DDoS Attacks: Black Cloud Rising
Protecting against distributed denial-of-service attacks starts with understanding the enemy and involves thoughtful security practices.
As educators and administrators roll out one-to-one initiatives and move students to online curriculums, educational institutions face the ongoing threat of distributed denial-of-service (DDoS) attacks, as Reed Shipley, security specialist engineer with F5 Networks shared in webinar I recently tuned into. The sources of the attacks may or may not surprise you.
Among DDoS attackers F5 has found high school students who want to avoid testing and disgruntled or mischievous college students. BYOD programs can be part of the problem, too, as these unmanaged devices may contain vulnerable apps and games, Shipley said.
Know Your Enemy
Knowing the enemy (originator of DDoS attacks) is important, he added. Other DDoS sources and their motives include:
- Nation-States (Russia's 2007 DDoS attack on Estonia)
- Activists/Hactivists (Anonymous -- wants to change public policy)
- Chest Thumpers (Lizard Squad, PoodleCorp --want to watch the world burn)
- Extortionists (DD4BC, Armada Collective -- want to earn bitcoin)
- Data Thieves (want to create diversions)
I like the short definition of security Shipley offered during the webinar: "Confidentiality, integrity, and availability." In the education environment, for example, a DDoS attack that affects availability will kill the use of cloud applications for testing multiple students online.
Point products and perimeter firewalls may not be enough to protect against DDoS attacks and other security vulnerabilities. The DDoS attacks lead to resource exhaustion -- of bandwidth, CPU, RAM, SSL, etc. For a DDoS playbook, see F5's "Ten Steps For Combating DDoS in Real Time."
Learning About Attack Vectors
F5 identified that testing services, student information, and learning systems moving to the cloud are vulnerable through a variety of DDoS methods, Shipley said. These include:
- Volumetric attack (masses of congestion, bandwidth expended)
- DNS query flood (overwhelms DNS resolution)
- TCP syn flood (knock down firewalls)
- Low-and-slow app (hard to detect, spikes server resources)
- Multilayer attacks (morph over time)
DDoS attacks clearly can undermine educators and derail BYOD in one-to-one computing initiatives in which schools are equipping students with computers or allowing BYOD. F5's Silverline cloud solution can help keep educators online and connected to the cloud.
Again, Shipley presented the idea that you need to know the enemy: why it attacks, who it is, and how its attack is beneficial. You can find metrics on Dark Reading, a No Jitter sister site: "2016 DDoS Attack Trends By The Numbers," and view a digital attack map of DDoS attacks globally here.
Learning That Goes Beyond School
For larger enterprises, the troubles may be twofold: Your access to the cloud could be or has been a target, as well as your cloud-hosted applications. My question for you is, does your MPLS provider mitigate DDoS attacks or offer this as an add-on service? Does it mitigate for a set number of hours monthly and charge for longer mitigations? Recently, a fiber provider sent out marketing information that it offers "options" for DDoS for its MPLS network. I am curious as to whether or not your service providers are doing the same. Then you should ask the same of your cloud application providers -- what are they providing?
A key question remains for online businesses and educators. Do you continue in the same online fashion with the same solutions in place? If your company suffers a DDoS attack, business won't be as usual. In its 2015-2016 DDoS threat report, security vendor Imperva noted:
"In using packet forwarding rates, perpetrators are attempting to exploit a design oversight in current-generation mitigation appliances, the majority of which can't handle such high Mpps (million packets per second) processing loads."
These mitigation appliances are the current generation of firewalls, integrated access devices, and other customer premises gear intended to thwart attacks and security threats. But they are not necessarily effective against DDoS attacks. As Dell SonicWall concludes in a ", "How to configure the firewall to mitigate DDoS attacks":
And the best advice of all...
"You're much better off trusting your protection to a mitigation provider "http://ddosattackprotection.org/blog/ddos-mitigation-expert/", especially if your company is targeted by these types of attacks or you operate in a high-risk industry."