Defending Against DDoS Attacks

By Holly Gilbert

This is a significant shift, which ultimately could allow the hackers to do more damage, because “Web servers are designed to be always on, and they sit on very good bandwidth,” Cobb explains. “Bandwidth is important in most DDoS attacks because that’s the constraining factor in how much garbage you can send at your target.”

In addition, “What the bad guys found with the classic PC/laptop attack was that more and more people are turning those machines off when they don’t use them,” Cobb says. “So that’s not so good for a DDoS attack, because you may think you have a thousand machines out there under your control, and you do, but if half of them are asleep, you can’t deliver so much attack bandwidth.”

This migration to Web servers also means that a company’s server, if it is hijacked, might end up on a blacklist by Internet watchdog groups like The company’s Web site could end up being taken offline. So companies need to protect their systems not only against attack but also against being used unwittingly to launch attacks.

Lance James is head of intelligence at Vigilant, a cybersecurity solutions provider which was recently acquired by Deloitte. He says the hijacking of Web servers to attack other sites just amplifies the level of harm a hacker can do.

DDoS attacks are becoming simpler to carry out, and virtually anyone who knows where to find the resources can orchestrate, or have someone else orchestrate, an attack. “It’s actually done usually by a service. We see a lot of these kids, they buy a service or they buy a tool, and they can rent a service to allow them to attack sites,” he says.

While it is not yet possible to keep hackers from directing a deluge of traffic at a company, it is possible to have a defensive solution in place ready to respond when that happens. A company can, for example, enroll in a DDoS mitigation service like CloudFlare. CloudFlare is designed to protect against DDoS attacks by rerouting all the bad traffic coming to a Web site elsewhere. It has the space to actually absorb that bad traffic by buying up tons of bandwidth on networks all over the world. “And we’re growing that at about 20 percent month over month, so it’s getting bigger and bigger and bigger, just because we’re getting more and more customers coming to us,” says Matthew Prince, CEO and cofounder of the service. “We’ve had some high-profile attacks that have hit our system, and there hasn’t been one yet—knock on wood—that we haven’t been able to stop.”



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.