Jeffrey Lyon, CISSP-ISSMP, founder of Black Lotus Communications, a DDoS mitigation firm specializing in the defense of service providers and enterprises..
JEFFREY LYONBlack Lotus Communications
Distributed denial of service (DDoS) attacks are increasing in scope and frequency, and companies in high-risk industries face numerous challenges when it comes to defending themselves. While DDoS attackers don’t generally target data centers directly, that hasn’t spared them from DDoS-related problems. In a recent report, the Ponemon Institute found that DDoS accounted for about 18 percent of data center outages, up from two percent in 2010. As these attacks generate larger and larger amounts of traffic, data centers are finding it harder to recover from spillover repercussions.
To preserve uptime regardless of DDoS activity, data centers should follow these guidelines:
Learn the risks and prepare for them.
DDoS attackers are smart. Even as new defense mechanisms come on the market, companies know that the shelf life for these solutions is 18 months, at best, before cyber criminals crack them. The attackers who can bring down a data center are motivated by financial gain or idealism, and their methods are increasingly sophisticated. It pays to stay up to date on Layer 3, 4 and 7 attacks, as well as on the mitigation solutions that are most effective at identifying and fighting these onslaughts.
Teach your users to ignore attacker inquiries.
To some extent, data centers are as vulnerable as their users. Teach those stakeholders what they can expect from hacker inquiries and why they should avoid such contact. Sometimes these messages are about financial extortion. Others might be taunts that happen during a DDoS-triggered outage. Whatever the content, messages from attackers should be ignored, whether they go to the data center itself or to the end user. When recipients engage, attackers are more likely to initiate or continue their efforts.
Protect your networks.
Firewalls aren’t what they used to be. If you’re counting on this old security standby to protect your data center, it’s time to rethink your best practices. Even the largest firewalls are vulnerable to even the smallest attacks. Instead of firewalls, seek out solutions that can manage and secure your servers or build proxies using load balancers. This approach should dampen the effect of damaging DDoS activity, such as low-and-slow Layer 7 attacks.
Additionally, the primary reason why firewalls are not sufficient to stop DDoS attacks is that they were not intended for this purpose. Although some brands and models say they will offer DDoS protection, the primary concern is that the devices are stateful (they “maintain state”), which in layman’s terms mean that they track every connection that travels through the device, limiting the amount of traffic that can be realistically handled. DDoS mitigation equipment is a special category of firewall generically referred to as a packet filter. It’s important to note that traditional firewalls or stateful firewalls are the ones that are not effective.
Protecting your networks also means upgrading to modern equipment. Your service contracts should be up-to-date, and any new products you purchase should have a track record of withstanding prolonged attacks. However, even if you take these precautions, it’s possible that your data center could feel the effects of a DDoS attack. That’s why contingency planning is so important. Approach your network protection holistically, with secure network and system architecture, onsite packet filters, skilled security staff, and additional mitigation capacity that can help you during a worst-case scenario.
The Ponemon Institute found that some data centers aren’t at all ready for the potential impact of DDoS outages, which can cost many hundreds of thousands of dollars to mitigate. Beyond the cost of emergency mitigation, unplanned downtime represents an untenable expense for data centers. When staying operational is at the core of your value proposition, it’s essential to follow best practices to avoid DDoS-created outages.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.
