Anonymous group's DDoS attacks lead to a fresh interest in how to secure against an invasion

News by Dan Raywood

Last week's multiple distributed denial-of-service (DDoS) attacks have led to a fresh interest in how to secure a website against such an invasion.

Last week's multiple distributed denial-of-service (DDoS) attacks have led to a fresh interest in how to secure a website against such an invasion.

Owen Cole, technical director at F5 Networks, commented that DoS attacks are becoming an increasingly common way of bringing down websites and holding firms to ransom. The Anonymous group uses a botnet of compromised PCs that are controllable via the ‘Low Orbit Ion Cannon' (LOIC), which is used to direct PC traffic towards delivering a DoS attack.

“The MasterCard website went offline recently when approximately 400 computers targeted the LOIC at it. Visa stood up to attack much better, as the servers were distributed over Akamai's content delivery network,” he said.

“There are two main ways of mitigating a DDoS attack without carrying out a server migration. Companies can use software and equipment which sets rules to detect when site latency (i.e. response time) goes up by a certain percentage (e.g. 500 per cent) or latency reaches x milliseconds. Alternatively, companies can check the number of transactions (i.e. requests for information) per second, and block sources when it increases by a certain percentage or reaches a certain figure.”

In a recent conversation with SC Magazine about dealing with heightened levels of traffic during busy shopping periods, Tufin CEO Ruvi Kitov said that these sorts of challenges can be overcome with the proper preparation. “You do not want a DoS to get into your connections and to kill your firewall, you can set the configuration to how many connections to allow and you can tweak and tune it so it is not too low or too high,” he said.

“You get an alert and increase the traffic capability to a higher number, it is very dependant on the environment, the type of connections and what traffic is running through it. Also what is behind it and it will identify a real situation. This is the right way to do it as it can hold the capacity and you will know what capacity it can hold.”

He also said proper firewall control can ensure that you have capacity and can fine tune and not to turn away any users. “Can you imagine if Amazon turned away every fifth visitor? If the allowance is too high it can topple the firewall,” he said.

Professor John Walker, a member of the ISACA Security Advisory Group and CTO of Secure-Bastion, said that last week's incidents show that cloud computing could be a more robust solution than a traditional IT operation.

He said: “With the backdrop of common perception that ‘anything' cloud-based is insecure, let us consider the inference of the recent successful DoS attacks associated with the WikiLeaks events. Whilst some corporate brands fell under the logical weight imposed by cyber attacks, some cloud-based sites successfully sustained their operations during such adverse conditions.

“Does this not beg the question why this could be? Does this not suggest that some of the better cloud providers have higher capacity to deal with sustained adverse conditions? Could this suggest that they may not be as insecure as perception would have us believe?”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews