How should businesses protect themselves from DDoS?
DDoS (Distributed Denial of Service), one of the most dreaded attacks in recent years, has managed to make many Businesses large and small into panic mode from time to time when corporate websites and application services are brought down or heavily disrupted from normal operations. Modern day botnets and attackers are no longer using a single attack strategy but using a wide variety of combined intrusive ways to form a Multi-vector attack (currently known as the most complex type of DDoS attack) on targets.
DDoS attack tools and approaches such as volumetric floods, low-and-slow application targeting methods, and authentication-based strategies can all be launched at the same time in hopes of identifying gaps in an organization’s defense and grounding the discovered targets to a complete halt. Such attacks might not be easy to identify and plan for counter measures as they hit the target in different ways and can cause havoc to operational, IT and business processes at all levels of an organization being attacked. Akamai researchers say that nearly 21% of DDoS attacks now result from Internet of Things devices which it much more difficult for the IT Security team to track down the real attackers. We can already assume that this will only keep increasing over the coming years. https://www.akamai.com/cn/zh/multimedia/documents/state-of-the-internet/akamai-q2-2016-state-of-the-internet-security-report.pdf
Yes, we can generally agree that main objective of any DDoS Attack is mostly about disrupting web services, the impact to business can be varied. These include:
1. Lost of critical data and information.
2. Costs of reputation recovery.
3. Lost of revenue.
4. Implications from regulatory non-compliance.
5. Regulatory fines and legal costs resulting from a DDos attack.
6. Lost of existing and potential customers due to lost of customer confidence.
7. Threat to business continuity especially if the company depends on the online services for survival.
8. Impact to in-store sales Point-of-Sales systems which cannot connect with backend systems.
Before deploying a DDoS protection strategy that makes the most logical common sense for your organization, it’s important to understand some of the more common types of DDoS attacks. Here’s a few of them:
1. Volumetric Attacks a.k.a Volume-based attacks or traffic flooding attacks. Such attacks usually send a large number of spoofed ip packets such as UDP and ICMP packets to the target to flood the target’s traffic until legitimate traffic are limited in access or cut off from access. Malware exploitation that follows are common in such scenario. Volumetric flood-based attacks that can take place at layer 3, 4, or 7 of the OSI model.
2. Bandwidth Attacks by overloading the targeted site with overwhelming amount of spams resulting in degraded network and server performance due to high CPU and memory consumption. Bandwidth attacks can be considered as a kind of asymmetric attacks designed to invoke timeouts.
3. Protocol Attacks with the most common ones being SYN floods and fragmented packet attacks, eating up valuable network, CPU and memory from resources such as firewalls, intrusion detection systems, load balancers, servers, routers and switches. Protocols attacks can be considered as a kind of asymmetric attacks designed to invoke session-state changes.
4. Application Attacks (yes, at the 7 layer of the OSI model), also known as vulnerability-based attacks that exploit application’s oftware vulnerabilities, can consume resources at the software layer. Method such as low-and-slow application attack or GET/POST floods may send requests that seemingly look legitimate at first might built up to eventually crash the target application layer (such as HTTP web service). Application Attacks are directly linked to computational attacks designed to consume CPU and memory, such as GET floods long–running queries and SSL attacks.
As for solutions (and eventually a suitable resilient architecture) , there are many vendor-based solutions as well as open sourced ones mainly falling into 3 broad categories: on-premises protection solution(s), cloud-based scrubbing service(s) and hybrid / meshed-up solution(s).
We keep our options open now and let you update us of your preferred solutions and your selection criteria!
This article first appeared as my contribution on Steadware.com – a brand by Massive Wisdom Group Pte Ltd. If you are referencing this article, please provide a link back to this article’s url: http://steadware.com/how-should-businesses-protect-themselves-from-ddos/