Preventing DDoS armageddon
Davey Winder ponders how large a DDoS attack would have to be to take down multiple providers, and asks what businesses can do to protect themselves.
Darien Kindlund, senior staff scientist at security vendor FireEye, backs the view that the frequency and severity of DDoS attacks is likely to increase in future, but so are other types of attacks, too.
"Orchestrating a massive DDoS attack against one or more targets certainly requires a lot more planning and resources than launching a spear-phishing campaign against that same firm. Both can disrupt the victim, but one is substantially cheaper and easier to execute," said Kindlund.
DDoS attack mitigation
IT Pro asked Rico Valdez, senior security researcher at endpoint security firm Bit9 for some advice on how to evade DDoS Armageddon.
"There are a few ways to deal with a DDoS attack that exceed the limit of an organisation's internet bandwidth," he said.
"The first is to work with your provider and understand what they can do for you in such a situation. Some providers provide DDoS mitigation services that will help in these cases."
Another option is to provision "fatter pipes" with DDoS mitigation systems that can handle large volumes of traffic, advised Valdez.
"In an attack, traffic could be directed down the fatter pipe and through the mitigation device. This might be cost effective for some organisations, as the large pipe would only be used in the event of an attack," he said.
Lastly, companies should also consider geographically distributing their web servers so the attack volume is distributed to various front ends.
"This might be accomplished with any cast routing or other mechanisms. This has an added benefit of improving performance for your customers, as they will be directed to the site closest to them," Valdez concluded.
"As such, while DDOS protection is ideal, firms need to consider the likelihood of these attacks compared to the increasing frequency of other, easier attacks to execute.
"Based on that risk analysis, informed organisations can make the decision about whether or not to invest in localised DDoS protections, outsource their DDoS protections to a third-party or to forgo the investment altogether," he added.
However, Marty Meyer, CEO of Corero Network Security, claims companies that try to protect themselves from Armageddon-style DDoS attacks could be fighting a losing battle.
"There are certainly some key things that an organisation can do to increase their chances of remaining protected, but with the sophistication of these attacks growing so much, many will struggle whilst using their current security infrastructure.
"Traditionally, organisations have relied on firewalls to protect against DDoS attacks, but in reality a firewall can only do so much to protect against these increasingly sophisticated attacks, whether they are relatively simple flood attacks from botnets, or the far more advanced Application-Layer attacks."
As a result, he said companies need to start thinking about a new first line of defence that can stop DDoS attacks, protect the firewall, and allow it to continue to block unwanted connections.
"It is an interesting and worrying time when you take DDoS in to consideration, and we are no doubt going to see these attacks continue to grow in power and sophistication," he added.