Distributed Denial of Services
|Since 2011, denial-of-service (DDoS) attacks, have started expanding its limits and they have reached the mainstream. Now if we think who is responsible for such attacks then we may get no answer to it. According to a new report by security vendor Radware we have to blame Anonymous for these attacks.
|| DDOS is a type of DOS attack where multiple compromised systems — which are usually infected with a Trojan — are used to target a single system causing a Denial of Service (DoS) attack.
The report says that by distributing easy-to-use DDoS tools, like low-orbit ion canon, DDoS attacks have been made popular by Anonymous. But government bodies and businesses should think more seriously about these attcaks. They can also adopt multiple steps to minimise the effects of the DDoS attacks on websites, servers, databases and so on. So let’s discuss some of those steps which need to be taken in case of these attacks:
#1 First of all you should know your level of vulnerability. You should know you are always at risk and it’s not to create any panic but just a simple acknowledgement of the fact that hackers’ always love to pick random victims. After Anonymous came into action, the Radware report says, “the financial sector, which had not really considered itself as a prime target, was hit and urgently forced to confront threatening situations.” The report also said, “Government sites had been targeted before, but 2011 saw a dramatic increase in frequency, and neutral governments that felt themselves exempt, like New Zealand, were attacked.” So it’s better adopt prevention measures rather than falling victim to Anonymous and its malicious attacks.
#2 DDoS attacks don’t require much activities to get launched but it’s really tough to get stopped. Anonymous recently boasted on Twitter that hackers from their team can easily crowdsource “5,600 DDoS zealots blasting at once”. Anonymous is highly capable of taking down a website of anyone, be it FBI or the Justice Department to the Motion Picture Association of America and Recording Industry Association of America. Rob Rachwald, director of security strategy of Imperva, has said through an email to Information Week, “DDoS is to the Internet what the billy club is to gang warfare: simple, cheap, unsophisticated, and effective.” So it’s better that you know to stop these attacks from the very beginning
#3 Now you need full-proof preparation to stop these DDoS attacks. As Asia Pacific solutions architect for Arbor Networks Roland Dobbins said in a conversation, that if attacked “folks that don’t take active measures to ensure the resilience of their networks are going to get knocked over. They need to do everything they can to increase resiliency and availability.” Roland also made a recommendation that implementing “all of the industry best and current practices for their network infrastructure, as well as applications, critical supporting services, including DNS.” It means proper planning can only lead to success in stopping these harmful attacks.
#4 You need to identify which part of your corporate network can become a bottleneck or the weakest link for the DDoS attack. Radware conducted a survey of 135 people who posses information security expertise. The participants of this survey include IT managers, CIOs and CISOs. This survey concluded that if bottle necks are identified then 30 per cent of server attacks are done from these points, 27 per cent Internet pipes get attacked through these channels and there are several other similar instances too which prove that bottlenecks are the most vulnerable sections of any network. So first identify them and then ensure their security.
#5 You have to remain very careful about the going-on across your network. This is the main way to prevent attacks which will also secure the infrastructure and you can keep a check on the hackers. Actively monitor your network and as Dobbins says, “If the enterprise doesn’t have visibility into their network traffic so they can exert control over the traffic, then they have a problem.” Watch out for any malicious possibility without any idleness.
#6 Don’t think that always large attacks will take place. The most popular type of DDoS attack which is frequently used by Anonymous is a packet flood. What is does is it directs lot of packets at a website and the servers get under enormous pressure.What you need to remember is it’s not necessary that the attacks will be always done in conventional ways only.
#7 You need to be extra cautious about application layer-attacks. If attacks are done on a switch or any application through the packet system then it’s not easy to diagnose. Radware’s report says in this case, “it is much easier to detect and block a network flood attack–which is about sending a large volume of irrelevant traffic such as UDP floods, SYN floods, and TCP floods, typically spoofed–rather than an application flood attack where the attackers are using real IP addresses from real machines and running complete application transactions.” So it means your application layers can be under threat anytime and requires your attention everytime.
#8 There are a blend of attacks sometimes and you need to be extra careful for that.Detection of these kinds of attacks are tougher as more than one application become target at a time. Even with a packet flood all the applications can be attacked together. Radware report comments thus, “Attackers are often likely to combine both packet flooding attacks with application-layer DDoS, to increase their odds of success. The majority of organizations, which are targeted by sub-1-Gbps attacks, are targeted with a mix of network and application flood attacks.” So blended attacks add to the clause of your security now.
#9 You need excellent communication power and networking skills to prevent these attacks. Large attacks are capable of turning the largest enterprise network upside down. Dobbins solution is, “Work very closely with [your] Internet service provider–or for multinationals, providers–to successfully deal with these attacks. At 4 a.m., if there is a DDoS attack, it’s not the time you want to be scrambling around trying to reconfigure your infrastructure, and finding who call at your ISP.” So build god relationships and communication lines before the attack even happens.
#10 Don’t always follow a single measure, adopt several ones. Radware says that if you want countermeasures then a network gear may be able to mitigate suspected DDoS attacks automatically. As per the report, “Legitimate clients generally respect this and will suspend their communication for the time being. It seems that some attackers also honor this message and suspend the attack until a new, larger window size is advertised, which of course the site being attacked has no intention of doing.” So expand your considerations and countermeasures can help you far better.