gototop

The Growing Denial of Service Threat

Tuesday, 12 April 2011 11:24
Print PDF
Most CIOs already know that a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems acting under the control of a hacker attack and overwhelm a single target website, thereby causing it to become too busy to respond to its intended users or customers.
In a typical DDoS attack, a hacker (or a cracker) begins by exploiting vulnerability in one computer system and making it the DDoS master. From that master system the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple -- sometimes thousands of -- compromised systems. With a single command, the intruder instructs the controlled machines to launch flood attacks against a specified target inundating it with requests. The target becomes too busy to respond to its intended audience and hence this style of attacks is called denial of service. It must be noted that the hacker never really tampers with the target system or website itself; he or she simply causes it to be too busy.
While the media tends to focus on the target of DDoS attacks as the victim, in reality there are many victims in a DDoS attack, the final target as well as the systems controlled by the intruder. Although the owners of compromised computers are usually unaware that their computers have been compromised, they are likely to suffer because performance degradation.

Although many DDoS attacks are politically or commercially motivated, some attacks might just be for ‘fun’ or for practice. So whether you run an ebanking,  eGovernment or eCommerce  website you know your site can be a target. It is also important to understand that a DDoS attack may not only bring your site to its knees but also affect the performance of your back office systems serving this site with data. When business-critical services become unavailable, enterprises lose money and risk damaging important customer relationships. What’s more, when services are unavailable due to external attacks, it can be sensational and unwelcome front-page news especially when the damages could have been prevented.

Although intrusion protection devices, firewalls and other security products are essential elements of a layered-defense strategy, they are designed to solve security problems that are fundamentally different from DDoS attacks. Intrusion detection devices are designed to block break-in attempts that cause data theft. Meanwhile, a firewall acts as policy enforcer to prevent unauthorized access to data.

A quick Google search reveals that there is no shortage of vendor offerings to mitigate the risk of DDoS attacks however most vendors –intentionally or not- seem to provide very little description of how their solutions work. However, most solutions work by combining two capabilities – detection and filtering. Detection means monitoring incoming traffic pattern, comparing it with historical norms and notifying the filtering mechanism once irregularities are observed. The filtering part subjects incoming traffic to rigorous filtering process aimed at filtering out malicious requests and leaving legitimate requests intact. Many such solutions are hosted at and offered by ISPs and hosting service providers although some vendors discuss the need for DDoS prevention also at the application layer not just on the network layers. Yes it is complicated and scary…

DDoS attacks will continue to grow in scale and severity thanks to increasingly powerful (and readily available) attack tools, the multiple points of vulnerability of the Internet, and business' increasing dependence on the Internet. As the cost of these attacks rise, providers, enterprises, and governments must respond to protect their investments, revenue, and services. CIOs should pay attention to their DDoS mitigation strategy in order to avoid revenue loss as well as embarrassing outages.


Add this page to your favorite Social Bookmarking websites
Reddit! Del.icio.us! Mixx! Google! Live! Facebook! StumbleUpon! LinkedIn! TwitThis Joomla Free PHP
Last Updated on Sunday, 22 May 2011 00:32
 

Comments 

 
0 #5 Tarek Wali 2012-12-14 11:09
And DDoS attacks are not slowing down.
See this article ..

http://www.computerworld.com/s/article/9234701/DDoS_attacks_against_U.S._banks_peaked_at_60_Gbps?source=rss_latest_content&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+computerworld%2Fnews%2Ffeed+%28Latest+from+Computerworld%29
Quote
 
 
0 #4 Jack Lynch 2011-07-24 11:13
DDoS is any CIO's worst night mare, the threat is developing much faster than the solutions, business managers won't be able to easily understand the technical complexity of the threat and the general lack of solutions ..

God help us!
Quote
 
 
+1 #3 Zamer Shams 2011-05-04 20:48
DDoS is surely very hard to deal with, we have had discussions with many vendors and no one seems to have the full answer.
I do not think this can be dealt with unless the ISPs is part in the loop. After all such attacks need to be blocked before they arrive at your servers ideally.
Quote
 
 
0 #2 Noor Ibrahim 2011-04-15 08:57
Thanks for this comprehensive overview about DDOS .. Solutions are still developing and like you said vendor literature does not seem to deliver much by way of describing their solutions. Possibly intentionally .. I don't know.
Quote
 
 
0 #1 Fahed Arrab 2011-04-15 08:12
Long on the problem description .. short of discussing the solutions. Visit Cisco.com to learn more about the best solutions for DDoS.
Quote
 

Add comment

By commenting on our blog, you are automatically confirming that you have read and agreed to abide by our editorial policy found under About CIO2CIO - CIO2CIO Editorial Policy


Security code
Refresh


Anti-spam: complete the task
  • Poll
  • Login
  • Search

Does your organization use big data?






Follow CIO2CIO on:

Banner