Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/15/2011
01:25 PM
50%
50%

How SMBs Can Minimize Denial-of-Service Risks

As the holiday shopping season looms, SMBs can't afford to have their websites taken down. Consider this expert advice.

Is your online business ready for the holiday shopping spree? It might not be if you're making it too easy for hackers to take down your website.

Though denial-of-service (DoS) and similar, grander-scale distributed-denial-of-service (DDoS) attacks aren't new, like some other threats they've evolved over time--and have become more accessible to the bad guys in the process. According to Ted Swearingen, director of security operations at Neustar, such threats aren't just the bane of big government and big business. Rather, the increased ease with which DDoS attacks can be launched has led to a wider range of targets, including small and midsized businesses (SMBs).

"It used to be where the larger names and companies were attacked mostly, because it took a lot more effort to do DDoS [attacks]," Swearingen said in an interview. "Now, you have so many more people able to participate that anybody can be attacked."

Both DoS and DDoS attacks (I'll use the acronyms interchangeably here) produce the same net effect: Taking down a critical system--often by flooding it with bogus requests, though there are other methods—and making your website or other application unavailable to customers and other legitimate users.

If your website is a critical revenue stream--or in some cases, the revenue stream--then ensuring its security is that much more important--particularly during the busy holiday shopping months, which tend to produce a corresponding uptick in online crime. And Swearingen notes that these days, you don't even need an e-commerce site to become a target. The rise of hacktivism--or what Swearingen calls "social protests"--means just putting out the wrong message or being associated with a broader industry, such as banking or politics, could put you at risk. And a PR problem could turn into a dollars-and-cents problem fast.

SMBs typically can't afford to weather big hits to the bottom line. There's no way to eliminate DDoS risks, but Swearingen outlined some practical steps SMBs can take to mitigate them.

Embrace monitoring. Swearingen said step one for any SMB with limited resources should be to implement a realtime (or near realtime) monitoring system to keep tabs on their environment. He said there are a number of viable freeware and low-cost monitoring tools out there for cash-strapped companies.

"If you can't monitor it, you can't see if something's starting or coming--or if you're actually under DDoS attack--until your customers tell you," Swearingen said. He's an advocate of performance-based monitoring because it can help you understand the limits of your systems--in other words, the breaking points.

Establish baselines. Once monitoring is in place, get to know your system and begin to set baselines and expectations: What is normal traffic for your site? What's normal traffic during peak activity times? Where does traffic typically come from? What kinds of protocols enter your network? Once you've got a handle on what's "normal"--even in abnormal conditions such as promotional periods--you can quickly identify unusual activity. In fact, your monitoring system can do it for you--generating alerts for anomalies such as a traffic spikes, or an unusual traffic type or source. Knowing your aforementioned limits can help you take early action before you actually hit those limits.

Stay current. The basic security practice of keeping your environment current: Keep your operating systems and other software patched and up-to-date. "DDoS will take advantage of an unpatched system or a bug in anything--a firewall, an application, an OS layer, anything of that nature," Swearingen said.

Fine-tune systems. Keeping your systems in optimal health is a proactive practice, one that can produce benefits beyond good security. But Swearingen said that fine-tuning your network's resources is also a good bet against DDoS threats. Optimizing performance will give you a better chance of withstanding unusual activity or an outright attack--sort of like making sure your roof and windows are in good working order even if there's no storm on the horizon.

Control access. Though you'll need to evaluate what makes sense for your particular business, Swearingen said there are a variety of "little things"--in fact, hundreds of them--that can be done to make DDoS attacks more difficult to carry out. One example: consider limiting the connections from a single host or IP address during a single day or another logical time period--this cuts down on the ability of individual attackers to cause problems. Another example: one type of attack attempts to slow or shut down your site with repetitive search queries. Coupled with monitoring, consider siloing the search function so that it can be temporarily disabled without taking down the entire site. Finally, Swearingen said it's crucial to keep tight reins on access to your systems--and then to keep even tighter reins on those access controls, such as firewalls, iptables, load balancers, or routers.

"Make sure you have restrictions so that you limit to only the ports and protocols that are absolutely needed to come into your system," Swearingen said. "By having extra access that's not needed, it just gives the attacker another way in."

Stay tuned for part two, which will look at what goes into a strong response plan for when denial-of-service events do occur.

SaaS productivity apps are good to go--if you can get past security and data ownership concerns. Read all about it in the new, all-digital issue of InformationWeek SMB. Download it now. (Free with registration.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...