Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Host service provider strategies to defend against DDoS attacks

NSFOCUS : 25 February, 2015  (Special Report)
Rishi Agarwal, Director of Product Marketing at NSFOCUS, examines vulnerable online gaming and what the industry can do to protect itself
Host service provider strategies to defend against DDoS attacks

2014 was a great year for cyber criminals. Using malware, DDoS attacks and other methods, they hacked their way into the data vaults of big-name retailers and entertainment conglomerates and sabotaged websites galore. Organizations of all types and sizes were compromised or disrupted, resulting in the loss of revenue and reputation. Gaming sites and their hosting providers seemed to be a favorite target, a trend likely to continue for reasons that will be outlined below – along with best practices for effective defense strategies.

Reasons for Attacks on Gaming Sites

There are almost as many reasons why gaming sites and their hosting providers experience frequent DDoS attacks as there are types of DDoS attacks. The majority of these attacks are targeted against servers to cause latency in the network, thus interrupting game play and frustrating users. Some attacks are just for fun – a hacker showing off or trying to prove a point. Others may be motivated by the game itself: some real or imagined slight by other players that leads to retaliation, game mechanics (i.e. “I got cheated out of X”) or the desire for some gain, such as wanting to remain the top player in a particular category.

That’s not to suggest that malicious actors don’t benefit financially. If a DDoS attack shuts down game play, the gaming company loses money every second it is offline. It logically follows that there have been reports of hackers who have blackmailed organizations, demanding a fee to end the attack.

Another reason to attack a gaming site is to test out a new attack method. When a new type of attack shows up, it has more than likely been tested within the gaming industry first. Hackers try out new botnets or attack methods on gaming sites because the latency created by DDoS attacks provides them with enough information to see the impact of their attack rather than waiting around wondering whether the attack succeeded.

The reasons are varied and many, but the intention is the same: disruption of play. When that happens, DDoS attacks can be devastating to not only the gaming companies themselves, but also to the providers that host the data.

How Hackers Overcome Traditional Security

A DDoS attack has an aim quite different that that of malware or some other attack method. DDoS is designed to exhaust an application’s resources. The attacker is not necessarily trying to get into the core systems, which the firewall was created to defend. Firewalls and other defenses really only apply to attacks whose aim is data exfiltration. However, in an exfiltration attack, the malware has already been injected into the core systems on the back end and DDoS attacks can then serve to distract IT security teams so that the attacker can steal the data he or she wants.

Cyber security is not “one size fits all.” As a comparison, you can use a wrench to hammer a nail if you don’t have a hammer, but you can’t use a hammer to tighten a bolt.

Similarly, in cyber security, different kinds of attacks are possible, and certain “tools” (types of technologies) are useful against particular attacks, whereas others are not. Even DDoS attacks have multiple variants. In these situations, while firewalls offer some protection, they don’t protect completely against DDoS attacks.

This is why it is imperative that vulnerable data be protected with a layered approach: firewalls such as IPS and DLP solutions are prone to being DDoS’d, can quickly become exhausted by these attacks and, once brought down, can act as a single point of failure in the network.

Best Practices to Defend Against DDoS

With so many security approaches available, it can be hard to determine what the differentiators are and what the best approach will be for your organization’s needs.

In fact, solutions are as vast as the attacks they seek to protect. Below are five best practices to keep in mind when building a secure and well-rounded network environment.

* Plan: Getting the proper security tools in place is of course the first step, but they won’t be as effective if no one knows what’s going on. The second a DDoS attack is detected, your team should be able to respond to and understand the type of attack that is occurring. Once this is determined, they will know which tools are on hand to mitigate the attack properly. Provide your teams with a comprehensive plan on how to react when a DDoS attack happens.  Include accountability and reporting functionality and help them understand that it is less a question of if an attack will occur and more one of when it will happen.

* Protect: Attacks are going to happen and, while they can’t prevent them, hosting providers can certainly lessen their impact. In a world where a new DDoS attack is born nearly every minute, best practices suggest that organizations and service providers alike consider enhancing existing security portfolios with appliances that are located at the edge of the network, keeping DDoS attacks away from core defenses. This allows them to do what they are designed to do: monitor, clean and restore incoming and outgoing data.

* Layer: Data centers should deploy a layered defense strategy to address advanced persistent threats – one that will watch the back end as well as the front. Security teams must be able to identify, and react in real time to, vulnerabilities regardless of their location in the network. Only then will defenses be sufficient to keep the network up and running and end-users undisturbed by ongoing attacks.

* Monitor: When a DDoS attack hits, IT security needs to go on red alert on the back end, looking for exfiltration attempts. Tighten rules on firewall settings and start closely monitoring the ports in critical databases to make sure there isn’t any unusual activity going on.

* Report: To provide clarity after the fact, look for solutions that give your team detailed reporting on the nature of the attack, where it came from, how large it was and how frequently it occurred so that they are able to analyze and protect assets in the future.

Defeating DDoS

An overarching best practice is to look for DDoS mitigation approaches that protect data from the various types of attacks: volumetric, application layer and protocol attacks. Compare the pricing of various solutions as well, since price is a key differentiator in this category.

Even small hosting providers for online gaming sites can experience the latency, down time and frustration of a DDoS attack – no one is immune from this modern scourge. That means DDoS mitigation is no longer a “some day” luxury but a right-now necessity. Gaming companies and their hosting providers are prime targets for hackers trying to prove their prowess or settle a personal score – or even make money or steal data. Putting best practices in place to ensure the proper tools and processes are set up will go a long way toward defending against disruption of play and of business.

Rishi Agarwal is Director of Product Marketing at NSFocus. He has 12+ years’ experience in Product Marketing, Strategy, Business Development and Product Management. He has broad domain expertise in Network Security, Compute and Storage. Prior to NSFocus, he was a Senior Manager at Arbor Networks. Additionally, he has worked for leading technology vendors such as Microsoft, Intel and SanDisk.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo