March 23, 2015
In my discussions with IT directors and engineers, the mitigation of distributed denial of service (DDoS) attacks is a common topic. DDoS attacks can be extremely disruptive to a business or school district, as they can completely saturate the Internet bandwidth on their primary links, crippling critical line-of-business applications that require the Internet for end-users and consumers alike. Every second your Internet pipe is unusable, you’re losing potential and future revenue. As a consumer, what would you think of a business that can’t keep their Internet services operational? Obviously, it’s not a good impression. In her article “Half Of Enterprises Worldwide Hit By DDoS Attacks, Report Says,” Kelly Higgins of DarkReading.com, does a good job highlighting the fact that not only are the frequency of DDoS attacks growing, but the manner in which they formulate an attack is evolving.
If You Think DDoS Attacks Aren’t a Big Deal, Think Again
As DarkReading reports, “half of all enterprises were hit with a DDoS attack last year and most ISPs and enterprises also suffered more stealthy DDoS attacks aimed at flying under the radar.” This week alone, I’ve discussed the mitigation of DDoS attacks with two customers. These customers are frustrated and pulling their hair out, because attacks have basically rendered their Internet links as useless.
The Evolution of DDoS Attacks
DDoS attacks are evolving. The article states that “Some 90% of ISP and enterprise respondents in Arbor Networks’ 10th Annual Worldwide Infrastructure Security Report say they experienced application-layer (versus network connection-sapping) DDoS attacks, and 42% say they were hit by DDoS attacks that used a combination of bandwidth-sapping, application-layer, and state exhaustion methods. HTTP and DNS are the top two targets of application-layer attacks.” Application layer DDoS attacks aim to overwhelm the actual server itself, as opposed to going with the approach of just saturating the entire Internet pipe. As the article states, application-layer DDoS attacks are a bit trickier because they operate in a low profile mode to stay undetected by traditional DDoS detection strategies, making them more dangerous and frustrating.
Mitigation Options
There isn’t a clear-cut strategy to mitigate DDoS attacks today. Recently, I had a conversation with an IT Director who uses Cisco ASA Next Generation Firewalls and wanted to know his options. With the current Cisco environment, it’s suggested to blacklist certain source networks where the attacks are coming from, and work with the ISP to see what their mitigation strategies are in terms of these attacks. The issue with the first approach is by the time we blacklist certain source networks, that bandwidth has already been saturated, as it’s being passed down from the ISP.
In my opinion, one of the best options is to have the ISP mitigate attacks before they ever get to your pipe. My customer discussed this option with his ISP and found the pricing for the service is more than the cost of the actual circuit itself on a monthly basis. That seems absurd, but the ISP can charge high prices if they don’t feel there are a lot of other options. Cisco supposedly has a DDoS module plug-in on the roadmap for the next generation ASA Firewalls, but it’s unknown when it will come out. I’ve also heard that Radware has a decent DDoS attacks solution, but more investigation is needed.
It’s clear that DDoS attacks are evolving and increasing, making it more difficult for organizations to deal with this annoying problem. At Mindsight, we will continue to monitor the market in terms of cost-effective solutions for customers. For the latest information on mitigating these types of attacks, please contact us.
Like what you read?
About Mindsight
Mindsight, a Chicago IT consultancy and services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We’ve always prided ourselves in delivering the full spectrum of IT services and solutions, from design and implementation to support and management. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for a local business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.
