Bill Barry is executive vice president of Nexusguard, a technology innovator providing highly customized Internet security solutions for global customers of all sizes across a range of industries.
Many data centers that rely on websites to serve customers and communicate with partners are on edge lately, alarmed by media reports of high-profile hacking incidents. The technology press tends to focus on cyber attacks that involve the exploitation of operating system vulnerabilities. But another type of threat is quietly growing under the radar: the Distributed Denial of Service (DDoS) attack. DDoS attacks were up 75 percent in 2013, according to an NBC News report.
DDoS is becoming the preferred method of attack for hackers, hacktivists and rogue governments due to its simplicity, ease of distribution and potential for major disruption, especially if the target is a financial institution or real-time service provider. Unlike attacks that rely on an operating system security vulnerability, DDoS attacks are relatively low tech and easy to stage: cybercriminals simply bombard the targeted site with fake traffic until it shuts down, creating havoc for the business.
Although most data centers have defenses in place for viruses and malware and deploy the latest operating system patches, many overlook true DDoS protection, and the results can be devastating. The best way to counter DDoS threats is to partner with an experienced DDoS security professional, but for data centers that choose to handle DDoS in-house, here are four ways to address DDoS attacks:
- Evaluate protection options – cloud vs. appliance. When a data center site comes under attack, every second counts, so it pays to be prepared ahead of time and know which type of protection option is the best fit – a cloud-based or appliance-based solution. Both options involve implementation lead times, but cloud-based solutions are typically faster to deploy. Prior to an attack, data center security professionals should analyze deployment times and make a decision about outage tolerance levels.
- Determine who is responsible for protecting against attacks and addressing incidents. For data center operators, it’s also crucial to know who is responsible for safeguarding the system from DDoS attacks and define who will address incidents. The efficiencies businesses enjoy while sharing an infrastructure are significant, but there’s also an associated risk. It should be clear upfront who is responsible for providing DDoS protection and addressing DDoS attacks. Operators can’t force every client to have individual protection, but they bear ultimate responsibility for the damage other clients suffer if a high-risk “neighbor” comes under a DDoS attack that brings the whole data center down.
- Deploy backup IPs. DDoS attacks typically unfold when a master program deploys “zombies” or “bots” – compromised systems that are instructed to flood the site with phony traffic. It’s critical at that point for the data center security team to implement a backup set of unpublished IPs that are in a different subnet than the data center’s normal IP range. This will enable the DDoS protection service to reroute legitimate customer traffic to the site while funneling zombie and bot traffic to the protection service’s proxies via a DNS change.
- Implement a damage control plan. While technical issues are typically the primary focus for data centers undergoing a DDoS attack, it’s also important to have a script in place to address customer, vendor and business partner concerns about the outage, including the possibility that it will affect data center service level agreements (SLAs). It’s a good idea to prepare talking points in advance to explain the reasons for the outage and underscore the company’s commitment to provide reliable access to minimize harm to the brand.
While many companies are focusing on patching security holes to thwart hackers who are looking for operating system vulnerabilities, too many data centers remain at risk for DDoS attacks, which can result in millions in lost revenue while significantly undermining brand value. For data centers that choose to handle the growing threat of DDoS attacks in-house, following these steps can help the company recover more quickly and contain damage to the brand.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.