There is No Such Thing as Being Too Prepared

Fewer organizations have experienced Distributed Denial of Service (DDoS) attacks during the past year than during the previous year. This finding from Akamai’s State of the Internet Security Q1 2017 report includes reductions not only in total DDoS attacks, but also infrastructure layer attacks, reflection-based attacks, and attacks greater than 100 Gbps.

While any decrease in damaging DDoS attacks is good news, agencies should view these findings cautiously. New hacking strategies and new attacks surface frequently. For example, DDoS hackers have recently moved on from focusing on the network and transport layers to exploiting the application layer, taking advantage of layer 7 protocols. Attacking the application layer is still relatively minor, however, compared to infrastructure-layer attacks. Akamai’s report found infrastructure-level attacks routinely represent the vast majority of overall attack traffic.

Another area of concern are reflection attacks, which Akamai found to account for 57 percent of all mitigated attacks. Reflection attacks use the same protocol in both directions to mimic the victim’s IP address and send requests for information to servers. Over time, the deluge of requests causes severe network congestion. All types of DDoS attacks are cause for serious concern. These attacks typically find ways to remotely access and control computers at such a rate that they render websites, servers, and networks inoperable or slow them to a crawl.

The federal government is no stranger to DDoS attacks. This year alone, a series of DDoS attacks made it difficult for citizens to file comments and access information from the FCC’s comment system. Several of the Library of Congress’s public-facing sites were also brought to a standstill.

To address the issue, the Science & Technology Directorate’s Homeland Security Advanced Research Projects Agency’s Cyber Security Division (CSD) has several projects in the works. The Distributed Denial of Service Defense (DDoSD) project, for example, will focus on using best practices to defend networks against large attacks, slow attack scale growth, and address DoS attacks against emergency systems.

Defending against large attacks—the CSD effort is working to defend against 1 Tbps attacks—is increasingly important. Akamai’s research found 90 percent of current attacks are between 28 Mbps and 4.8 Gpbs, but attack sizes are growing. Akamai recommends organizations maintain defenses that can withstand an attack of at least 5 Gpbs.

It’s also important to ensure that Domain Name System (DNS) services are fully secure, since they can be particularly vulnerable and are often targets for DDoS attacks. “DNS availability is a major factor in website performance and security,” says Anthony Lauro, senior enterprise security architect with Akamai. “It’s important to have a distributed DNS server model to be able to keep up with new standards, withstand DDoS attacks that aim at taking down this infrastructure, and to answer DNS server requests quickly so sites function properly.”

When choosing an approach to defend your organization against DDoS attacks, choose a solution that stops both network-layer attacks and application-layer threats at the edge of the network. Other functions should include behavior-based rules and alerts. Part of the solution should also include a web application firewall to protect against application-layer attacks in HTTP and HTTPS traffic, such as SQL injections and cross-site scripting.

Finally, consider multiple systems and/or providers to handle situations where the deluge of false requests or traffic is too much for one system to handle. There truly is no such thing as too much preparation.