Identifying Security Threats while under DDoS Attack

The first topic we will look at in the series of blogs on network security is Distributed Denial-of-Service (DDoS). As we’ve all seen, DDoS attacks come from a multitude of compromised systems (botnets) attacking a single website with a flood of incoming messages, thereby causing a denial of service for your users. In a severe case, a massive DDoS attack took the entire country of Myanmar offline in 2010.  Many industry pundits have stated that botnets represent the biggest threat to Internet security.

If your data center suffers an outage, you are losing revenue for every minute that you are under siege. A study by the Ponemon Institute found the total cost per minute of an unplanned outage to range from $573 to over $11,000 per minute, with an average of $5,617 per minute. Ouch!

Has your organization performed scenario planning for DDoS?  Do you have a contingency plan in place?  And have you properly tested for this nightmare scenario? Can your organization survive an attack and identify security threats while under a DDoS Attack? Surviving a DDoS attack is no longer just about maintaining availability and performance while under attack.  DDoS attacks are now commonly used to hide other more targeted attacks.

To determine whether your sites and servers can survive both the flood of traffic as well as the hidden attacks, you need to simultaneously drive the traffic that simulates a DDoS attack and inject a variety of attacks to see determine whether they are identified and prevented under DDoS conditions.  To do this, you need a deep, detailed database of signatures to inject into the network and tools that can simultaneously generate DDoS-level traffic rates and conditions.

Hoping that your site flies under the radar of a DDoS attack is not a viable strategy.   There is no substitute for putting in the hard work of extensive simulation and testing.  While this will not guarantee an impenetrable site, it will help minimize disruption and keep your organization out of the DDoS news.

This wraps up our first blog in the security series.  Next week we'll look at signature detection along with its requirement for deep packet inspection.

Related Posts:

comments powered by Disqus
× Spirent.com uses cookies to enhance and streamline your experience. By continuing to browse our site, you are agreeing to the use of cookies.