Skip Links

Corero (Top Layer) enhances DDoS defense to stop new types of attacks

IT Best Practices Alert By Linda Musthaler, Network World
June 17, 2011 06:08 AM ET
Linda Musthaler
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

In the IT world, security is a chess game. There's a constant back-and-forth volley between the IT defenders and the bad guys, with both sides using escalating efforts. Just as the defenders think they've found a "checkmate" position, the bad guys seem to find a way around it.

One security concern that has been in the headlines lately is distributed denial of service (DDoS) attacks. In December 2010, the hactivist group calling itself Anonymous launched successful attacks against the websites of companies and organizations that opposed the activities of WikiLeaks. Visa and MasterCard, among others, had their Web sites knocked out of commission for more than six hours each -- an eternity for business that are heavily dependent on the Internet. 

ROUNDUP: The DDoS Hall of Shame

Of course, six hours is nothing compared to the month that the Sony PlayStation Network was down. Sony's woes began with a DDoS attack that morphed into a massive data breach and almost complete loss of confidence by the public. 

While denial of service attacks have been commonplace for more than a decade, some of the methods the attackers are using today are new. In the security chess game, attackers have just made a move that puts every organization's king at risk. This move helps attackers slip past traditional protection measures in firewalls and intrusion prevention systems (IPS).

Until recently, the most common way for someone to instigate a DDoS attack was to overwhelm the victim's network with massive amounts of incoming traffic that make the victim's site unavailable to legitimate users. Network security experts got wise to this and put up defenses that would look for and block this kind of bandwidth-hogging attack.

Then the bad guys realized they could achieve their desired result -- complete unavailability of a network or Web-based service -- by utilizing requests that look and act just like normal traffic until they are taken in aggregate.

Here's how it works. An attacker figures out what kind of request will make a website or back-end database do a relatively large amount of work to respond. For example, consider the online store that has a product comparison feature that allows a shopper to simultaneously view the specifications of five different widgets. The request goes to a database to pull up the details of each of the products in order to present a dynamic page with all the information. A single request is no big deal, but what if tens of thousands of zombies on a botnet have been instructed to make this same request over and over again? The network traffic and certainly each HTTP GET request might not be unusual, and thus they raise no red flags for a firewall or IPS. Nevertheless, the back-end database server is trying mightily to respond to tens of thousands of the requests and becomes so busy that a denial of service condition will be accomplished.

So the challenge is how to defend against this kind of attack.

Corero Network Security (previously Top Layer Security thinks it has an answer. The company this week announced an enhanced anti-DDoS solution that is purpose-built to counter this new type of attack.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News