How NOT to protect yourself against DoS attacks

January 22, 2016 bentannahill

 

How long can you afford for your website to be offline?

A day? An hour? Ten minutes?

A denial of service (DoS) attack aims to temporarily or indefinitely interrupt or suspend an online service, potentially causing significant disruption to your customers and revenue losses.

They are caused when an attackers sends dummy web traffic to a site or application in such large amounts that your app is put out of operation.

For example, if an online store can cope with 15 people per second clicking the ‘Login’ button, then an attacker need only send 15 fake requests per second to stretch that site beyond its capabilities.

Why worry?

DoS attacks hit record highs in 2015. And they’re getting bigger and more complex.

In a recent survey of over 500 companies by analytics company Neustar, 85 per cent of respondents reported multiple DDoS attacks, with 31 per cent saying that the longest attacks lasted longer than a day.

Almost one third said they were losing more than $100,000 an hour during these attacks.

And DoS attacks are getting cheaper, too. You can now rent a Botnet for an hour for the price of a newspaper.

Today, a hacker can permanently take down your site, at very little cost. And the larger your company, the more likely you are to get hit.

Given these trends, it’s not if you get attacked. It’s when.

What doesn't work

A few basic methods are commonly put forward to address these attacks. But they’re not entirely up to the job.

Black-holing or sink-holing

This is when you are removed from your network, protecting the rest of that network from attacks. This means that attackers cannot gain access to your network. But your site will still go offline. Not ideal.

Firewalls

Firewalls are par for the course when it comes to defending your network against unwanted intruders. But firewalls were designed to prevent small numbers of instances of illegitimate entities. DoS attacks are legitimate entities that are, however, sent in large enough numbers to flood a network.

This contradiction means that firewalls often merely function as a bottleneck, further slowing your website.

Intrusion Prevention Systems (IPS)

An IPS performs a ‘deep packet inspection’ (DPI) that examines the data content of packets as they pass through your network.

But if an IPS tries to analyse huge volumes of traffic, as with a DoS attack, you just end up with another bottleneck.

What’s more, IPSs only let through traffic they are certain is good. This can lead to false positives when the IPS is under pressure.

To top it off, they must be updated manually with protection against the latest security threats, and without constant management can lead to unnecessary vulnerabilities.

How can you actually protect yourself?

The problem with the above methods is that they weren’t designed to stop DoS attacks. They were built to investigate individual sessions only – not instances when millions of legitimate sessions are initiated simultaneously.

They have just been unceremoniously shoehorned into the role of DoS protection, because task-specific alternatives weren’t available. And the result has been a year-on-year rise in successful DoS attacks.

The solution?

DoS mitigation.

This reroutes your traffic to go through a purpose-built DoS protection platform, which monitors and analyses traffic data patterns in real time. When a DoS attack is detected, traffic is directed to the nearest ‘scrubbing centre’, where the ‘good’ traffic is filtered from the ‘bad’ and routed to minimise the impact of the DoS attack. The clean traffic is then redirected back into the customer’s network.

This technique is not only highly effective, it also reduces the need for expensive hardware and means that you avoid having to spend time configuring complicated instruments such as routers or firewalls.

What’s more, if you work with a provider that has access to a larger network, they will be able to absorb more traffic and protect their customers from larger DoS attacks than the customer would have been able to handle on their own.

It is practically impossible for a single business to put together a sufficiently resilient DoS mitigation strategy on their own that can scale appropriately in response to these larger DoS attacks that are becoming more and more frequent.

So you need a partner you can trust.

Claranet's Web Acceleration and DoS Protection is a service for businesses who would like to get the most out of their web application. The service enhances the security, performance, and availability of an application through the use of multi-national cache nodes and state-of-the-art, intelligent DoS mitigation.

 

Previous Article
Claranet at Cloud Expo Europe!
Claranet at Cloud Expo Europe!

cloud expo europeeventDon’t miss Claranet at Cloud Expo Europe

Next Article
Utilising the DevOps approach  - knowing what you need to do
Utilising the DevOps approach - knowing what you need to do

Discover how a DevOps approach can help your organisation bring the tools together to build systems that un...

×

First Name
Last Name
Thank you!
Error - something went wrong!