One of the world’s leading software development platform GitHub recently came across possibly the biggest ever reported distributed denial-of-service (DDoS) attack. The attackers were able to exploit the vulnerability in the memcached servers. Memcached servers are used by database driven websites such as Facebook, Twitter and Reddit to boost their platform performance. But according to reports, as of July 2017, of the 106,001 servers that used memcached, over 69% were found vulnerable and could be susceptible to a remote hack. In the case of GitHub, DDoS attack was thwart within 10 minute, thanks to pro-activeness of content delivery network services provider but that may not be the case with large number of organisations.
So, to understand the impact and how organisations can mitigate the risk of DDoS attack, TechObserver.in Sanjay Singh conducted an email interview with Sean Newman, director at Corero Network Security. According to him, attacks on the scale of Dyn and Github are rare – however, much smaller, more calculated, attacks are experienced by thousands of enterprises on a daily basis and these can have just as a significant impact for the target. “If an enterprise cares about its online services, the best action is to deploy dedicated, always-on, automatic DDoS protection and avoid the need to recover at all,” said Sean.
What are the most optimal way of ensuring resiliency of Internet in the light of DDoS attack?
DDoS typically floods the target’s IP address space directly, with its attack traffic, sometimes sending large volumes to “fill the pipe” but, more often, just sending enough volume of traffic to cripple a specific server, service, application or infrastructure device – the only way to ensure online resiliency, is to invest in the latest dedicated DDoS protection solutions, which can protect the entire network infrastructure, delivering always-on automatic protection, with the ability to surgically remove bad DDoS packets and leave the good packets to carry on to their destination. Other cloud-based solutions are available but these typically take in the order of ten minutes, to an hour, to fully engage mitigation, leaving the target fully impacted by the attack in the intervening period.”
Can masking DNS or having secondary DNS be the ultimate safeguard against DDoS attack?
Implementing best practices and investing in a secondary service can help with DNS resilience but, ultimately, this will not reduce the chances of getting impacted by DDoS attacks. The main reason being that DDoS typically floods the target’s IP address space directly with its attack traffic, bypassing DNS altogether.
What are the key security measures that you see, can thwart DDoS attack?
The only way to avoid DDoS attacks having any impact is to deploy dedicated, always-on, automatic DDoS protection and choosing a solution which has the ability to surgically remove bad DDoS packets and leave the good packets to carry on to their destination.
What has been the biggest security challenge for the CIOs in recent times?
The biggest challenge of recent times has been avoiding intellectual property and/or customer details being stolen, en masse, from across the Internet, using carefully planned, advanced, targeted attacks. And, DDoS has been seen to be used as part of these attacks, creating smokescreen distractions, or making security infrastructure ineffective or blind to the real motive for the attack.
If an enterprise has been hit by DDoS attack, what best they should to bring the services back?
Attacks on the scale of Dyn and Github are rare – however, much smaller, more calculated, attacks are experienced by thousands of enterprises on a daily basis and these can have just as a significant impact for the target.
If an enterprise cares about its online services, the best action is to deploy dedicated, always-on, automatic DDoS protection and avoid the need to recover at all. Without any dedicated DDoS protection in place, they will either have to ride out the attack, hoping it doesn’t last too long, or work with their service provider to block all traffic to the impacted IP address(es) for the duration, so they can begin recovering their services sooner – either way, those services will be offline for their customers for the duration of the attack, which will likely prove extremely costly for lost revenue, reduced customer confidence, and overall reputation damage.
