In a prior article entitled “The Hacker’s use of DoS/DDoS” (link here), I discussed the basics of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks that hackers use to cripple networks and services. As a recap, DoS/DDoS attacks are typically volumetric attacks. Volumetric attacks will saturate the Internet links of the victim. Radware, a security vendor, noted that the attack approaches have changed dramatically over the past few years (Rayome, n.d.). There are several immediate solutions that include (a) employee training and (b) the possible use Protection solutions to mitigate the impact of a DoS/DDoS attack.
Employee training continues to be at the top of the mitigation ‘to-do’ list. Training offers a first-line of defense and protection for DDoS attacks. The impact of DDoS ransomware attacks, as an example, can be limited by periodic and frequent employee training sessions in the organization. Training will give employees an understanding on how to avoid having ransomware installed into their systems. According to Kassner (2016) DDoS ransomware can be minimized by:
- Raising staff awareness of how ransomware attacks occur and introducing technical and procedural controls to prevent infection,
- Develop ransomware policy and procedures that are used in the event of an infection,
- Ensure that backups are tested and are maintained, separate from the network.
Protection services, as another avenue to protect organizational assets, can address the recent DDoS attack methods. Due to the growing online availability of attack tools and services, the attack vector has expanded. In addition to large-scale DDoS attacks, smaller attacks and low-and-slow attacks (those attacks that are intentionally throttled down as not to raise an immediate alert) impact five out of six businesses. Smaller attacks fall below 1 Gbps in volume but consume enough network and server resources to result in poor service levels and impact good customer experience. Low-and-slow attacks, even if they are not making the headlines like their large-scale DDoS attack cousins, are a serious threat.
In order to prevent a DDoS attack, whether a low-and slow or a large-scale attack, organizations should consider protection services. Protection services allow an organization to implement a smart defense that offers services in an ‘as-needed / just-in-time’ approach. Protection services offer 24 x 7 protection that support an organization’s attack mitigation strategy before the threat becomes more damaging.
A cloud-based scrubbing service is one protection service alternative to thwart an attack and can be used in a hybrid DoS/DDoS mitigation approach. The hybrid approach combines the customary on premise DDoS protection blended with a cloud-based DDoS service. A cloud-based service has an abundance of throughput and the resources commonly distributed across the globe, which can serve to mitigate, or frankly blunt, the source of the attacker. A hybrid approach that includes cloud-based scrubbing may be a cost effective way to handle DoS/DDoS attacks, especially from a cost of resource perspective. The hybrid model leverages automatic or manual redirection of traffic through a cloud-scrubbing center in the event a volumetric type of attack threatens to saturate the Internet link (Radware, n.d.).
However, given that a hybrid approach uses cloud-based services, there is a problem with this approach. If we allow our organization’s data to be sent to an outside organization’s cloud or services, our organization may be complicit in how the external organization manages its data. Moreover, if we send our organization’s data to another organization’s web or cloud, it implies that we have agreed to their terms of service. We are, then, at the effect of another organization’s data protection policies and methods. Finally, aside from the use of (a) continuous employee training and (b) DDoS protection services a list of good practices. A summary list of items that can assist in reducing DDoS problems include:
- Employees should not store important data on their desktop.
- Two backups of employee data should be available.
- Spam emails or emails from people that the employee does not know should never be opened.
- Attachments from emails from unknown senders should not be opened.
- User accounts should be set up with appropriate limited system privileges.
- Network teams need to re-evaluate all open ports on the firewall (Rayome, n.d.).
Additionally, for the Organization a summary list of items that can help mitigate DDoS issues include:
- Regular backups of all systems and critical data should be made periodically and frequently on a scheduled basis.
- An inventory of all digital assets must be actively maintained.
- All software must be kept up to date, including operating systems and applications.
- The network must be segmented to separate data into logical and more secure areas (Zaharia, 2017).
DoS/DDoS attacks can cause severe system outages, which will impact the organization’s business (Meyran, 2012). Further, depending on the length and severity of the attack, a DDoS attack can severely damage the organization’s reputation and can have negative fiscal implications. The two methods presented in this paper; (a) continuous employee training and (b) DDoS protection services offer some promise out of several DDoS mitigation strategies.
Meyran, R. (2012, February 05). DDoS Attack Myths: Does Size Really Matter? Retrieved October 1, 2018, from https://blog.radware.com/security/2012/02/ddos-attacks-myths/
Radware. (n.d.). DDoS Prevention Services: Multi Layered DDoS Security Solutions. Retrieved October 1, 2018, from https://www.radware.com/solutions/security/
Rayome, A. D. (n.d.). How to avoid ransomware attacks: 10 tips. Retrieved October 1, 2018, from https://www.techrepublic.com/article/10-tips-to-avoid-ransomware-attacks/
Zaharia, A. (2017, December 11). What is Ransomware – 15 Easy Steps To Protect Your System [Updated]. Retrieved October 1, 2018, from https://heimdalsecurity.com/blog/what-is-ransomware-protection/
About the Author
Ron McFarland is a technologist at heart works happily with students and as a consultant. Demonstrating his love for the field, he received his Ph.D. in from the College of Engineering and Computer Science and a post-doc in Cybersecurity Technologies. He is a guest blogger at Wrinkled Brain Net (http://www.wrinkledbrain.net), a blog dedicated to Cyber Security and Computer Forensics. Dr. McFarland can be reached at his UMUC email: firstname.lastname@example.org