The Distributed Denial of Service (DDoS) attack has been identified to be one of the most common types of cyber threats according to Threadpost. For example, in April of this year, Sony’s Playstation Network was crippled, resulting in damages worth $171 million. The result is that head honchos are questioning their CIOs/CSOs on their security posture. Just how well are they protected against these types of threats?
What is DDOS? Some of you might ask. According to Wikipedia, A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. The threats will keep increasing in tandem with the worrying trend of sophiscated attacks vectors, shared infrastructure and cloud computing services that we see in the markets today.
The right approach for any organization is to follow these two steps:
Step 1 – DDOS Threat Assessment
Step 2 – Analyze the right mitigation approach
Threat Assessment on Trend of DoS Attacks to Measure the Impact to Your Organization
The DDOS attack is just going to get more sophisticated while security vendors are trying to keep pace with the emerging of new variants of DDOS attacks. The motivating force behind this pattern could be politically or commercially driven. The attacks typically use armies of botnets to launch an onslaught to the targeted organizations. Statistics collected by security vendors and CERT communities indicate that the DDOS attacks are getting more complex and stealthy through mechanisms like encryption communication, peer-to-peer botnets , application layer directed attacks etc.
There are 4 key steps to keep in mind when performing a DDoS threat assessment:
a) Establish relevant context of DoS to your organization
b) Identify vectors of DoS attack
c) Analyze the risk of DoS attacks that are likely to strike your organization, and
d) Evaluate the risk
Below are some of the key considerations when you perform the threat assessment
1. Attack Vectors.The scope of DoS attacks may range from electronic medium, procedural loopholes, to people. Domain names (DNS servers), for instance, are likely to be hijacked and controlled by the attacker, leaving the web site being inaccessible to your legitimate Internet users.
2. Attack mechanics. Such question on how the DoS attack was executed will be important to provide appropriate threat assessment. Some notable methods of attacks are consumption of scarce resources, destruction of configuration information, physical destruction of network components.
3. Single vs. distributed. While DoS attack is primarily targeted to weaken particular system components, the DDoS utilizes a number of compromised hosts to attack a target.
4. Client vs. Server. Server tends to have greater possibility to experience DDoS attack with the malicious intention of disrupting all clients of resources rather than impeding the client’s ability to access the service.
5. External vs. internal. DoS attacks may come from both external and within the organization itself.
6. Internally managed vs. outsourced. You need to consider how you manage your cloud computing services. You should recognize on which parts you have little or no control over your system.
7. Communication layers. The DoS attacks are more common, sophisticated and difficult to detect and prevent when they disrupt at the application layers.
8. Weaknesses Exploited. Some exploits have been identified as weaklings within the security guards implemented on your computing system. Among them are unpatched system, poorly configured system, shared and vulnerable infrastructure etc.
9. Motivation for attack. Behind each attack is the attacker’s motivation to aim a DoS attack to an organization. This could be commercially driven, political campaign ,disgruntled customers or employees or fanatics out to indulge in pure entertainment.
In part 1 of my blog, I have shared what are the key considerations and approach when you perform a DDOS threat assessment for your organization. Today, there are multiple solutions on the market and unfortunately, there is no one silver bullet that fits all. In part 2 of my blog, I will talk about what are the solutions in the market and what are the pitfalls that you should be aware off.
Hope this is useful and please leave a comment if you would like to discuss.
I was born in Singapore, an island which has a mere population of 5 million people. I truly believe I was born with a purpose to fight criminals in this world. Having failed the entrance test for the Avenger League several times, I joined Orange Business to fight crime in another role as Security Practice in APAC. I'm pinning on the hope that I will be called up for duty to join the Avenger League.