This article originally appeared in the April 2011 issue of InfoTECH SPOTLIGHT
Protecting against network security threats is becoming more challenging for organizations as today’s malicious cyber-criminals stay a step ahead of security technologies with more sophisticated attack methods. Most concerning for networks are the Distributed Denial of Service (DDoS) attacks because of the scale and damage that an attack can cause.
The motivations of cyber-criminals vary from politics to extortion, and all attacks are made with the intent to cause disruption to governments or businesses and cause severe financial as well as reputation harm. Organizations need to be aware of the very real threat of today’s sophisticated DDoS attacks and understand the implications that such an attack would have on their network.
Cyber-criminals initiate DDoS attacks by compromising and gaining control of unsolicited computers (called bots or zombies) for the purpose of launching an attack on a target. A large collection of such zombie computers (called a botnet) can be automatically controlled via malicious programs to launch such an attack. Targets that are most vulnerable are e-commerce sites, web servers, DNS servers and email servers.
DDoS attacks have traditionally been focused on flooding the network resources with unwanted traffic so that legitimate traffic is unable to reach the target, and today’s attacks are bigger in scale than ever before. Network operators have seen these “flood” attacks increase from two or three gigabits per second to as much as 50 gigabits per second during the past five years – and they’re likely to continue to grow in size and duration.
As attackers have gotten more sophisticated, DDoS attacks are now also targeted at compromising applications running on the target machines and even the back-end databases serving those applications. These application, or Layer 7, attacks are much more difficult to mitigate due to the imperceptibility between legitimate and attack traffic. Because the attack traffic looks similar to legitimate traffic, traditional security measures such as IP address filtering, firewalls and IPS/IDS are less effective at combating such attacks.
In order to combat today’s sophisticated DDoS threats – whether flood attacks or application layer attacks – organizations need to have the tools and resources in place to defend against attacks and minimize the impact to their network infrastructure and critical business operations. Network administrators need to implement a layered approach to security, understand traffic types and patterns and be able to filter both incoming and outgoing traffic from their network.
Organizations should look to partner with a network service provider that is using the most advanced techniques to mitigate DDoS attacks. A service provider with DDoS mitigation can filter attack traffic at the edge of their network while allowing legitimate traffic to route to the target, thereby preserving customer bandwidth for legitimate business functions.
So how can network administrators stop these types of attacks?
Many service providers today have a collection of tools and strategies for effectively managing security threats such as a DDoS attack. Before a DDoS attack can be stopped, it must be identified. Network protocols and sophisticated tools can be configured to collect detailed traffic information based on data coming into the network. These tools will alert a network administrator to any traffic irregularities, which could signify a DDoS attack. Once an attack has been recognized, organizations need a service provider with an experienced security team that can respond immediately to coordinate defensive measures to stop the attack and safeguard their network.
Teri Francis is the executive director of customer solutions for NTT (News - Alert) America’s Global IP Network. She manages critical customer operations including provisioning, technical support, IP address management, product development and Operations Systems Support (OSS).