DDoS Protection Specialist Archive

There’s a striking disparity between how threatened service providers feel by potential DDoS attacks and how prepared they are to mitigate one, according to a Black Lotus survey. The findings demonstrate that while almost all participants (92 percent) have some form of DDoS protection in place, it is insufficient to stop an attack before damage is done.


Most respondents incurred increased operational expenses due to DDoS attacks, with more than 35 percent of the providers surveyed indicating that they are hit with one or more attacks weekly. The respondents represented companies of all sizes, from small to large.

The largest group represented in the survey was small companies of one to 999 employees worldwide (52 percent of all companies surveyed), with organizations of fewer than 250 employees (20 percent) as the largest subgroup.

Among the findings were:

  • 61 percent of providers feel that DDoS is a threat to their businesses.
  • Only 16 percent of the providers surveyed indicated that they had been rarely or never hit by a DDoS attack.
  • The top three industries with customers affected by DDoS attacks are managed hosting solutions (MHS), voice over IP (VoIP) and platform as a service (PaaS).
  • In case of a DDoS attack, 34 percent of the surveyed providers remove the targeted customer, and 52 percent temporarily null route or block the problem customer.
  • 64 percent of PaaS providers have been impacted by DDoS.
  • 56 percent of MHS providers have been impacted by DDoS.
  • 52 percent of infrastructure as a service (IaaS) providers have been impacted by DDoS.

“DDoS attacks lasting hours or even minutes can lead to loss of revenue and customers, making DDoS protection no longer a luxury, but a necessity,” said Shawn Marck, CSO of Black Lotus. “DDoS attacks will continue to grow in scale and severity thanks to increasingly powerful (and readily available) attack tools, the multiple points of Internet vulnerability and increased dependence on the Internet. Enterprises have to move from thinking of DDoS as a possibility, to treating it as an eventuality.”

Source: http://www.net-security.org/secworld.php?id=18043

Gary Newe, systems engineer, F5 Networks, recommends taking 10 decisive actions when you come under DDoS attack

The frequency and size of Distributed Denial of Service (DDoS) attacks is ever-growing and continues to be a priority issue for many businesses. With the ongoing work to shut-down or neutralise botnets, a cyber-arms race has started with hactivists and other cyber criminals constantly searching for new ways in which to amplify attacks. As a result, DDoS attacks are increasingly common.

As the lines between the professional and social use of technology continue to blur, it is vital that we start to really recognise the significance of these attacks, how likely they are and how damaging they can be.

Scary and stressful

For the first-time DDoS victim, these attacks can be scary and stressful ordeals. That’s not surprising; poor network performance and website downtime can be massively costly for businesses, both in lost sales and consumer trust. It’s not all bad news though, as there are some steps that can be taken to mitigate the impact. Here, Gary Newe, systems engineer at F5 Networks , give his recommendations on action to take, should you experience an attack:

1. Verify that there is an attack – Rule out common causes of an outage, such as DNS misconfiguration, upstream routing issues and human error.

2. Contact your team leads – Gather the operations and applications team leads need to verify which areas are being attacked and to officially confirm the attack. Make sure everyone agrees on which areas are affected.

3. Triage your applications – Make triage decisions to keep your high-value apps alive. When you’re under an intense DDoS attack and you have limited resources, focus on protecting revenue generators.

4. Protect remote users – Keep your business running: Whitelist the IP addresses of trusted remote users that require access and mainlist this list. Populate the list throughout the network and with service providers as needed.

5. Classify the attack – What type of attach is it: Volumetric? Slow and low? Your service provider will tell you if the attack is solely volumetric and may already have taken remediation steps.

6. Evaluate source address mitigation options – For advanced attack vectors your service provider can’t mitigate/ determine the number of sources. Block small lists of attacking IP addresses at your firewall. Block larger attacks with geolocation.7. Mitigate application layer attacks – Identify the malicious traffic and whether it’s generated by a known attack tool. Specific application-layer attacks can be mitigated on a case-by-case basis with distinct countermeasures, which may be provided by your existing solutions.

8. Leverage your security perimeter – Still experiencing issues? You could be confronting an asymmetric layer 7 DDoS flood. Focus on your application-level defences: login walls, human detection, or Real Browser Enforcement.

9. Constrain Resources – If previous steps fail, simply constraining resources, like rate and connection limit is a last resort – it can turn away both good and bad traffic. Instead, you may want to disable or blackhole an application.

10. Manage public relations – If the attack becomes public, prepare a statement and notify internal staff. If industry policies allow it, be forthright and admit you’re being attacked. If not, cite technical challenges and advise staff to direct all inquiries to the PR manager.
It’s an unfortunate fact that the DDoS threat has never been greater and is likely to continue to grow. As ever, the best protection is to be prepared for whatever will get thrown at you and DDoS mitigation should be part of your preparation. It’s important to consider if your network is up to scratch to cope with unexpected loads and if it has the intelligence to identify legitimate traffic during peaks, before an attack hits.

Source: http://www.techweekeurope.co.uk/networks/mitigate-ddos-attack-real-time-162718

In the final quarter of 2014, the size of distributed denial-of-service (DDoS) attacks mitigated by Verisign had an average peak size of 7.39 Gbps, marking a 14 percent increase over the third quarter of 2014 (6.46 Gbps) and a 245 percent increase over the final quarter of 2013 (2.14 Gbps).

Those findings are a part of the ‘Verisign Distributed Denial-of-Service Trends Report’ for the fourth quarter of 2014, which includes observations on DDoS activity for the period beginning Oct. 1, 2014 and ending Dec. 31, 2014.

“In all, 42 percent of attacks leveraged more than 1 Gbps of attack traffic, which even today remains a significant amount of bandwidth for any network-dependent organization to over-provision for DDoS attacks,” the report revealed, adding 17 percent of attacks leveraged more than 10 Gbps of DDoS traffic.

In the fourth quarter of 2014, UDP amplification attacks leveraging Network Time Protocol (NTP) continued to be the most common DDoS attack vector, but Simple Service Discovery Protocol (SSDP) also continues to be exploited in amplification attacks, according to Verisign’s research.

For NTP amplification attacks, the report stated that “the solution can be as easy as restricting or rate-limiting NTP ports inbound/outbound to only the authenticated/known hosts.” With SSDP-based attacks, “SSDP implementations [for most organizations] do not need to be open to the Internet.”

Which industry was hit hardest by DDoS attacks in the fourth quarter of 2014?

Verisign saw IT services/cloud/Software as a Service (SaaS) customers experiencing the largest volume of attacks, with one customer experiencing the largest volumetric UDP-based DDoS attack in the final quarter of 2014, the report indicated.

“This was primarily an NTP reflection attack targeting port 443 and peaking at 60 Gbps and 16 Mpps,” the report states. “The attack persisted at the 60 Gbps rate for more than 24 hours, and serves as another example of how botnet capacity and attack sustainability can be more than some organizations can manage themselves.”

The media and entertainment industry was also a big target. One customer experienced the largest TCP-based attack – a SYN flood – of the quarter, according to the report, which explains that the attack targeted a custom gaming port and peaked at 55 Gbps and 60 Mpps.

Altogether, 33 percent of Verisign DDoS mitigations were for IT services/cloud/SaaS customers, 23 percent were for media and entertainment customers, 15 percent were for financial customers, 15 percent were for public sector customers, eight percent were for ecommerce/online advertising customers, and six percent were for telecommunications customers.

Public sector customers experienced the largest increase in attacks in quarter four of 2014, the report notes.

“Verisign believes the steep increase in the number of DDoS attacks levied at the public sector may be attributed to attackers’ increased use of DDoS attacks as tactics for politically motivated activism, or hacktivism, against various international governing organizations, and in reaction to various well-publicized events throughout the quarter, including protests in Hong Kong and Ferguson, MO,” the report states.

Source: http://www.scmagazine.com/report-shows-42-percent-of-attacks-leveraged-more-than-1-gbps-of-attack-traffic/article/399206/

With social networking, mobile devices and cloud computing solutions being used more pervasively, we will see a transformational change in how service providers and large organizations deploy and enable security in their revenue generating network infrastructure.

Recent security breaches, amongst even security conscious companies worldwide, have put an uncomfortable spotlight on corporate security and compliance measures. Security professionals and network administrators have to walk a fine line between enforcing application security against increasingly sophisticated cyber attacks, while also providing sufficient access for their corporate customers.

Service providers such as cloud providers, web hosting services, ISPs as well as large enterprises require an environment that is highly available and secure. Any failure to resolve prevailing security threats such as cyber intrusions and distributed denial of service (DDoS) attacks can present costly and complicated scenarios for them.

DDoS attacks, for example, have become a significant and escalating threat for businesses. They have dramatically grown over the last several years in frequency, volume and sophistication. Attacks may originate from inside or outside of the corporate network. A recent survey report from Prolexic, a US-based distributed DDoS mitigation service provider, estimated that about 89 percent of DDoS attack traffic in the second quarter of 2014 was directed at infrastructure, many targeting telecom and service provider router infrastructures and involving Layer 3 and 4 protocols, with the remaining 11 percent being attacks targeting applications.

To defend against DDoS attacks—especially infrastructure attacks–service providers need solutions that can scale to handle large volumes of DDoS traffic. Security appliances that use specialized processors to detect and mitigate DDoS attacks can provide service providers the performance they need to block massive attacks.

At the same time, any deployment of mobile devices by an operator can present a significant amount of risk. The wireless networks on which mobile devices run outside of an operator’s subscriber network can leave information at risk of interception. The theft or loss of a device can be detrimental for the business, resulting in loss of sensitive or proprietary corporate information.

What Is Your Best Security Containment Strategy?

How can large enterprises and service providers cope with growing security threats? While they are becoming more and more reliant on the uptime of Internet-connected services, many are finding that legacy security solutions such as firewalls and intrusion prevention systems (IPS) have insufficient capacity to mitigate today’s multi-vector DDoS attacks at scale, that are growing in number and sophistication.

Recent DDoS attacks can overwhelm lesser performing network devices and render network infrastructure and applications vulnerable to downtime and further threats. To stay resilient, enterprises and service providers need robust security and processing hardware functionality that allow them to continue to provide full system functionality even while simultaneously under volumetric attacks, without impacting system performance.

 In addition, a robust security solution that can readily integrate with their existing IT infrastructure is required to protect against DDoS attacks. This can include a feature set for traffic management to ensure high availability and selective delivery of subscriber services. Together, these physical and virtual systems must be able to ensure that network operators can also expand their network capacity, mitigate threats, and exert greater content control.Scaling security devices and encrypted communications is a critical requirement as the network grows in complexity and size. Service providers can build robust layer 7 safeguards by leveraging products that offer agile defense mechanisms against more subtle attacks such as Slowloris and Tor’s Hammer to protect against seemingly legitimate traffic streams exploiting application vulnerabilities.

As more new devices are added to the network, they need to be integrated into the operator’s security system to meet policy and compliance requirements. TechTarget reports that new appliances today are capable of performing policy-based networking actions in hardware such as the ability to implement security functions — like traffic management or cloud security policies – to protect the performance and availably of applications and ensure large customer-facing networks are free from disruption. ADCs and CGNS, for example, sit at the critical ingress to most networks and is a natural place to locate advanced security capabilities so threats can be stopped or mitigated before they can enter the network.

Other measures that enterprises and network operators can take to strengthen their network defense include adopting multiple complementary approaches to security enforcement at various points in the network, therefore removing single points of security failure; incorporating people and processes in network security planning; employing security policies, security awareness training and policy enforcement; and maintaining the integrity of the network, servers and clients by ensuring the operating system of every network device is protected against attack by disabling unused services.

As enterprise and service provider networks evolve, ensuring security will become a compulsory IT requirement – and not a ‘nice-to-have’. Security breaches span access, infrastructure and applications across every industry. They can happen on both fixed and mobile networks and destroy your physical, intellectual and financial capital. Any downtime resulting from breaches on the network can have a devastating impact on your customer’s experience, your brand reputation, and ultimately your revenue and sustainability of your business.

James Wong is the Managing Director, South Asia, A10 Networks

Source: http://www.networksasia.net/article/ensuring-security-your-it-transformation.1424138223

In recent years, DDoS (distributed denial-of-service) attacks have been increasing in frequency, resulting in companies of every size being targeted, including major organisations like Google, Visa, Paypal, Sony, Deezer, and Evernote.

Many experts say the traditional methods of prevention and mitigation have become less effective, but could SAVI help? Here we look at what DDoS attacks are, and what can be done to minimise their impact.

What are DDoS attacks?

A DDoS attack is essentially an attempt to make a website or online service unavailable to users. There are a number of different methods to execute a DDoS attack, but one of the most common is sending so many requests that a server is overloaded, and unable to respond to legitimate requests. Anyone visiting the website or service will either not be able to access it at all, or have a very limited experience, and that can obviously have a big impact on a business.

Organisations of all sizes are targeted. For example, millions of PlayStation gamers were affected by DDoS attacks on Sony’s PlayStation Network (PSN) on several occasions last year. This meant that gamers couldn’t use a service that they had paid for, leaving them very frustrated, and resulting in Sony losing revenue.

It’s worth noting that it’s not just the immediate impact that can do damage – there may be ongoing reputational harm if the company is perceived as being unable to provide people with a stable and reliable experience. No-one wants to rely on a service which may or may not be available at any given time.

Protecting your company

Source Address Validation Improvement (SAVI) is one way to protect your company against these threats. DDoS attacks are typically targeted to exploit the fact that IP does not perform a robust mechanism for authentication, which is proving that a packet came from where it claims it did – a packet simply claims to originate from a given address, and there isn’t a way to be sure that the host that sent the packet is telling the truth.

SAVI methods were developed by the Internet Engineering Task Force (IETF) to prevent this spoofing. SAVI works by mitigating the risk of nodes attached to the same IP link from spoofing each other’s IP addresses, complementing access filtering with unique, standardised IP source address validation.

In summary, businesses of all sizes should be aware of how their servers are protected against DDoS attacks, and what redundancies are in place in the event of an attack. If people are more aware of security issues and how to minimise their impact, the internet and the web will continue to be an incredible resource for everyone.

Source: http://www.techradar.com/news/world-of-tech/how-to-minimise-the-impact-of-ddos-attacks-on-your-business-1283432