[BreachExchange] It’s Time To Protect Your Enterprise From DDoS Attacks
Destry Winant
destry at riskbasedsecurity.com
Wed Aug 22 23:23:16 EDT 2018
https://hackercombat.com/its-time-to-protect-your-enterprise-from-ddos-attacks/
DDoS (Distributed Denial of Service) attacks feature amongst the most
dreaded kinds of cyber attacks, for any enterprise today. This is
especially because, as the name itself suggests, there it causes a
total denial of service; it exhausts all resources of an enterprise
network, application or service and consequently it becomes impossible
to gain access to the network, application or the service.
In general, a DDoS attack is launched simultaneously from multiple
hosts and it would suffice to host the resources, the network and the
internet services of enterprises of any size. Many prominent
organizations today encounter DDoS attacks on a daily basis. Today
DDoS attacks are becoming more frequent and they are increasing in
size, at the same time becoming more sophisticated. In this context,
it becomes really important that enterprises look for DDoS attack
prevention services, in fact the best DDoS attack prevention services,
so as to ensure maximum protection for their network and data.
The different kinds of DDoS attacks
Though there are different kinds of DDoS attacks, broadly speaking
there are three categories into which all the different kinds of DDoS
attacks would fit.
The first category is the volumetric attacks, which include those
attacks that aim at overwhelming network infrastructure with
bandwidth-consuming traffic or by deploying resource-sapping requests.
The next category, the TCP state-exhaustion attacks, refer to the
attacks that help hackers abuse the stateful nature of the TCP
protocol to exhaust resources in servers, load balancers and
firewalls. The third category of DDoS attacks, the application layer
attacks, are basically the ones targeting any one aspect of an
application or service at Layer 7.
Of the above-mentioned three categories, volumetric attacks are the
most common ones; at the same time there are DDoS attacks that combine
all these three vectors and such attacks are becoming commonplace
today.
DDoS attacks getting sophisticated, complex and easy-to-use
Cybercriminals today are getting cleverer and smarter. They tend to
package complex, sophisticated DDoS attack tools into easy-to-use
downloadable programs, thereby making it easy even for non-techies to
carry out DDoS attacks against organizations.
What are the main drivers behind DDoS attacks? Well, there could be
many, ranging from ideology or politics to vandalism and extortion.
DDoS is increasingly becoming a weapon of choice for hacktivists as
well as terrorists who seek to disrupt operations or resort to
extortion. Gamers too use DDoS as a means to gain competitive
advantage and win online games.
There are clever cybercriminals who use DDoS as part of their
diversionary tactics, intending to distract organizations during APT
campaigns that are planned and executed in order to steal data.
How to prevent DDoS attacks
The first thing that needs to be done, to prevent DDoS attacks from
happening, is to secure internet-facing devices and services. This
helps reduce the number of devices that can be recruited by hackers to
participate in DDoS attacks.
Since cybercriminals abuse protocols like NTP, DNS, SSDP, Chargen,
SNMP and DVMRP to generate DDoS traffic, it’s advisable that services
that use any of these ought to be carefully configured and run on
hardened, dedicated servers.
Do repeated tests for security issues and vulnerabilities. One good
example is doing penetration tests for detecting web application
vulnerabilities.
Ensure that your enterprise implements anti-spoofing filters as
covered in IETF Best Common Practices documents BCP 38 and BCP 84.
This is because hackers who plan DDoS attacks would generate traffic
with spoofed source IP addresses.
Though there are no fool-proof techniques that can prevent DDoS
attacks completely, you can ensure maximum protection by ensuring
proper configuration of all machines and services. This would ensure
that attackers don’t harness publicly available services to carry out
DDoS attacks.
It’s to be remembered that it’s difficult to predict or avoid DDoS
attacks and also that even an attacker with limited resources can
bring down networks or websites. Hence, for any organization, it
becomes important that the focus is always on maximum level protection
for enterprise networks, devices, websites etc.
More information about the BreachExchange
mailing list