While DDoS attacks can come in a variety of shapes and sizes, the aim is always the same: to saturate a server with so many requests that it simply cannot cope, leaving legitimate users unable to connect.The MO, however, can vary. Traditionally, attackers have used their own network of computers to launch DDoS attacks. But what’s becoming more common is for them to take over a global network of malware-infected PCs across the world, bombarding the target network without the PC owners ever knowing. The availability of DDoS attack kits, which anyone can download and use to start their own attacks, is only making things easier. DDoS can affect businesses in many ways and attacks can cause damage running into millions of pounds; Forrester Research claims losses can be as much as $27m for a 24-hour period of downtime. They can also permanently ruin a company’s reputation. After all, who wants to do business with a company with reliability issues or who can’t guarantee to protect its customers’ data? But why would a company be a target for DDoS attacks? Hacktivism or a malicious rival are a couple of reasons, but these are relatively rare. Beyond that it is tough to establish whether a business is at risk, when a risk is likely and where it will come from. Two things make DDoS particularly concerning for business: the difficulty in predicting an attack and the growing frequency with which they occur. The positive news is that while prediction may be difficult, protecting against one is less so. The priority is to keep applications, services and network protected without stopping legitimate traffic. But how can you do so? Firstly, put in place firewalls which can handle hundreds of thousand connections per second and provide hardware mitigation for connection based attacks, ensuring that systems are less likely to crash under the weight of the repeated requests associated with DDoS attacks. These need to be full proxy firewalls, which can avert significant downtime and data loss. Secondly, ensure you have policy management software in place which will enable you to check if the end user’s system has been compromised and can help you stop legitimate access being used to piggy back unauthorised access. To be able to make these checks without impacting the end user is important here. Thirdly implement an application security manager and traffic manager solution to provide the combination needed to mitigate DDoS attacks, from blocking attack traffic to re-routing legitimate requests to ensure uptime. Finally, analysing the attack and impact is vital. Understanding who is attacking you, as well as how and why, can help prevent an attack from causing too much damage and can help protect against future attacks. For example, establishing which layer is being attacked (application, network or session, for example) will help a company know where to focus its resources, and intelligent firewall management will be able to inspect all traffic coming into a network and stop traffic that is coming from a DDoS attack. It’s an unfortunate fact that the DDoS threat has never been greater and is likely to continue to grow, especially with the sophistication of attacks developing at such a vast rate. It is now more important than ever that organisations take note and put stringent processes in place to prevent more attacks like this from happening. As ever, the best protection is to be prepared for whatever will get thrown at you and DDoS mitigation should be part of your preparation. The tools are available and straightforward to implement, but it’s down to businesses to prioritise cyber in their planning. Gary Newe is security expert at F5 Networks.
Share this story