|
Responding To The Growing Threat Of DDoS Attacks
By Joe Purcell
Expert Author
Article Date: 2011-05-13
Sony PSN, Qriocity, MasterCard, PayPal, Visa--what do these have in common? They have all sustained DDoS attacks in the past 6 months, PSN and Qriocity just this past month. McAfee reported in a global survey that "[e]ighty percent of respondents have faced a large-scale denial of service attack (DDoS), and a quarter reported daily or weekly DDoS attacks." DDoS attacks can have a lasting impact and are nearly impossible to defend against.
DDoS attacks can cripple services, especially in financial terms. In a survey by Verisign, over half of the respondents had down time due to DDoS attacks, and almost a fourth of all respondents had sites down for more than 12 hours. Services have been moving online and the internet is providing significant revenue for those corporations, and in some cases, they are completely dependent on their online services.
Denial-of-Service (DoS) attacks are not new and consist of a basic idea: "to render a computer or network incapable of providing normal services" (W3C Security). DoS attacks can be done by bringing down the hardware itself by exploiting vulnerabilities. These attacks can be prevented by implementing security patches, so we will focus on DoS attacks that overload networks and are much more threatening.
Distributed Denial-of-Service (DDoS) attacks are new because they are much more complex. There is just one basic difference between DoS and DDoS attacks. DoS attacks are typically performed by just one computer and can be sustained by firewalls and other basic security measures. DDoS attacks, on the other hand, are performed by many computers so that even if the equipment that is attacked can sustain it the bandwidth is overwhelmed and the service fails.
There are a number of different DDoS attacks, such as smurf, trinoo, TFN and TFN2K, and stacheldraht. Unfortunately, there is no easy way for a service to protect against any of them. The only thing any given person can do is make sure their own networks do not harbor DDoS programs. According to W3C Security's point of view, "the simplest and most effective solution for preventing DDoS is through a global cooperative effort to secure the internet" (Ibid). A report by Purdue's Department of Computer Science goes into how that effort can be achieved.
That said, to help sustain attacks there are a few in house measures to consider as well as prospects of outside help. For in house solutions, administrators can look to implementing load balancing or configuring rate-limiting, access control listing (ACL), and/or filtering on firewalls, switches, and routers. There are also application front end hardware solutions such as Intrusion-Prevention Systems (IPS) to accomplish this, notably IntruGuard. Perhaps the most effective solution is to tighten firewall traffic restrictions to only the necessary ports and/or IP's needed. One manager's solution was to blacklist all the IP's found in the server logs. In many cases this will not be practical.
For outside help, there are a number of DDoS mitigation companies listed such as Verisign, BlackDoS, Staminus Communications, DOSarrest, and Radware. However, working with your ISP may be just as promising. In any case, if your network is experiencing a DDoS attack be sure to report the incident to your ISP.
Whether your organization is large or small, being aware of DDoS and having a plan to deal with such attacks are vital. Though DDoS attacks have largely been performed by organized groups, even just a 16-year-old with a mission can pose a threat. As organizations depend more and more upon internet based services system administrators will need to be prepared for the growing threat of DDoS attacks.
Further Reading:
- WWW Security FAQ: Securing Against Denial of Service Attacks
- IntruGuard - White Papers on DDoS Attack Mitigation
- Recommendations for the Protection against Distributed Denial-of-Service Attacks in the Internet
- CERT/CC Denial of Service
- Protecting Web Servers from Distributed Denial of Service Attacks
- Verisign - Distributed Denial of Service: Finally Getting the Attention It Deserves
- Scalable Protection Against DDoS and Worm Attacks - Purdue University
About the Author:
Joe Purcell is a technology virtuoso, cyberspace frontiersman, and connoisseur of Linux, Mac, and Windows alike.
|
|
