Wednesday, 8 January 2014

DDOS Attacks and Protection

DDOS attacks, or Distributed Denial of Service attacks, are a form of network attacks aimed at disabling the functionality of a network being targeted. These attacks generally come in the form of either individuals spamming a network to slow it down or create instability, or a bot that systematically attacks a network or series of networks. DDOS protection is the only security for these types of attacks.

DDOS Attacks and Protection


DDOS attacks are more common today because of the wide reaching availability of networks, cloud computing, and "always on" technology in which a network is never offline. Commonly these attacks are taken out on businesses and organizations that are operating in competition to another person's goal. Meaning that instead of harassing a company in person, a group of hackers or another business may launch a DDOS attack as a means of crippling an organization's ability to function.

Even large companies with extremely sophisticated networks are at risk. As recently as 2010, a DDOS attack was launched on PayPal and MasterCard during the height of the WikiLeaks news. The attack was aimed at those companies after they refused to process donations to WikiLeaks. Whichever side of the issue you stand on, doesn't take away from the fact that vulnerability lies at every level of business.

Because of the prevalence of this type of attack, there are many DDOS protection methods available today. To decide which DDOS protection method is right for your particular business depends on the architecture and needs of your network. The key to stopping a DDOS attack is pro-active DDOS protection aimed at identifying the attacking traffic and stopping it as soon as possible.

Firewalls

Firewalls are typically the first method employed in DDOS protection. Firewalls are constantly running, and act as the gate keeper to your castle (network). Once an attack is realized, the first option is to block traffic from the particular IP address that is sending the traffic. In more complex attacks, there will be a system of computers on different IP addresses, so ad-hoc blocking is not most effective tool for DDOS protection. If traffic is all centered on a specific port, then that port can be shut-off until the attack is over. This is an issue if the port being attacked is 80 (internet traffic) as that would shut down all internet traffic to the network. Often times, firewalls are deep in the hierarchy of a network, protection at the switch level may be more appropriate.

Switches

Today's switches are very sophisticated and have constantly running DDOS protection. Switches can use rate limiting, which caps an amount of traffic coming in or out thus denying any chance of overflowing a network's capacity. Also, deep packet inspection offers switches the ability to inspect each packet being sent through before allowing on to the network. Switches can also use Bogon Filtering which blocks bogus IP addresses that may be originating from a DDOS source. This is good to have in case the IP filtering of the Firewall is unable to stop that method of intrusion.

DDOS protection is must for any network today. Attackers do not always have a reason for attack other than "watching the world burn". While the reason behind the attack may be unclear, an unprotected network is vulnerable to these attacks at any time. In the world of network protection, DDOS protection is the defense in a "defense is the best offense" strategy.

The author of this article, Petra Gordon, has written many Technology articles in the past. As a point of reference, readers may want to check out DOSArrest, which has a lot of trusted and reliable information on DDos technology.

Article Source: http://EzineArticles.com/8145401

No comments:

Post a Comment