It’s impossible to predict when distributed denial of service (DDOS) attacks will hit so companies must take measures to mitigate such an incident.
So says Martin Walshaw, senior engineer at F5 Networks, who notes barely a month goes by without media reports of a Web site or service being brought down by a DDOS attack. Sony’s PlayStation Network again became the victim of such an attack recently, while hacking group Anonymous is on a disabling offensive of extremist Web sites, he says.
According to research conducted by B2B International and Kaspersky Lab, 38% of companies providing online services, such as online shopping and online media, fell victim to DDOS attacks over the past 12 months.
Doros Hadjizenonos, sales manager at Check Point Technologies in SA, says DDOS criminal activity was used to attack the Web sites of various gaming platforms last year. This attack involves many computers continuously requesting certain information from the attacked network until saturation and, therefore, its downfall, Hadjizenonos explains.
Walshaw says DDOS attacks can come in a variety of shapes and sizes. “However, the aim of a DDOS attack is always the same – to saturate a server with so many requests that it simply cannot cope, leaving legitimate users unable to connect.
“Attackers will sometimes use their own network of computers to launch DDOS attacks, but what is now more common is for them to use a network of PCs across the world that have been infected with malware that is capable of joining in a DDOS attack without the owner’s knowledge,” Walshaw explains.
The results of a DDOS attack can be disastrous: loss of revenue-generating applications as well as reputational damage can negatively impact a business for years.
However, Walshaw notes: “There are ways a company can keep its applications, services and even its whole network online without stopping legitimate traffic.”
He believes a sophisticated firewall manager, application security manager and local traffic manager combined provide the protection needed to mitigate DDOS attacks, from blocking attack traffic to re-routing legitimate requests to ensure uptime.
Analysis is also key, says Walshaw, adding understanding who is attacking you, as well as how and why, can help prevent an attack from causing too much damage and protect against future attacks.
Establishing which layer is being attacked (application, network or session, for example) will help a company know where to focus its resources, and intelligent firewall management will be able to inspect all traffic coming into a network and stop traffic that is coming from a DDOS attack, he points out.
According to Neil Campbell, group GM for Dimension Data’s Security Business Unit, IT security ‘fire drills’, supported by executive management and the risk committee should be conducted regularly in organisations in order to understand the appropriate course of action in advance of a security breach.
He believes technologies and services focused on incident response – rather than only incident prevention – should be one of the trends high on the agendas of security professionals in 2015.
“It’s inevitable that security incidents will occur. It’s, therefore, critical that organisations begin to focus on identifying what we call ‘indicators of compromise’, putting a comprehensive incident response plan in place, and performing regular IT security ‘fire drills’,” explains Campbell.
He points out the regular fire drills – or rehearsals – will ensure that, in the event of an incident, IT and management teams are clear about what needs to be done, and the business is less at risk. This includes recovering evidence, identifying and resolving the root cause of the incident (not just the symptoms), and undertaking a forensic investigation.