Staying Clear of DDoS Attacks Amidst Turbulent Cyberspace

MALAYSIA: Starting out as simple denial of service assaults launched from a single computer, DDoS attacks have evolved − with the proliferation of botnets − into one of the biggest threats on the security landscape. Verizon in its 2012 Data Breach Investigations Report called these attacks “more frightening than other threats, whether real or imagined.”

Research firm Stratecast in a recent study also found that DDoS attacks are increasing by 20 percent to 45 percent annually, with application-based DDoS attacks in particular growing by triple digits. Stratecast added that attacking via DDoS is one of the most prominent tools used by the hacker community, oftentimes as part of a multi-technique attack strategy.

According to several local newspaper reports, cyber-attacks recently erupted between Malaysian and Filipino hackers over the intrusion and standoff between militants from Philippines and Malaysian Police force in Lahad Datu, Sabah.

Hackers claiming to be from Malaysian and Filipino chapters of the hacktivist group Anonymous attacked websites of both countries. Some claimed to have crashed a few Government websites, and publicly announced their exploits over Facebook.

“The evolution of DDoS attacks highlights the urgency with which governments and businesses must adopt a security strategy to defend themselves. There are proactive steps organizations can take to bolster defenses and reduce the risk of attack,” said Dato’ Seri George Chang, Fortinet’s regional vice president for Hong Kong and Southeast Asia.

He pointed out that a DDoS strategy should attempt to maintain services − especially critical services − with minimum disruption. To that end, businesses can start by assessing the network environment and devising a response plan. Among other things, the plan should include backup and recovery efforts, additional surveillance, and ways to restore service as quickly and efficiently as possible.

“DDoS attacks − like other security threats − will only continue to grow and become more rampant in future. Researchers have found that DDoS attacks are growing not just in terms of frequency, but in terms of bandwidth and duration as well. A decade ago, for instance, 50 Gbps attacks were seen a couple of times a year. Now, such attacks can happen nearly every week. The evolving nature of DDoS technologies will require firms to make a paradigm shift that entails greater foresight and more proactive defences,” said Eric Chan, solution consulting director who is based at Fortinet’s Fortiguard Centre here in Kuala Lumpur.

For proactive protection, Fortinet Inc advises three key steps to follow: implementation of a multi-layer defence strategy, protection of DNS servers and other critical infrastructure, and lastly maintenance of visibility and control of the IT infrastructure.

1. Multi-Layer Defence

A multi-layer strategy is crucial in DDoS protection and this would involve dedicated on-premise solutions designed to defend and mitigate threats from all angles of the network. These tools should provide anti-spoofing, host authentication techniques, packet level and application-specific thresholds, state and protocol verification, baseline enforcement, idle discovery, blacklists/whitelists and geolocation-based access control lists.

When considering dedicated DDoS solutions, organizations need to make sure those will allow them not only to detect application-layer DDoS attacks and efficiently block common, generic or custom DDoS attack techniques and patterns but they will have the ability to “learn” to recognize both acceptable and anomalous traffic behavior patterns based on traffic flow. This traffic profiling is key as it helps detect and restrict threats faster while reducing the event of false positives.

For greater operational efficiency, firms should also look at DDos solutions that offer advanced virtualization and geo-location features.

With virtualization, policy administrators can establish and oversee multiple independent policy domains within a single appliance, preventing attacks delivered in one network segment from impacting other network segments.

Geolocation technologies, on the other hand, let firms block malicious traffic coming from unknown or suspicious foreign sources. This reduces load and energy consumption on the backend servers by eliminating traffic from regions outside the organization’s geographic footprint and market.

2. Safeguarding DNS Servers

As part of an overall defensive strategy, organizations must protect their critical assets and infrastructure. Many firms maintain their own DNS servers for Web availability, which are often the first systems to be targeted during a DDoS attack. Once DNS servers are hit, attackers can easily take down an organization’s Web operations, creating a denial of service situation. DNS protection solutions available on the market today can protect against transaction ID, UDP source port and case randomization mechanism intrusions.

3. Maintaining Infrastructure Visibility and Control

Organizations need a way to maintain vigilance and monitor their systems before, during and after an attack. It’s no secret that having a holistic picture into the IT environment allows administrators to detect aberrations in network traffic and detect attacks quickly, while giving them the intelligence and analytical capabilities to implement appropriate mitigation and prevention techniques. The best defences will incorporate continuous and automated monitoring, with alert systems that sound alarm bells and trigger the response plan should DDoS traffic be detected.

It’s important to have granular visibility and control across the network. This visibility into network behavior helps administrators get to the root of the attack’s cause and block flood traffic while allowing legitimate traffic to pass freely. It also hands administrators the ability to conduct real-time and historic attack analysis for in-depth forensics. In addition, advanced source tracking features can help defensive efforts by pinpointing the address of a non-spoofed attack, and can even contact the offender’s domain administrator.

Turning Attention Back to the Business

Organizations in Malaysia are urged by Fortinet to beef up their response plans and assess their network infrastructure vis-à-vis DDoS threats today. This should include shoring up defenses for critical servers and prioritizing data, implement management and monitoring capabilities to give them a comprehensive understanding of their whole network. Finally, IT administrators should be ready to implement fail-safe measures that quickly identify the source of the threat, minimize the impact of the attack, and restore service as soon as possible.

Author: Terry KS

Share This Post On