Monthly Archives: November 2012

Evolving Distributed Denial of Service ‘DDoS’ Attacks Force Defenders to Adapt

Distributed denial-of-service attacks get bigger and combine application-layer exploits requiring defenders to be more agile. n the past, attackers using distributed denial-of-service (DDoS) attacks to take down Web sites or network servers typically adopted one of two tactics: Flooding the site with a deluge of data or overwhelming an application server with seemingly valid requests. Companies concerned about denial-of-service attacks have generally focused more on mitigating data floods, also known as volumetric or infrastructure attacks. Yet, increasingly attackers are using a hybrid approach, using multiple vectors to attack. The attacks that hit financial firms in September and October, for example, often used a massive flood of data packets that would overwhelm a victim’s network connection, while a much smaller subset of traffic would target vulnerable applications functions, consuming server resources. “It is almost like sending a whole squadron of tanks and then have an assault team that can go in and be mores stealthy in taking out their targets,” says Carlos Morales, vice president of global sales engineering and operations for network protection firm Arbor Networks. “It broke the model that people had for stopping these things.” The one-two punch is potent. Many financial firms thought they had the defenses in place to defeat such attacks but had problems staying accessible during the onslaught. Companies prepared to handle application-layer attacks or smaller volumetric attacks could not handle the 20Gbps or more that saturated their Internet connection. Even a gateway that can keep up with 10Gbps connection speed cannot deal with twice as much–or more–traffic sent to the same server. A recent report from network-security firm Prolexic found that the average attack bandwidth had increased to nearly 5Gbps, with 20Gbps attacks quite common. In a year, the average volume of attacks had doubled, the firm found. “The late Senator Ted Stevens got mocked for saying that the Internet is a ‘series of tubes,’” says Matthew Prince, CEO of Cloudflare, a content-delivery and network-security firm. “But the Internet is a series of tubes, and you can only fit so much through it.” Companies must start creating a multi-layered approach to stopping distributed denial-of-service attacks, according to mitigation experts. The greatest amount of attack volume should be stopped inside a provider’s network, away from the company’s links to the Internet. Trying to over-provision your network for the worst case scenario will likely not work and will be very expensive to boot. “Even if you are a large bank in the U.S., you are doing less than 10Gbps of traffic across all the properties of your network combined,” says Cloudflare’s Prince. “If you have to over-provision that by 10x, that is wasting a lot of resources.” By using a service provider to filter out most of the spurious traffic at the edge of the Internet, companies can pay attention to the data that actually enters their network. Collecting information on the traffic can help a company to better develop defenses for future attacks as well, even if a company does not have the resources to identify attacks in real time. Yet, faster detection and more agile response can mean the difference between successful defenses and downtime. “Seeing an impact and understanding that there is an attack happening is not necessarily going to happen at the same time,” says Neal Quinn, chief operating officer for attack-mitigation service Prolexic. For many companies, the threat of attacks is not over, but rather, just beginning. The most recent attacks did not start with the financial industry; other industries have been hit by similar attacks for almost the last year. Companies should not expect it to end there either. The holiday season tends to be a popular time for attackers to attempt to extort money from retailers by threatening denial-of-service attacks. “It is traditionally a very busy time of year for these attacks,” Prolexic’s Quinn says. “If anything, organizations should make themselves more aware of how well they can handle these attacks.” Source: http://www.darkreading.com/security-services/167801101/security/perimeter-security/240142616/evolving-ddos-attacks-force-defenders-to-adapt.html

Read More:
Evolving Distributed Denial of Service ‘DDoS’ Attacks Force Defenders to Adapt

Distributed Denial of Service ‘DDoS’ Attacks From Anonymous Cost PayPal £3.5 Million of Damage

The distributed denial of service attack (DDoS) from hacktivist Anonymous has cost PayPal more than  €4.3 million . The attack which was named Operation Payback  were initially aimed at companies that opposed internet piracy, but switched to companies like Mastercard, Visa and PayPal after they refused to process payments to WikiLeaks . After that attack PayPal -the global leader in online money transfer and payments has paid around £3.5 million defend and arm itself against such kind distributed denial-of-service (DDoS) attacks. In a report BBC said that more than one hundred skilled employees from eBay, PayPal’s parent company, spent almost three weeks working on DDoS-attack-related issues and that PayPal had bought software and hardware to defend itself against further attacks. In all, the total cost of this work came to £3.5 million. This details have been revealed in a court case at Southwark Crown Court where a defendant, Christopher Weatherhead (studying at Northampton University when who allegedly took part in the campaign), is facing charges of conspiring to impair the operation of computers. He has pleaded not guilty to conspiring to impair the operation of computers between 1 August 2010 and 22 January 2011. Sandip Patel , prosecuting, said the group caused PayPal “enormous economic harm” . Mr Patel said they used distributed denial of service, or DDoS, which flooded the targets computers with enormous amounts of online requests. Target websites would crash and users would be directed to a page displaying the message: “You’ve tried to bite the Anonymous hand. You angered the hive and now you are being stung.” Mr Patel said: “This case, simply put, is about hackers who used the internet to attack and disable computer systems – colloquially described as cyber-attackers or vandals.” He said Mr Weatherhead, who used the online name Nerdo, posted plans on an Internet Relay Chat (IRC) channel encouraging an attack on PayPal. He said PayPal was the victim of a series of attacks “which caused considerable damage to its reputation and loss of trade”. Source: http://www.voiceofgreyhat.com/2012/11/DDoS-Attack-From-Anonymous-Cost-PayPal-3.5-Million.html?utm_source=dlvr.it&utm_medium=identica

Continue Reading:
Distributed Denial of Service ‘DDoS’ Attacks From Anonymous Cost PayPal £3.5 Million of Damage

The New Wave of Distributed Denial of Service ‘DDoS’ attacks: How to Prepare and Respond

What will you do if your organization is the next target of a distributed denial of service attack? Hacktivists recently launched DDoS attacks that caused online outages at several major U.S. banks. Each institution was warned in advance; none were able to prevent disruptions. And while banks are the current targets, any organization could be next. Join this panel for expert insight on: Why these recent DDoS attacks elude traditional defenses; New security solutions to help detect and respond to DDoS attacks; How to respond if you are attacked – from ramping up fraud prevention in other channels to what to tell customers about the attacks. Background Beginning in mid-September, hacktivists initiated a series of sophisticated DDoS attacks against major U.S. banks, including Bank of America, Chase and Wells Fargo. The attackers claim to be waging a cyber war against top-tier banking institutions because of outrage over a YouTube movie trailer believed by the hacktivists to be anti-Islam. In each instance, the group has given at least 24 hours notice before launching the DDoS attacks. But no institution so far has successfully avoided online outages resulting from the attacks. These incidents send two clear messages to security leaders: The sophistication and strength of the DDoS attacks are greater than organizations have seen before. One industry expert measured the DDoS traffic flow at one institution to be 65 gigabytes per second – roughly 65 times heavier than previous DDoS attacks. Any organization is susceptible. Banks are today’s DDoS target, but tomorrow it could be a government agency, merchant or healthcare entity that offends a hacktivist group with the resources to launch an attack. If banks, with their mature security programs and state-of-the-art defenses, cannot ward off these attacks, then what other organization can? In this panel webinar, industry leaders with expertise in DDoS defense will present the unique qualities of these latest attacks, why no organization should feel immune, then discuss successful solutions that can empower organizations to detect, prevent and respond to attacks. Leading the discussion is Matthew Speare, SVP of IT at M&T Bancorp. He will set the stage by discussing how his institution responded to the attacks against other banks, including preparation, security controls and customer communication strategies. Speare then will be joined by thought-leaders from Akamai, Fortinet and Neustar, who will discuss a range of DDoS-related topics, including: Sophistication of Attacks – In the past, DDoS meant brute-force network attacks. Now, experts say, they are not only stronger, but also morphing into application layer attack, which makes them harder to detect and block. What have we learned from these attacks, and which new solutions are best for identifying and rerouting the DDoS traffic? A Cover for Fraud? – Sometimes DDoS attacks are meant as a distraction – to keep security personnel focused online while the fraudsters turn to other channels, such as the call center, to commit fraud. What are the account anomalies you need to be equipped to detect? Incident Response – Not only does your organization need to be prepared to respond internally to DDoS attacks, but you also need to know how to communicate externally to customers. What’s your message, and how can you take this opportunity to better explain your security posture? Source: http://www.bankinfosecurity.com/webinars/new-wave-ddos-attacks-how-to-prepare-respond-w-308

Read the article:
The New Wave of Distributed Denial of Service ‘DDoS’ attacks: How to Prepare and Respond

65% Of Organizations Experience Three Distributed Denial of Service ‘DDoS’ Attacks A Year

Despite the increasing sophistication and severity of cyber attacks, a survey of more than 700 senior IT professionals reveals that organizations are surprisingly unarmed to deal with today’s threat landscape. In a new report titled “Cyber Security on the Offense: A Study of IT Security Experts,” the Ponemon Institute and Radware®, (NASDAQ: RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers, found that while 65% of organizations experienced an average of three distributed denial-of-service (DDoS) attacks in the past 12 months, less than half reported being vigilant in monitoring for attacks – much less putting into practice proactive and preventative measures to protect their organizations. “The reality is that cyber threats are outpacing security professionals, leaving most organizations vulnerable and unprepared,” said Avi Chesla, chief technology officer, Radware. “From hacktivists to cyber criminals, companies live under the constant threat of assaults that contribute to lost revenue and serious reputational damage. It’s critical that organizations take immediate action after reading this report. IT managers have to advocate for a multi-layered approach that also takes in account countermeasures to prevent threats before they inflict significant damage.” Key findings from the report include: Availability is the top cyber security priority for organizations today. Gone are the days where companies could solely concern themselves with data leakage and integrity based attacks. Unlike the past few years, where many organizations focused on confidentiality and integrity-based attacks, respondents noted a major shift in their security objectives, ranking denial-of-service (DoS) and DDoS as two of the top three threats their organizations face today. DDoS attacks cost companies 3.5 million dollars every year. Although respondents cited a lack of budget as one of the major impediments to shoring up cyber security, it’s clear that organizations will pay a much higher price for their lack of preparedness. 65% reported experiencing an average of three DDoS attacks in the past 12 months, with an average downtime of 54 minutes per attack. With the cost for each minute of downtime amounting to as much as $100,000 per minute – including lost traffic, diminished end-user productivity and lost revenues – it is no surprise that respondents ranked availability as their top cyber security priority. 63% rate their organization’s offensive countermeasure capabilities as below average. While 60% say they want technology that slows down or even halts an attacker’s computer, the majority of respondents give their organizations an average or below average rating when it comes to their ability to launch counter measures. With 75% of organizations still relying on anti-virus and anti-malware to protect themselves from attacks, it’s clear that the old adage, “the best defense is a good offense” is not being practiced by most firms. Organizations are more vulnerable than ever before. With respondents ranking lack of system visibility (34 percent), mobile/remote employees (32 percent) and negligent insiders (31 percent) as their top three areas of greatest cyber security risk, it’s clear that threats can come from a number of new sources including the Bring Your Own Device (BYOD) movement. Even more frightening, today’s threats are multi-layered, targeting not only networks but the data and application levels as well. “There is a frightening gap that exists between the increasing severity of cyber attacks and the level of preparedness that exists in the industry,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “The report’s findings make clear that now is the time for organizations to begin making critical changes to their security approaches in order to stave off the potentially devastating costs associated with a lack of preparedness and adequate defenses.” To access a complete version of the report, please visit www.ddoswarriors.com, Radware’s in-depth resource for information security professionals. In addition, Radware will host a webinar on November 14 to discuss the report’s findings and provide actionable insights to help any organization properly mitigate attacks in an increasingly hostile threat landscape. Sign up here. About Cyber Security on the Offense: A Study of IT Security Experts The research for Cyber Security on the Offense: A Study of IT Security Experts was co-authored by the Ponemon Institute and Radware. The report surveyed 705 U.S. based IT and IT security practitioners responsible for managing their organization’s cyber security activities. 62% of the respondents surveyed were at the supervisor level or higher with an average of more than 11 years of experience. 65% of respondents were from organizations with a global headcount of more than one thousand and the primary industry segments for the report included financial services and the public sector as well as healthcare and pharmaceuticals. The survey consisted of 35 questions on respondents’ perceptions of and experiences with their organization’s cyber security infrastructure and the types of threats they now face. In addition to the report’s key findings, Cyber Security on the Offense includes: The top ranked negative consequences of cyber attacks Barriers to achieving a strong cyber security posture The technologies most favored by IT security professionals Top methods for performing counter techniques A comparison of attacks across the financial services, healthcare and public sectors About the Ponemon Institute The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries. Source: http://www.darkreading.com/insider-threat/167801100/security/news/240124966/65-of-organizations-experience-three-ddos-attacks-a-year.html  

Follow this link:
65% Of Organizations Experience Three Distributed Denial of Service ‘DDoS’ Attacks A Year

65% of organizations experience three DDoS attacks a year

Despite the increasing sophistication and severity of cyber attacks, a survey of more than 700 senior IT professionals reveals that organizations are surprisingly unarmed to deal with today’s threat l…

More:
65% of organizations experience three DDoS attacks a year

What to Do About Distributed Denial of Service ‘DDoS’ attack

Leaders at four security technology companies say the distributed-denial-of-service attacks that have hit 10 U.S. banks in recent weeks highlight the need for new approaches to preventing and responding to online outages. “Attackers have broadened their toolkits, and DDoS is a not just a blunt instrument anymore,” says Jason Malo , a fraud analyst CEB TowerGroup and former DDoS-prevention expert for domain-naming-system registry operator VeriSign. These experts advise banking institutions to: Use appropriate technology, including cloud-based Web servers, which can handle overflow, when high volumes of Web traffic strike; Assess ongoing DDoS risks, such as through tests that mimic real-world attacks; Implement online outage mitigation and response strategies before attacks hit; Train staff to recognize the signs of a DDoS attack. During a DDoS attack, a website is flooded with what security experts often call “junk” traffic – a saturation of requests that overwhelm the site’s servers, preventing them from being able to respond to legitimate traffic. In essence, DDoS attacks take websites down because the servers can’t handle the traffic. Security experts interviewed for this story say most banks have failed to address this vulnerability to high volumes of traffic. DDoS: Banks on Alert Starting in mid-September, DDoS attacks have resulted in online outages at 10 major U.S. banks . The hacktivist group Izz ad-Din al-Qassam Cyber Fighters has taken credit for the hits, saying the attacks are motivated by outrage related to a YouTube movie trailer deemed offensive to Muslims. But security experts say DDoS attacks are often used as tools of distraction to mask fraud in the background (see DDoS Attacks: First Signs of Fraud? ). To reduce their risk of DDoS takedown, experts say banks need to address three key areas: Layered user authentication at login, which consumes bandwidth; Reliance on Internet service providers not equipped to handle extreme bandwidth demands; and The internal management of Web servers, which limits banks’ ability to hand off traffic overflow when volumes are excessive. Expert Advice Fraud should always be an institution’s top concern, meaning addressing DDoS threats should be a priority, experts say. “DDoS protections have quickly become a new industry best practice,” Malo says. But DDoS attacks pose unique challenges for banks and credit unions. The additional layers of security institutions already implement, such as enhanced user authentication, transaction verification and device identification , demand more bandwidth. So when a bank is hit by a DDoS attack, bandwidth is strained more than it would be at a non-banking e-commerce site, says Mike Smith, a senior security evangelist at Akamai Technologies, which specializes in Internet traffic monitoring and cloud-based DDoS protections (see New Bank Attacks Expected Today? ). So what protections make sense? BankInfoSecurity asked security vendors VeriSign, Prolexic, Cisco and Akamai Technologies for their top recommendations. They all stressed that no one-size-fits-all approach to thwarting attacks exists. Nevertheless, they identified several best practices. Use Appropriate Technology When it comes to selecting the right technologies to minimize DDoS-related outages, vendors advise: Rely on the cloud. No internal server could be expected to handle the amount of traffic these recent DDoS attacks have pushed. Akamai’s Smith says the average amount of traffic coming in during some of those individual attacks equaled about 65 gigabytes per second. “Even at the height of the Anonymous attacks, we saw traffic coming in from 7,000 or 8,000 people [at approximately 1 gigabyte per second],” he says. By relying on cloud-based servers and systems, banks can expand their bandwidth. “It’s never a good idea to manage everything internally,” says Joe Dallatore, senior manager of the Cisco Security & Research Information Group, which specializes in security threat monitoring and online event tracking. Working with a cloud vendor also can help institutions more readily identify a DNS-server attack or other DDoS attack, Dallatore says. Using DNS providers with the capacity to absorb an attack makes sense, because when DNS fails, all other services fail, says Akamai’s Smith. “This is why almost all the large banks use a DNS provider in some capacity, and it’s a proactive defense that is always turned on by default,” he adds. Use virtual private networks. VPNs indirectly improve DDoS protections, says Matt Wilson, who oversees strategic technologies at VeriSign. Attackers target publicly available sites because they are public. But a VPN cannot protect an entire infrastructure. For complete protection, banks and businesses must continue to rely on other technologies for firewall management as well as server and router maintenance, he says. A better solution, Akamai’s Smith suggests, is VPN over MPLS [multiprotocol label switching] for critical or business-to-business functions. Apply challenge-and-response. Malo says banks should encourage vendors to develop DDoS protections that “challenge” traffic. These protections, he says, could mirror challenge-and-response options, such as CAPTCHA images, used for online banking. A CAPTCHA image uses distorted letters or numbers that an online user is required to enter at login to help affirm authenticity. “DDoS mitigation is not just about finding a signature and putting mechanisms in to filter or block traffic,” Malo says. “Mitigation also includes introducing challenge-response.” Challenge-and-response options would help banking institutions differentiate legitimate traffic from so-called junk traffic often associated with DDoS attacks, he adds. But Akamai’s Smith warns that challenge-and-response during a large DDoS attack could be dangerous, since challenge-and-response takes one request and turns it into four. “This does not scale, and it sets you up for additional points of failure.” he says. For smaller attacks, challenge-and-response can be effective, however, “where we are worried about denying legitimate users because of mega-proxies, corporate Internet access points,” Smith says. Don’t rely on intrusion detection. Intrusion prevention and detection systems can be effective at picking up on anomalous traffic or behavior associated with a DDoS attack, CEB TowerGroup’s Malo says. But that’s not what those systems were primarily designed to do. While leaning on those systems can help DDoS detection, and in some cases help institutions thwart online outages, redirecting IPS and IDS can create new vulnerabilities. “When protection systems are redirected, banking institutions inadvertently create new vulnerabilities,” he says, because other defenses are weakened. Scrub. Traffic scrubbing, which clears suspected botnets and junk traffic at the ISP, can be effective, Cisco’s Dallatore says. The more bad traffic an institution can block at the outset, the better its chances of limiting an outage. Assess DDoS Risks Vendors stress that regularly assessing DDoS risks, such as through tests that mimic real-world attacks, is essential. “Run periodic table-top exercises to model how an attack could hit and then test the accompanying remediation strategies you’ve put in place,” says Stuart Scholly, president of Prolexic, which specializes in cloud-based services for website restoration after a DDoS attack. To set the stage for remediation plans and testing, vendors recommend banking institutions first: Know typical traffic patterns. To better assess risk, financial institutions must carefully determine what typical site traffic looks like, Malo says. That way, when a DDoS attack hits, atypical traffic patterns are more obvious. Understand the infrastructure. Understand the Web applications, online bandwidth limits and any infrastructure elements that could affect site capacity. Akamai’s Smith says network segmentation can limit the impact an attack has on other services inside the same infrastructure. “At a minimum, critical sites should be provisioned onto their own, dedicated network circuits and border devices to limit the impact of both an attack against them and from attacks against other services in the same data center,” he says. “Brochureware sites,” consumer transactional sites and business sites are good candidates to break out into their own infrastructure, Smith says, while redirect, typo and marketing-campaign sites can be run from shared infrastructure. Mitigation and Response DDoS mitigation strategies and response plans should be included in disaster recovery and business continuity strategies, Prolexic’s Scholly says. Those strategies also must include definitive communication and action plans, Cisco’s Dallatore says. Communicating with employees and the public soon after a DDoS attack is critical for reputational preservation. “You want to be sure operational people, for instance, can reach the decision makers or have the authority to make decisions when a site goes down,” Dallatore says. During the recent wave of attacks, banks’ communication with the public varied. Some institutions acknowledged their sites went down because of DDoS attacks, while others only said their sites experienced intermittent outages. Greg Nowak of the Information Security Forum says most institutions have been too quiet – fueling the public’s fears about the outages. “They seem to be regarding it as a secret,” Nowak says. “[The banks] should be taking the opportunity to explain to their customers the difference between a denial-of-service attack and some sort of hacking attack that actually puts information at risk.” Provide Training Training staff to recognize the signs of an attack is essential, vendors advise. Bank and credit union employees must understand what DDoS attack traffic patterns look like, says Prolexic’s Scholly. Front-line staff members also need to know how to respond if they start getting calls about a site being down. BITS , the technology division of the Financial Services Roundtable, says banks and credit unions need to clearly communicate with customers and members that their financial information and accounts are secure. Among BITS recommendations: Explain that attacks have not resulted in unauthorized access to customer information; Reiterate to consumers that banking institutions use sophisticated online security strategies to protect customer accounts; Let consumers know that institutions continue to invest in technology to defend against potential attacks. “We want the public to know that institutions are taking steps to address these attacks – with ISPs and other security providers – and there is a fair amount of collaboration going on with regulators and the Department of Homeland Security about the threats and how to address them,” says John Carlson, executive vice president of BITS. “You can’t underestimate the importance of training, and the role it plays in your business continuity planning,” Scholly says. “When you are prepared, it makes a world of difference.” Source: http://www.bankinfosecurity.com/what-to-do-about-ddos-attacks-a-5271/p-3

View article:
What to Do About Distributed Denial of Service ‘DDoS’ attack

Man arrested for Distributed Denial of Service ‘DDoS’ attack on Theresa May

A MAN HAS BEEN ARRESTED on suspicion of launching and promoting a denial of service attack on the website of UK Home Secretary Theresa May. The man is unnamed, but is said to be 41 years old and from Stoke on Trent, He is accused of mounting an attack on May’s website and others, and of inciting other people to participate. “The activity this morning demonstrates the commitment of the PCeU (Police Central e-Crime Unit) and our colleagues to combat cyber criminality anywhere within the UK and take action against those responsible,” said detective inspector Jason Tunn of the Metropolitan Police. “Assisting and encouraging cyber crime is a serious matter and I would advise all persons to consider their actions and any possible future consequences prior to posting any material online.” May’s website was attacked earlier this year as part of Operation Trial At Home, an Anonymous backed effort to raise awareness about ongoing extradition controversies, including those affecting Richard O’Dwyer and Gary McKinnon. Optrial At Home, as it was called on Twitter, was announced by an account called AnonopUK. “#OpTrialAtHome We will be firing our Laz0rs at GCHQ.gov.uk 8pm GMT 14th April, We invite all #Anons again to join,” it said in a tweeted message that has now apparently been deleted. That account was still sending out messages late last night. Whoever was arrested was nicked on suspicion of assisting or encouraging crime contrary to the Serious Crime Act 2007. The man has been bailed until mid-December. Source: http://www.theinquirer.net/inquirer/news/2222942/man-arrested-for-denial-of-service-attack-on-theresa-may

Follow this link:
Man arrested for Distributed Denial of Service ‘DDoS’ attack on Theresa May

Life cycle and detection of an exploit kit

As the process of owning systems and dragging them into botnets becomes ever more commercialized, exploit kits have emerged as a favorite of attackers. Their point-click-own nature means even non-tech…

See the original article here:
Life cycle and detection of an exploit kit

Defending Against The Next Generation Distributed Denial of Service DDoS Attacks

Here is a great post from Joey Muniz at www.thesecurityblogger.com Press around the DDoS attack Operation Ababil has caught the attention of many of our customers. This sophisticated cyber strike used a combination of three separate rootkits targeting webservers, which produced a very high upstream attack method on multiple companies simultaneously. The scary part about Operation Ababil was it was designed to bypass standard DDoS defense methods. This clearly demonstrates there isn’t a silver bullet for addressing advanced DDoS attacks. Distributed Denial of Service DDoS, web application and DNS infrastructure attacks represent some of the most critical threats to enterprises today. Here is some suggestions for a reference architecture to defend against these an other advanced threats. The best approach for defending against advanced DDoS as well as other cyber attacks is having multiple security solutions using different methods to detect malicious activity for both internal and external threats. For internal threats, it’s critical to have a well-designed and mature security infrastructure that includes components such as firewalls, IPS/IDS, email and content / application security solutions. Similar security standards need to be applied to endpoints as well as in the datacenter such as proper patch management, anti-virus and anti-malware. It’s important to enable DDoS defense features for these tools. For example, some best practices are leveraging ACLs for ingress and egress filtering, rate limiting ICMP and SYN packets as well as verifying if the source IP of packets have a route from where they arrived. Standard internal security solutions are important however will not completely protect you from advanced DDoS and other cyber threats. Security administrators need full network visibility to quickly identify anomalies regardless of their location or form of communication. Best practice to identify malicious activity inside your network is monitoring the wire using a Netflow or Packet capture approach (more can be found HERE and HERE). It’s also important to match identity to devices found. An example is how Cisco offers integration with its flagship access control solution, Identity Services Engine ISE, to network forensic tools such as LanCope, NetWitness and most major SIEMs. Having a tuned monitoring solution will dramatically improve reaction time to internal cyber threats. Most administrators associate DDoS as an outsider attack. We hear customers claim their service provider is responsible for providing DDoS defense however a service providers mission of delivering service will always outweigh concerns for security. For this reason, it’s critical to invest in an external DDoS defense solution as well as verify what security tools are included with your service provider contract. The two large players for external DDoS defense are Akamai and Arbor networks. Akamai’s Kona Site Defender provides DDoS mitigation and Application Layer Protection for most service providers. If your service provider uses Akamai, verify if they invested in the additional Kona suite. The leader for enterprise DDoS defense is Arbor (more can be found HERE). Arbor’s Peakflow, Prevail and cloud subscription services are the defacto standard for DDoS defense at the vast majority of our Tier-1 and Tier 2 ISPs as well as enterprise customers. Online DDoS monitoring services are also an option offered by companies such as Prolexic which are an alternative to purchasing equipment. To summarize the DDoS defense architecture, an enterprise should focus on both internal and external defense. The internal network should have a solid security foundation, monitor the wire for devices that access the network and match identity to those devices to distinguish what is permitted from rouge devices. Investments should be made in external defenses that offer the ability deflect DDoS traffic such as SYN Floods or UDP Floods as well as authenticating valid traffic at the network edge. Best practice is using DDoS solutions that leverage a large customer base via cloud services to improve reaction time as a community. Its also wise to question your service provider for what security solutions are included with your service package. Having this blend of internal and external security solutions will dramatically improve your chances against todays advanced persistent threats such as Operation Ababil. For DDoS protection for your eCommerce site click here to learn more. Source: http://www.cloudcentrics.com/?p=2293

Read the original:
Defending Against The Next Generation Distributed Denial of Service DDoS Attacks