware be reinstalled or replaced (for example, by causing hardware to overheat).
Dealing with DDoS Attacks
IT departments geared up to handle malware, intrusions, and other threats aren’t necessarily prepared for DDoS attacks. But that doesn’t mean there is nothing to be done.
Start by understanding that you can’t prevent DDoS attacks. Your goal is to harden your IT infrastructure to resist DDoS attacks, prevent or minimize the damage they can do, and to be ready to deal with damage that may eventually occur.
DDoS solutions include:
Security appliances and software that reside in your network. This includes some components you likely already have, like firewalls and network switches, which may have settings that can help block DDoS attacks. There are also increasing numbers of DDoS tools out there to consider.
Cloud-based services, which you divert all traffic through. With enough bandwidth to “scrub” traffic and absorb volume-based attacks, cloud-based services can work to pass the legitimate stuff along to your site (or to your services elsewhere in the cloud). Cloud-based services offer the simplicity of not requiring you to add hardware, software, or other integration.
Hybrid DDoS protection. Many organizations are adding both premises-based hardware and cloud-based services to their security repertoire.
It’s also important that your IT and customer support staff be ready to react during DDoS attacks. This includes alerting related departments (for example, caution accounting to not approve unexpected large financial requests) and providing places for users and customers to register complaints.
When choosing solution partners:
Look for tools and services that allow for easy ways to add ad hoc patterns and policies
Pay attention to service scalability/elasticity
Engage a trusted partner to synthesize security efforts across your IT system
What’s important to remember is that whatever you set up has to be automatic in its responses. Manual response will take too long, and by the time you’ve completed it, your mission-critical IT has probably succumbed to Fudd’s Law and fallen over.
Is IT outsourcing right for you? We share the benefits in "Top 7 benefits of IT outsourcing."
If you are looking for a IT solutions partner, let's talk.
Recommended for you
Defining Hacking & 11 Essential Hacking Terms
Get to know the basics of hacking with our guide to 11 key hacking terms. Uncover the vocabulary and concepts that make up the world of cybersecurity.
Backup and disaster recovery: Not just an IT issue
Productivity is lost every day and hour without essential data. Data protection, data backup and disaster recovery plans keep business up and running.
Digital Forensics for Kramon & Graham
Learn how Ricoh's Digital Forensics Services helped Kramon & Graham recover $8.5 million through a default judgment, prove data wiping and spoliation of ESI.