As the lines between the professional and social use of technology fade, it is even more important to recognise the significance of distributed denial of service (DDoS) attacks, their probability and the damage they can do.
This is according to senior engineer at F5 Networks, Martin Walshaw, who adds that the decreasing number of bots now available means that hactivists and other cyber criminals are finding new ways in which to amplify their attacks and, as a result, DDoS attacks are becoming a more popular vector.
"To the uninitiated, the nature of a DDoS attack can be a scary, stressful ordeal. It's not surprising either; slow network performance or Web site downtime can be costly for businesses such banks, who are typically targeted with attacks like this," explains Walshaw.
Walshaw urges organisations not to panic, but to instead gather the operations and applications team leads need to verify which areas are being attacked and to officially confirm the attack, and make sure everyone agrees on which areas are affected.
"There should be triage decisions made to keep your high-value apps alive. When you're under an intense DDoS attack and you have limited resources, focus on protecting revenue generators," adds Walshaw. "Keep the business running and whitelist the IP addresses of trusted remote users that require access and main list this list. Populate the list throughout the network and with service providers as needed."
According to Walshaw, it is important to classify the attack. The service provider, he says, will tell you if the attack is solely volumetric and may already have taken remediation steps.
"Evaluate source address mitigation options. For advanced attack vectors, your service provider can't mitigate or determine the number of sources. Block small lists of attacking IP addresses at your firewall. Block larger attacks with geolocation," urges Walshaw. "Identify the malicious traffic and whether it's generated by a known attack tool. Specific application-layer attacks can be mitigated on a case-by-case basis with distinct countermeasures, which may be provided by your existing solutions."
If the attack becomes public, notes Walshaw, prepare a statement and notify internal staff. If industry policies allow it, be forthright and admit you're being attacked. If not, cite technical challenges and advise staff to direct all inquiries to the PR manager.
"With the growth of the Internet and the fast-developing digital era that we're entering, the DDoS threat has never been greater. As the threats increase, and as more sophisticated attacks take place, it's important to increase awareness and understanding and put necessary steps, like these, in place to protect against them," he concludes.
Share