DDoS protection – what is a DDoS attack and how to mitigate it?

In today’s hyper-connected world, it has never been more important to address and mitigate security threats to your business.

The shift to cloud services has increased substantially over the past few years and it is vital to understand how to reduce the risks that come with the move to this platform. More than 90% of internet traffic will be video within two years. The ratio of connected devices to internet users is projected to be 10:1 by the year 2020. With such a high level of connectivity, outages due to cyber security threats can cost a company up to $100,000 per minute.

The most common threat to cloud users are distributed denial of service (also known as DDoS) attacks. Studies show that targets are not limited to some specific activities but rather that every organization is a potential target. The top four reasons for attacks are:

  • Hacktivism illustrated by Anonymous or Wikileaks organizations.
  • Cyber warfare in order to destabilize a foreign government or an election.
  • Cyber espionage to steal intellectual property of a competitor.
  • Cybercrime in the form of cyberextortion, in which an attack or the threat of an attack is coupled with a demand for money to prevent or stop the attack.

Cybercrime is responsible for over 65% of attacks. It does not matter how large or small your cloud footprint is, everyone is at risk as no segment of activity is immune to attack. With an ever growing array of targets, attacks are becoming more sophisticated. Multi-vector attacks are becoming more aggressive than before with an 84% increase in multi-vector attacks over the past few years. It is also easier than ever to launch an attack due to the availability of tools that do not require special knowledge. One does not need to be a security expert to launch a damaging attack. Events of last week show that the growth of IoT (Internet of Things) is making us more vulnerable as personal devices such as webcams were used as weapons to bombard major sites like Netflix and Twitter with millions of requests.

There are three types of denial of service attacks:

  • Volume based attacks: These rely on swarms of requests, usually from illegitimate IP addresses overwhelming site bandwidth with a flood of traffic. Attacks are measured in bits-per-second (bps). Common attacks include UDP and ICMP floods.
  • Protocol attacks: The goal of protocol attacks is to drain resources by sending open requests such as a TCP/IP request with phony IPs, saturating network resources to the point that those resources can’t respond to legitimate requests. Attacks are measures in packets-per-second (pps). Common attacks include Smurf DDos, Ping of Death, and SYN floods.
  • Application layer attacks: Layer 7 attacks are slow and stealthy by sending seemingly harmless requests meant to bring down a web server or steal data. These attacks commonly target HTTP. Attacks are measured in requests-per-second (rps). Common attacks include Slowloris, Apache Killer and Cross-site scripting, SQL injection, and Remote file injection.

So when choosing a cloud hosting provider for your business, what types of preventative measures should they offer to mitigate your risk of a denial of service attack in the cloud? A good hosting provider will offer a multi-level approach to protect their customer.

lsw_0001lsw_28_cybersecurity

The first level of protection blocks the volume-based attacks on network layers 3 and 4. All traffic coming to your site goes through a filter where it is scanned and any suspicious traffic such as requests from illegitimate IP addresses is scrubbed and the legitimate traffic is forwarded to the origin server. The second level of protection blocks layer 7 application attacks which are more difficult to detect. Prevention for these types of attacks include IP rate limiting, JS challenges, and CAPTCHA. A web application firewall (WAF) security policy can be configured to protect against cross-site scripting (XSS), SQL injection, and botnet signature detection. These measures should be customizable to fit each customer based on their security needs. It is also important that a hosting provider has a combination of premise and cloud-based globally-distributed cyber security platforms so that the attack is blocked at the edge as close as possible from the source.

Because cyber warfare, espionage, hacktivism, and pure financial extortion are spreading, security should be at the core of all IT architecture decisions. You don’t want to be a victim of collateral damage due to a hosting provider having poor security. You also shouldn’t sacrifice web application performance for protection. There is no silver bullet that can prevent attacks but by maintaining good internal security as well as good practices in addition to choosing a security-focused cloud hosting partner, you can significantly reduce your risk.

Leave a Reply

Your email address will not be published. Required fields are marked *