Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/14/2013
12:00 AM
Dave Piscitello
Dave Piscitello
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

DDoS Attack: Preparing For The Inevitable

DDoS mitigation is a challenging undertaking. Here are four steps to help you plan for the worst.

The current landscape of means, motives, and opportunities to execute distributed denial of service (DDoS) attacks makes any organization a more likely target than you might imagine.

Open-source attack tools are easy to find. Acquiring the capacity to execute a DDoS attack is almost a trivial concern for state-sponsored actors or criminals, who can lease an attack botnet or build their own through a malware distribution campaign. And it isn't hard to recruit volunteers to coordinate attacks designed to protest pending legislation or social injustice.

Every organization today is a potential target, and it is essential for both technology and business leaders to consider how they would deal with a DDoS attack. Here are four key steps.

Assess risks
You may conclude that a nation-state could not benefit from disrupting your online operations, but could a crime gang decide that your company is a candidate for extortion? Do your products or services make you a potential target for hate or protest groups? Has your business attracted sufficient recent attention to make you a target for groups seeking notoriety?

If the answer is yes, you will need to assess the likelihood of your organization becoming a DDoS target. Guides like this Forrester whitepaper (commissioned by VeriSign) can help you calculate the probability of an attack, service disruption losses, and the costs of shoring your defenses and responding to an attack.

Develop an action plan
Once you have assessed the risks, consider gathering IT and other personnel to plan how to monitor, respond to, recover from, and make public disclosures about a DDoS attack. If you engage in social media, include parties responsible for your messaging. They are best positioned to monitor public opinion. They can help you distinguish between a DDoS attack and a traffic spike resulting from successful or opportune messaging. They are also the logical candidates to prepare (with legal counsel) and deliver any statements you may issue after an attack.

As you formulate an action plan, consider the forms of monitoring that will help you adopt an early response. Consider, too, how you will restore service or data. Determine what aspects of the plan you will take on yourself and what aspects will require aid from external parties.

The IETF paper RFC 4732 is a good place to start familiarizing yourself with DDoS techniques and mitigation approaches. SSAC advisories and global DDoS threat discussion threads are also valuable resources.

Reports from sources like Squidoo and Arbor Networks describe practical techniques such as rate limiting (e.g., source, connection), address space or traffic type filtering, and Anycast routing.

Talk to outside experts
If you've identified external parties to assist in your response and mitigation efforts, let them know in advance what you'd like them to do if you come under attack. Discuss what intelligence you will share, what you would like them to share, how you will exchange or transfer sensitive information, and what their assistance will cost. Discuss how and when you would contact law enforcement agencies, the press, or customers and what your disclosure process will entail. Exchange emergency and business contact information.

Hope for the best, plan for the worst
DDoS attacks have achieved sustained rates of 65 Gbit/s, so even the best preparations may not prevent a disruption of service. But preparing your defense strategy in advance will shorten your response time during the attack. After the attack, these preparations will help you collect information for a postmortem, so your team (and external parties) can learn from the event and adjust your response.

DDoS mitigation is challenging. There's no shame in outsourcing. If you invest the time to research DDoS defense only to conclude it's more than your organization can handle, the time you've invested is still worthwhile. It will help you make an informed, calm choice from among the available DDoS mitigation services.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Apprentice
11/17/2013 | 6:51:53 PM
anti-DDoS
Interesting development in this space was Google's recent launch of a free DDoS mitigation service for nonprofits and activitists. It's invitation only right now to organizations "with sites serving media, elections and human rights," according to Google's Project Shield webpage.

 
 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...