“More creative and varied”, this is how Brad Casemore describes the current nature of DDoS attacks in a recent article in the TechTarget website. Casemore, who is research director at International Data Corporation (IDC), said that the burden is on the shoulders of IT product/service vendors to come up with improved solutions for detection and mitigation of threats like DDoS.
The need for such solutions becomes even greater with the growing trend of encrypting network traffic, which increases the likelihood of abuse by hackers and create yet another vulnerability to security threats. This is the observation of Paul Nicholson, product marketing director at A10, a company that provides application networking technologies focusing on optimized performance of data center applications and networks.
What A10 has done lately is to produce what they call an anti-DDoS appliance branded as Thunder TPS (threat protection system). This product may be relevant only to large data centers at this time because this is apparently the user category A10 primarily had in mind when they designed Thunder TPS. Whatever. The important thing to note is that the idea of anti-DDoS appliance has been implemented and is now in the market.
Making data centers the environment model for Thunder TPS has been influenced by the escalating incidences of complex DDoS attacks against data centers and large enterprises as a whole. This is a blessing for the user community because, as it turns out, the resulting product implements a two-pronged approach to threat mitigation: breadth of attacks and size of attacks.
Like all other existing technology products designed for contending against security threats, Thunder TPS is not invincible. “Really big attacks could overwhelm it,” says security analyst Adrian Sanabria of 451 Research. Sanabria recommends pairing Thunder TPS with “something cloud-based or upstream”.
Nicholson gave some insights into the DDoS appliance’s attack prevention measure. Thunder TPS comes bundled with software that allows users to block attacks flexibly. Users can use regular expression rules; they can also program rules using the product’s aFlex tool.
In addition, Thunder TPS features “more robust SSL protection to validate whether clients attempting to access the network are legitimate or part of a botnet” (to use Nicholson’s words). The appliance can detect the presence and identity of potential threats through its access of “more than 400 destination-specific behavior counters”. Its software enables inspection of MPLS-encapsulated traffic and use of NAT (network address translation) as alternative to tunneling when the appliance moves sanitized traffic to other parts of the network.
Considering that Thunder TPS is data center oriented, users can expect that it is not a plug-and-play affair. They are likely to need their in-house IT experts to coordinate with the Thunder TPS deployment team, plus the help of external IT professionals if necessary.
Distributed denial of service (DDoS) is a type security threat wherein one individual or group — the attacker — intentionally and maliciously lets loose extremely high volumes of Internet traffic into the computer network resources of another — the victim — in order to paralyze those resources either by slowing down their performance or halting their operation altogether. The operative phrase is extremely high volumes.
When a network receives traffic volume that’s beyond its capacity to handle, at least one vital part of it if not the entire network itself, is bound to get choked and will no longer be able to perform network services requested by legitimate clients. We can compare the situation to a highway that gets maliciously swamped with thousands of motor vehicles at a particular hour of the day when it is designed to serve regular traffic of only a few hundred in the same time frame. The ensuing traffic jam denies the highway the ability to perform its service of efficiently transporting people, goods, or services from one geographical point to another.
DDoS attacks use multiple networked computers organized into malware clients called botnets or “zombies” that are controlled by servers acting as command centers. This is the “distributed” part of DDoS.
Specific physical targets of DDoS attacks include web services, applications, and firewalls. The victims are usually organizations that are business, political, social or ideological competitors of the attackers.
What makes DDoS attacks particularly troublesome is that there are many categories of them. There is, for instance, the simple attack which floods the target with nuisance traffic (often disguised as legitimate traffic) using a large number of botnets aimed at the weakest network link. The overwhelming presence of unwelcome traffic prevent legitimate traffic from availing of services of the system under attack. Other categories of attack are DNS (Domain Name System) attacks and HTTP (HyperText Transport Protocol) attacks, both of which have their own variations.
When the target of DDoS attacks are commercial establishments, there is almost always a financial loss. Surveys on the effects of such attacks suggest that losses could range from $10,000, to $50,000 to $100,000 per hour of network downtime depending on the particular type of business. Duration of attacks range from 24 hours or more, to days, to weeks. All these figures indicate very plainly that DDoS attacks can hurt the pockets of business enterprises in a big way and, consequently, the national economy.
But financial drain is not the only worry that confronts victims. There is also serious disruption of customer service and damage to brand reputation.
Can DDoS attacks be banished from the land and save victims from untold worries?
Network security experts say that there is no way DDoS can be eliminated. They can only be mitigated. This means that financial losses from DDoS attacks are bound to be incurred and the best that businesses could do is control the damage.
To guard against DDoS, organizations that rely heavily on network services should fully understand their present strengths and weaknesses as far network security is concerned. For best results they can partner with a DDoS protection specialist, or alternatively with IT specialists who have a very good handle on security.