Operations
5/27/2016
11:00 AM
Vincent Berk
Vincent Berk
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Ultimate Guide To DDoS Protection: DDoS Is A Business Problem

In the first of a two-part series, we examine the impact DDoS attacks have on business continuity - and why it is so much more than a network security problem.

DDoS attacks have been around pretty much as long as the Internet’s been around – and they still pose significant risks today for organizations of all sizes and types. But while the network security team is responsible for DDoS prevention, detection, and remediation, it’s not just a network security problem. Because DDoS can shut down an organization for hours – or even days – business repercussions can be significant.

There are many different kinds of DDoS attacks, but they can all be categorized into the following major groups:

Volumetric or connectionless attacks. This is the most common form of DDoS attack and the goal is to overwhelm a site’s bandwidth. These attacks use botnets – networks of infected systems – to flood the target network with so much traffic that operations are slowed or interrupted completely.

TCP state-exhaustion or protocol attacks. These attacks target Web servers, firewalls, load balancers, and other infrastructure elements to disrupt services by exhausting the number of connections these systems can support.

Application-layer or layer-7 attacks. These attacks exploit specific weaknesses in applications, as opposed to network services.

Zero-day attacks. These attacks target previously unknown vulnerabilities in a system or application for which there is no fix or patch yet available. 

The Problem is Growing

The number of DDoS attacks has been increasing and sees no sign of letting up. The Verisign Distributed Denial of Service Trends Report found that DDoS attack activity increased 85% year over year. And the bad news doesn’t stop there. The attacks themselves are getting bigger, with an average attack size of 6.88 Gbps. In the timeframe covered by the report, Verisign mitigated the largest ever attack it has seen at 125 Gbps. The recent attack on the BBC may have been the largest in history – 602 Gbps!

DDoS is Cheap and Easy for Attackers

There are any number of tools freely available on the Internet to help people with malicious intent to perpetrate a DDoS attack. They will need resources to scale the attack, but building a botnet is pretty easy, too. Again, methods and tools are freely available online to help attackers build their own, or they can rent a botnet for as little as $2 per hour or buy a botnet for $700, according to the Wall Street Journal.

With the emergence of DDoS-for-hire or DDoS-as-a-Service, would-be attackers don’t need to have any knowledge or resources at all – just cash. Even this is incredibly cheap – the average cost is reportedly around $40 per hour. These organizations operate as “professional” services with discounts, subscription packages and return policies. They promote themselves as “DDoS simulators” or resources to check your own security defenses – but nothing stops a paying customer from launching an attack on an unsuspecting victim.

The Modern Network is Riddled with Exploit Opportunities

Today’s networks are complex, with a large number of systems, applications, connection points, and protocols. Add mobility and the Internet of things (IoT), and the number of connected devices and components is exploding. With increasing complexity and connection points comes increased potential vulnerabilities that attackers can exploit – which increases security and monitoring challenges. Every system, application, and connection point needs to be built and configured to maximize security and minimize potential vulnerabilities. Using multiple security tools, procedures, and approaches for a defense-in-depth strategy continues to be important.

DDoS Detection: The [Dark] Power of Distributed

Denial of service is the goal of the DDoS attack. But the distributed nature of the attack using botnets – and the use of IP address spoofing – makes the location of the attacking machines difficult to identify. It also makes it more difficult to mitigate because it’s tough to filter based on source address.

Speed is Critical

Kaspersky’s Global IT Security Risks Survey 2014 – Distributed Denial of Service (DDoS) Attacks found that a single DDoS attack can cost companies from $52,000 to $444,000 in lost business and IT spending, depending on the size of the company. This doesn’t even factor in the financial impact of reputational harm. When your organization gets hit by a DDoS attack (no matter what size your company is, it really is a matter of when and not if), you need to be able to detect and respond fast. You need to be able to detect within seconds and mitigate within minutes.

You Detected a DDoS Attack … Now What?

Detecting an attack is just the first step. Once you realize that your organization is under attack, you need to stop the onslaught, but the key is to do this without disrupting legitimate traffic. This requires passing network traffic through “scrubbing” filters. This typically happens in the cloud, which can handle today’s large DDoS attacks, minimizing the impact to your network. 

Related Content:

Dr. Vincent Berk is CEO of FlowTraq with 15 years of IT security and network management experience. He is a member of ACM and the IEEE. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
5/29/2016 | 12:36:33 PM
Ease of Execution
As the article denotes, DDoS is very low in terms of complexity for an attacker to execute. Aside from the fact that it can be so extermely detrimental to a business makes it a dangerous tool in an attackers arsenal. A plausible speculation is that this type of threat will be around for years to come.
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
5/29/2016 | 12:34:16 PM
Effective but Costly
I would recommend, if you had the money to do it, using a traffic scrubber like a prolexic. The traffic is diverted from your network and scrubbed for genuine purpose. Monitoring at the pipe is good too but it has its cons.
1.9 Billion Data Records Exposed in First Half of 2017
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/20/2017
To Be Ready for the Security Future, Pay Attention to the Security Past
Liz Maida, Co-founder, CEO & CTO, Uplevel Security,  9/18/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Jan, check this out! I found an unhackable PC.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Dark Reading Security Spending Survey
The Dark Reading Security Spending Survey
Enterprises are spending an unprecedented amount of money on IT security where does it all go? In this survey, Dark Reading polled senior IT management on security budgets and spending plans, and their priorities for the coming year. Download the report and find out what they had to say.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.