Combating DDoS attacks in the cloud
Combining cloud-based DDoS protection and managed DNS services to thwart large attacks
While distributed denial-of-service (DDoS) attacks are nothing new, in the last year, we have seen larger, stealthier and more targeted and sophisticated attacks than ever before.
We've also seen a dramatic expansion of target company profiles, elevating the need for DDoS protection for companies of all sizes that conduct business online or are highly dependent on their online brand and reputation.
A denial-of-service (DoS) attack occurs when traffic is sent from one host to another computer with the intent of disrupting an online application or service. A DDoS attack occurs when multiple hosts (such as compromised PCs) are leveraged to carry out and amplify an attack.
Attackers usually create the denial-of-service condition by either consuming server bandwidth or by impairing the server itself. Typical targets include web servers, DNS servers, application servers, routers, firewalls and internet bandwidth.
With the dependencies today that organisations from all industries have on the internet, these types of attacks are quickly becoming a top concern for CIOs or those responsible for IT security and network operations. In the past, these professionals have relied on over provisioning of bandwidth and firewalls to help prevent DDoS attacks, but these methods have proved costly and ineffective. The cloud has prevailed as the most efficient solution for cost savings, efficacy and ease of implementation.
If you're looking for a DDoS protection solution, the following five tips can help you protect your online assets from a DDoS attack and guide you to the right provider.
Five tips for DDoS protection:
1 - Centralise data gathering and understand trends: At the most basic level, successful DDoS protection involves knowing what to watch for, monitoring for unusual traffic patterns and activity and staying abreast of what's going on in the world to identify and validate potential/emerging attacks more rapidly to extract lessons learned into the appropriate incident response.
2 - Define a clear escalation path: Systematic processes and methodology are essential for effective DDoS attack mitigation, such as having defined standard operating procedures and incident response teams in place. Also, it is important to prepare for downtime by understanding which systems are vital to your business, and developing and testing contingency plans for short-term (e.g., one hour), medium-term (e.g., 24 hours), and long-term (e.g., multiple-day) network or service outages.
3 - Use layered filtering: The goal of DDoS mitigation is to exclude only unwanted traffic while allowing legitimate traffic to enter the network with minimal delay. The most effective means to accomplish this is to use a multi-layered verification process.
4 - Build in scalability and flexibility: To make sure systems will function properly under attack conditions organisations must have a highly scalable, flexible infrastructure that has been tested in various scenarios to identify breaking points. It's also important to use a distributed model to create and maintain redundancy for high-value applications and services.
5 - Address application and configuration issues: DDoS attacks have evolved from brute force attacks at the network layer to more sophisticated, difficult-to-detect attacks at the application layer. Attackers can learn the acceptable threshold of activity for an individual application, and then sneak in as an unperceived increase in network traffic. In the overall context of the network, the increased traffic is not an issue, but if the targeted application has a low tolerance for high-volume traffic, the attack can take down the application.
Sean Leach is vice president of technology at Verisign's network intelligence and availability group