Publications
Partners
Cape Town - As individuals increasingly go online, companies face an increased risk of cyber attacks for a number of reasons.
Some groups like Anonymous launch cyber attacks for ideological reasons, while other groups may simply be interested in extorting money.
In either case, companies (and the individuals who work for them) face a threat from cyber gangs who could paralyse networks and compromise user information.
"The threat posed by DDoS attacks is ever growing and is something that continues to be a topic that interests and concerns businesses in equal measure. As the lines between the professional and social use of technology fade, it is even more important for us to recognise the significance of this type of attack, their probability and the damage they can do," said Martin Walshaw, a senior engineer at F5 Networks.
The company helps firms to organise networks to maximise cloud solutions.
Anonymous
The DDoS or Distributed Denial of Service attack overwhelms a targeted server which crashes, impacting on business productivity and often the bottom line.
Anonymous rocketed to fame when the group used this method for attacking the Recording Industry Association of America and the Motion Picture Association of America successfully over their links with an organisation that attacked The Pirate Bay.
Anonymous in 2010 took down the websites of PayPal, Visa and Mastercard which booted Wikileaks from their accounts.
It is estimated that the financial damage to PayPal alone exceeded $5m.
Anonymous on Monday used the same tactic to target Israeli government departments over the country's war with Hamas in the Gaza Strip.
The war has so far cost nearly 2 000 lives, though most of the dead are Palestinian civilians.
Walshaw says that there are clear strategies that companies and organisations should follow when dealing with possible DDoS attacks.
Tips:
1. Verify that there is an attack - rule out common causes of an outage, such as DNS misconfiguration, upstream routing issues and human error.
2. Contact your trouble-shooting team - gather the leaders of operations and applications to verify which areas are being attacked and to officially confirm the attack. Make sure everyone agrees on which areas are affected.
3. Triage your applications - make triage decisions to keep your high-value apps alive. When you're under an intense DDoS attack and you have limited resources, focus on protecting revenue generators.
4. Protect remote users - keep your business running: Whitelist the IP addresses of trusted remote users that require access and mainlist this list. Populate the list throughout the network and with service providers as needed.
5. Classify the attack - what type of attack is it: Volumetric? Slow and low? Your service provider will tell you if the attack is solely volumetric and may already have taken remedial steps.
6. Evaluate source address mitigation options - for advanced attack vectors your service provider can't mitigate/ determine the number of sources. Block small lists of attacking IP addresses at your firewall. Block larger attacks with geolocation.
7. Mitigate application layer attacks - identify the malicious traffic and whether it's generated by a known attack tool. Specific application-layer attacks can be mitigated on a case-by-case basis with distinct counter measures, which may be provided by your existing solutions.
8. Leverage your security perimeter - still experiencing issues? You could be confronting an asymetric layer 7 DDoS flood. Focus on your application-level defences: Login walls, human detection or Real Browser Enforcement.
9. Constrain Resources - if previous steps fail, simply constraining resources, like rate and connection limit is a last resort - it can turn away both good and bad traffic. Instead, you may want to disable or blackhole an application.
10. Manage public relations - if the attack becomes public, prepare a statement and notify internal staff. If industry policies allow it, be forthright and admit you're being attacked. If not, cite technical challenges and advise staff to direct all inquiries to the PR manager.
- Follow Duncan on Twitter
