Currently set to No Index

Taking a Behavioral-based Approach to DDoS Security

As the proliferation of online data has grown, so too has the need for companies to develop massive and complex virtual infrastructures in order to support their online traffic. These systems offer users untold benefits in terms of front-end experience, web performance, and data storage. Yet one of the unfortunate consequences that has arisen from the development of these enormous infrastructures is their susceptibility to different forms of online attacks.

One such method of online incursions that’s being deployed more and more by attackers is through a distributed denial-of-service, or DDoS attack. Simply put, a DDoS attack involves hijacking a system’s performance capabilities by flooding it with ancillary requests and tasks. The end goal of such an attack is to tie up the system sufficiently enough to make it unable to support actual user traffic, or to slow its operations to the point of making it virtually inaccessible. Simple denial-of-service attacks involve only one attacker, while DDoS attacks typically involve multiple parties attacking a system at different access points.

Defining a DDoS Attack

The success of a DDoS attack depends largely upon the size of the system that’s being placed under siege. Given that the ultimate goal is to tie up a system’s performance, attackers tend to focus on high-profile, high-volume web servers such as those employed by financial institutions, or domain name systems servers and credit card payment processing systems. Based upon those detected as having launched such attacks, many industry insiders have come to view DDoS incursions as online protests meant to handicap organizations and destroy user confidence in their systems. Currently, it’s estimated that DDoS attacks happen at a rate of 28 attempts per hour.

RELATED:   Moving Disaster Recovery to the Cloud

DDoS attacks can be carried out in a number of different ways. These include:

  • Smurf attacks: In this attack, the attackers send out IP packets to all of the hosts on a network with a source address made to appear like that of the targeted system. This quickly eats up all of network’s available bandwidth.
  • Teardrop attacks: With this method, attackers are able to crash systems by triggering bugs in their TCP/IP fragmentation reassembly codes. Mangled IP fragments are sent with overlapping payloads, and the system often can’t support the work needed to read them.
  • Starvation attacks: Starvation attacks are considered to be asymmetrical, as an attacker uses either greater external resources (i.e., multiple attacking computers) or access to multiple properties and applications within the targeted system. Either way, the purpose is to consume the victim’s resources to the point of “starving” it out.
  • SYN floods: In a SYN flood, the attacker floods his or her target with TCP/SYN packets with forged sender addresses. The targeted server recognizes these packets as connection requests, and thus creates a half-open connection to the sender via another packet. This connection is left open awaiting a response, which never comes. Thus, the number of connection requests available on the server is tied up.
  • HTTP POST DDoS attacks: Here, an HTTP POST header is sent with a content message that specifies the size of the message that will follow. The attacker then sends the actual message at a very slow rate. Because the system recognizes the “Content-Length” field in the header, it will wait for the entire message to be received.

Other, less common attack methods have been given more ominous names like “Nuke” or “RUDY (R-U-Dead-Yet),” but the purpose of each attack method is the same:

  • Consume system bandwidth, memory, and/or processing time
  • Interrupt routing information, state information, and physical network components
  • Impede communications between legitimate users and the targeted system
RELATED:   How to Prevent Spam Attacks – Protecting Your Inbox

Some attackers also rely on malware to try and max out processor usage, exploit errors in an operating system, create errors in sequencing and the microcode of machines, or to actually crash the targeted system completely.

Common Security Protocols

Just as with other internet security concerns, developers have been hard at work in creating programs to try and block DDoS incursions. Firewalls can be set up to include simple rules that either allow or deny system access from different ports and IP addresses. Advanced switches and routers often include rate limiting, delayed binding, and traffic shaping capabilities that can help provide system wide protection. However, these security measures are typically only capable of defending a system against simple incursion attempts. More complex DDoS attacks require advanced security systems. Some systems are in place, such as scrubbing centers or DDS based defense systems, yet these programs are often specialized and not effective at providing comprehensive protection.

A Smarter (Better?) Alternative

Recently, some forward-thinking service providers have begun to employ a smarter, behavior-based security approach that’s already being employed by certain online retailing, finance, and credit card companies to help analyze consumer spending habits. Unlike other security measures, this method follows the full cycle of the packet that a system receives, specifically the system resource that the packet is intended for, that resource’s ability to process the packet’s request, and the content of that request being sent back to the source.

RELATED:   Is the Next Cloud Storage Evolution Here?

This method monitors traffic by utilizing a unique algorithm which assigns a risk score to all two-way traffic being run through the system. Depending upon the resources of the targeted system application and the response time triggered by an incoming request, the algorithm can raise the risk score to the point of identifying an attack in progress and immediately trigger a drop of that high-risk traffic.

Perhaps the most attractive feature of this new behavior-based security method is that it is essentially self-learning. As new attacks are launched, the algorithm updates to include the characteristics of that attack, allowing it to recognize those features much faster in the future. This allows it to differentiate erratic from consistent traffic and recognize legitimate users from attacking programs intent on causing harm. The obvious drawback is that one is placing the security of business-critical data into the hands of a fluid, signatureless program as opposed to tuned, threshold-driven security protocols.

The threat of DDoS isn’t something that can completely be eliminated, especially given the rate at which attackers are developing new strategies such as multivector and application layer attacks designed to overcome current security protocols. Thus, the need for an intelligent “on-site” solution is needed in order to protect the performance capacity of those business applications that users consistently call upon, By employing smart, behavior-based methods of DDoS mitigation, organizations may be able to outthink their attackers, ensuring that they remain one-step ahead in the constant struggle to defend the performance capability of their systems.

Top image ©GL Stock Images

whg.banner.geeks

How to Find a Successful Name For Your New Blog?
How to Find a Successful Name For Your New Blog?

One of the most important decisions you can make to ensure your blog is among the best is to select a name. While there are more than 500 million blogs available...

How-to Start a Blog – Review of the Best 10 Blogging Platforms
How-to Start a Blog – Review of the Best 10 Blogging Platforms

If you want to start a blog as fast as possible, then you need to consider choosing a blogging platform. Thankfully, there are some excellent free and paid blogging platforms...

How Referral Marketing Can Benefit Web Hosts
How Referral Marketing Can Benefit Web Hosts

Even if the niche of web hosts are fully loaded with a lot of companies they are still one of the easiest to promote because you could write your own...

Broken Links: How to Find, Fix, and Benefit from Broken Links
Broken Links: How to Find, Fix, and Benefit from Broken Links

Links are what holds the web together. Essentially, the web is named as such because of the ability for pages and sites to link to other sources and relevant information....

Brand Value & the Most Powerful Brands (with Infographic)
Brand Value & the Most Powerful Brands (with Infographic)

Brand value – everyone wants it, however, only few are able to achieve it. The subject of “brand value” holds a significant position amongst marketers, executives, and entrepreneurs. Let’s discuss...

Reasons why your business should shift to Cloud hosting
Reasons why your business should shift to Cloud hosting

Cloud hosting has been on the rise since its inception. The improvement to your website performance and business efficiency that comes with Cloud hosting is almost tangible.

Why We Love the IT Support Career?
Why We Love the IT Support Career?

In almost all of my posts I was talking about the stressful side of the IT – the long hours, end user issues, migrations, midnight calls and the like. But...

IT Manager: Ways To Show Your Appreciation To Your Team
IT Manager: Ways To Show Your Appreciation To Your Team

Surely your team struggled hard and made things happen. You cannot say “this is what you get paid for” and just leave – you cannot keep your IT staff that...

Leave a Reply

Your email address will not be published. Required fields are marked *