Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV

11/7/2017
01:50 PM
Andy Patrizio
Andy Patrizio
Andy Patrizio
50%
50%

Gladius Brings Distributed Defense to DDoS

You can either build dozens of data centers or you can harness millions of volunteer clients to deal with DDoS. Which one would you choose?

Distributed Denial of Service (DDoS) attacks are a constant nuisance, mostly because they are so easy to initiate. There are tools on the dark web that make it easy for anyone with a grudge to cause some real havoc. Hackers can even repurpose legitimate "penetration testing" services in executing this type of attack.

Unfortunately, it's not only a nuisance, but it also comes with costs. For a large enterprise, the average cost from addressing a DDoS attack is $250,000 per hour.

The solution up to now has been to throw bandwidth at the problem -– distribute the traffic load so far and wide, such that there is no single point of vulnerability. For example, the content delivery network (CDN) giant Cloudflare operates 118 data centers around the world to help avoid a single choke point.

A startup called Gladius thinks it has an alternative. Rather than build out (or co-locate in) data centers, it lets individuals share the spare bandwidth they have at their own home connections, thus turning every desktop or laptop computer into a distribution node.

End users simply download and install the Gladius client, which then uses spare compute cycles and bandwidth to help distribute content through a decentralized CDN. Files are then cached on their computers for faster delivery to web clients who are closer to their geographic location than the main server. And when a DDoS attack occurs, traffic can then be distributed to the thousands and thousands of user nodes across the globe.

Gladius has significant similarities to BitTorrent in the way it operates. With BitTorrent, bits and pieces of a file are downloaded from a peer-to-peer network of computers, so that no single server is burdened with traffic.

With Gladius' CDN, files are likewise cached across a decentralized network, so that there is no single point of vulnerability or failure.

The main difference, however, is that Gladius uses the Ethereum blockchain to establish smart contracts every time there is load distribution or file download. Users also get paid for their spare bandwidth through GLA tokens, which are cryptocurrency that can be exchanged for fiat money or exchanged for other cryptocurrencies like Bitcoin or Ether.

Of course, how much you can actually earn from Gladius is unclear, but it would depend on how much of your bandwidth the network actually uses -- I wouldn't plan my retirement on it.

Gladius uses blockchain to administer and allocate the resources of the network and manage payments. Because of this, there is no centralized storage location, making DDoS attacks much harder, if not impossible, to succeed.

There is another security-related reason for such a server-free architecture. Gladius will have no role in storing sensitive data, managing communication channels between customers and pools, or controlling who has access to the platform. In theory, the product is community-owned, not Gladius-owned. It could outlive Gladius, because even if the company goes away, the network will still operate, although the network will likely fade away if the company does as well.

It also means that as Gladius clients come online in areas not normally served by massive data centers, like Africa, the Middle East, parts of Europe, Asia, and South America, those people will be served by content distribution nodes closer to home -- something that the current major services like Cloudflare do not offer.

The company believes it might be able to convince ISPs to not only not stop their customers from using its software but even get master nodes inside of their network because it would have a net effect of lowering the traffic leaving their network, because static content would be cached and served from inside their own network. Less traffic leaving means they actually money that they would otherwise pay their transit provider for.

The success of Gladius depends on ubiquity. It can't be a quiet sensation or a well-kept secret. The more clients out there, the more successful it will be. Would you consider running Gladius on your PCs at work? At home?

Related posts:

— Andy Patrizio has been a technology journalist for more than 20 years and remembers back when Internet access was only available through his college mainframe. He has written for InformationWeek, Byte, Dr. Dobb's Journal, eWeek, Computerworld and Network World.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37104
PUBLISHED: 2021-09-28
There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacke...
CVE-2021-37105
PUBLISHED: 2021-09-28
There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal.
CVE-2021-37106
PUBLISHED: 2021-09-28
There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user in...
CVE-2021-22535
PUBLISHED: 2021-09-28
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.
CVE-2021-34636
PUBLISHED: 2021-09-28
The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up ...