Find the latest posts and news related to data security, cloud storage and advanced data protection.

Strategies to Prevent DDoS attacks

If you think you’re seeing more news about computer hackers, you’re right. It seems this underground community continues to wreck havoc in our online lives and businesses through increasingly sophisticated means of mischief.

While the most publicized hacking events highlight stolen data, that’s not always the motivating factor. Some hackers have mastered the art of DDoS attacks, or Distributed Denial of Service attacks. These DDoS attacks have a singular goal of bringing down a website, ecommerce site, or just royally messing up your otherwise good day.

Hacker on Computer

In a typical DDoS attack, the hackers find vulnerability in a targeted computer system, making it the DDoS “master.” The hackers create malware, distributing it from the master to thousands or tens of thousands of other compromised and malicious websites. It’s likely that the website visitors are unaware that they have even downloaded the malware. The malware is programmed with a timed attack function, or it has the ability to be launched by remote control. When the hackers deem it time, all of these miniature terrorist cells get woken up simultaneously by either a timer or a signal, and all are commanded to communicate, sending “packets” of information to or from a website,  thereby creating a massive increase of nuisance traffic, and most importantly, blocking legitimate traffic at the same time. The flood of incoming messages to the target system forces it to shut down, a.k.a. “denying service” to legitimate users.

DDoS attacks are fairly easy to recognize: unusually slow network performance, unavailability of a website or lack of access to it, a dramatic increase in the number of spam emails, or the disconnection of a wireless or wired Internet connection. The attack can also create problems in the network branches around the actual computer (called a “zombie” or a “bot”) being hacked. The bandwidth of a router between the Internet and a LAN may be engulfed in the attack, affecting both the intended computer and the entire network (the “botnet” or a “zombie army”). These attacks can also be large scale, compromising the Internet connectivity of an entire geographic area.

The fastest remedy for a DDoS attack is to somehow block the attack, or even move the web domain to a different range of IP addresses. However, if the attack is creating a firehose of traffic to the actual domain, switching IP addresses will not be effective.   In either instance, both solutions require significant resources that many web owners are unequipped for.

Large enterprises are fairly accustomed to DDoS attacks, and are becoming more adept at dealing with them as DDoS attacks are increasingly more common. In recent Q3 2012 data from Prolexic, a company specializing in DDoS protection and mitigation, shows that frequency of DDoS attacks has increased 88% over the same time period last year. The duration of the attacks has decreased slightly from 33 hours to 19 hours, but the hypothesis that the attacks are more intense. Convincing data supports this theory as attack bandwidth has increased 230% over the same time period.

A key strategy in protecting your systems is updating your gateway servers, switches, and firewalls to the most recent releases and patch levels of their respective operating systems. This is a common best practice in any good IT shop anyway, and it will afford some protection.

A second strategy is to have a large amount of extra bandwidth standing by. This can often be accomplished without significant extra cost because many providers will bill only on the 95th percentile of your actual used “transit” or traffic. You probably will need to but your bandwidth directly from a carrier in this case. But being able to “burst” up to higher levels of traffic just might enable you to withstand the attack.

But the best strategy to protect your business from a DDoS attack is to have a disaster site with separate hosting and massive bandwidth on stand-by for your website or ecommerce to go to when an intrusion occurs. The backup provider can go live if a hacker sets their sights on your website or web business. It won’t actually stop the DDoS attack but it gives you the best chance of getting through it because you’ll have that massive bandwidth to absorb the attack.

For now we simply have to make the best of a bad situation. Windows security and network security in general is simply too limited today to deal with DDoS attacks and the botnets that serve them up.


Leave a Reply