Skip Links

Best practices to mitigate DDoS attacks

IT Best Practices Alert By Linda Musthaler, Network World
January 10, 2013 02:21 PM ET
Linda Musthaler
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

Network World - The hactivist group Izz ad-Din al-Qassam Cyber Fighters is several weeks into Operation Ababil 2, and, as promised, is once again directing distributed denial-of-service (DDoS) attacks at U.S. banks. The group has vowed to continue disrupting online and mobile banking sites until all instances of the movie "Innocence of Muslims" are removed from YouTube.

Numerous banks have been attacked in recent weeks, including PNC Bank, Fifth Third, HSBC, JPMorgan Chase, Citibank and others. For the financial institutions, it's déjà vu all over again, as they were similarly attacked last September and October. The banks have all suffered daylong slowdowns and, at times, complete outages. Security experts say these are the largest cyberattacks they've ever seen.

BACKGROUND: U.S. bank cyberattacks reflect 'frightening' new era

It's disturbing that this second round of attacks has had even a modicum of success in disrupting banking services. After all, the banks were forewarned that the DDoS attacks would be coming, and thus they had ample time to put preventive measures in place. There are anti-DDoS technologies that can mitigate these types of attacks and lessen the effects on the victim businesses.

Every company with a website and any type of online service should take notice of these attacks; they aren't exclusive to financial institutions. DDoS attacks can be initiated by anyone with a motivation and a few dollars. In fact, it's incredibly easy for anyone to get DDoS as a service. There's a series of advertisements running on YouTube for something called "Gwapo's Professional DDoS Service." These ads boldly describe how "Gwapo" will perform a denial of service against any target website for a fee. The cost depends on the strength and duration of the desired attack. Gwapo simply aims a botnet at the target website and fires excessive traffic to achieve the objective of an outage.

Why would someone attack a website? Some people, like Cyber Fighters, use DDoS to make a political statement. Others do it to extort money, holding the website hostage via an outage until a ransom is paid. Unscrupulous people use DDoS to disable a competitor. Some security experts believe that DDoS attacks are often a smokescreen to cover up other illicit activity. While administrators are focused on getting their website functioning again, the perpetrator is planting malware or stealing information. In fact, this proved to be the case in some of the earlier attacks on the U.S. banks.

How can you protect your company's Web presence? Here are a few tips on what you can do now to head off a potential problem later.

* Don't count on a firewall to prevent or stop a DDoS attack. The first step is to recognize that your firewall is insufficient protection against the types of DDoS attacks that are increasingly common today. Even a next-generation firewall that claims to have DDoS protection built-in cannot deal with all types of attacks. The best protection against DDoS attacks is a purpose-built device or service that scrutinizes inbound traffic before it can hit your firewall or other components of the IT infrastructure. This type of solution has one mission: to prevent excessive or malicious traffic from making your Web-based applications inaccessible to legitimate customers or users.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News