Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

The anatomy of application layer DDoS Attacks

NSFOCUS : 23 September, 2015  (Special Report)
Rishi Agarwal of NSFocus explains Layer 7 or application layer DDoS attacks and the approach needed to secure against them
The anatomy of application layer DDoS Attacks

Malicious actors continue to innovate new ways to disrupt business, and one of those is the difficult-to-spot and even more difficult-to-defend application layer denial-of-service (DDoS) attack, sometimes referred to as a “Layer 7” DDoS attack. Because your website and the supporting systems and applications are exposed to the outside world, they are ripe targets for more sophisticated attacks designed to either exploit uncorrected flaws or discover the details of your network environment. As application development continues to move to the Cloud, this attack will continue to be difficult to defend against.

The Smarter Defence Wins

Most of the DDoS attacks that make the news are the large-scale network attacks that are focused on Layer 3 and 4 of the network stack. However, from a mitigation point of view, network layer attacks are not sophisticated. The ability to mitigate this type of attack always comes down to a simple question: who has more network capacity – the attacker or the mitigation service?

Layer 7 or application layer DDoS attacks, though, are quite sophisticated. When defending against these stealthy and complex methods, success does not depend on how big you are, but rather how smart your security technology is and how well it can be utilized.

Stealth Attacks

Rather than relying on the brute force of network capacity, IT teams must use their smarts to mitigate a Layer 7 DDoS attack to accurately profile incoming traffic – to distinguish between humans, human-like bots and hijacked Web browsers and connected devices, such as home routers. As a result, the Layer 7 mitigation process is often much more complex than the attack itself. This complexity, combined with the fact that, if done correctly, the attack will remain transparent and contributes to the lack of headlines on this subject. The security industry in general prefers to talk in terms of network capacity, which of course says nothing about your resilience against application layer attacks.

An application-layer attack, in contrast to network attacks that over-exercise specific functions or features of a website to disable it, preys on the many vulnerabilities that exist in the proprietary code of Web applications but are unknown to existing security defence methods.

Many organizations now have a broader attack surface than ever before due to the aforementioned Cloud and cloud-based platforms that are becoming the new norm in application developments. In order to defend against the ever-changing DDoS landscape, developers need to integrate security measures while in the development phase of the application itself.

An international online community of corporations, educational organizations and individuals formed the Open Web Application Security Project (OWASP) to assist in defending against Web threats. It releases some of the most critical risks facing organizations in its “Top Ten Most Critical Web Application Security Risks.” While the report outlines ten of the most prevalent application-layer risks, this information is only released every three years. In the meantime, new and more sophisticated attack methods are being perpetrated at an alarming rate. Until developers ingrain security into their products, it will be up to security teams to be ever vigilant by implementing methods that are designed to identify anomalous behaviour in the network upon ingress.

The Hidden Power of DDoS

Layer-7 DDoS attacks require constant vigilance – and for more than the reasons listed above. The application layer can be targeted in an even more sinister way.  As we have witnessed, hackers are becoming smarter. It was reported earlier this year that attackers are employing methods that are short in duration but are large in traffic volume. Hackers employ these methods for a variety of reasons. Shopping (eCommerce) websites, for example, are particularly prone to this type of attack, in which paying customers are blocked at the last minute, forcing them to abandon their purchase.

Another reason to use a Layer 7 attack is to gain intelligence on a network’s resources, such as how much memory or bandwidth there is, in order to determine the amount of traffic that will be needed to flood the network. Once determined, the hackers will use a volumetric attack to distract IT personnel while accessing the application layer from the back end. This type of attack typically will have been preceded by the injection of malware or the identification of a security flaw that allows the attacker to gain a measure of control.

The difficulty lies in being able to tell whether the traffic is valid. In other words, what is a bot and what is a customer? Advanced security tools will be needed to execute this type of protection.

A Good Defence

Best practices exist to help IT security personnel and software developers protect their critical applications:

Get expert advice

Whether it’s an analyst firm or a software provider, look to the experts in the field to learn what best practices are recommended in today’s threat environment and develop a mitigation plan that accounts for all threats, including the hard-to-spot Layer-7 DDoS attack.

Get an education

Familiarize yourself with Web application security risks that have already been identified. The OWASP Top-10 Web application security risks list is a great start.   

Get clarity on your organization’s policies

Is there a up-to-date plan in place for protecting company data assets from DDoS attacks? Are you meeting compliance regulations? Are all company divisions involved? Remember, representation from business, IT and security should all be a part of the software development life cycle.

Get equipment that secures the network from within

This will require appliances that are custom-built to detect and mitigate Application Layer attacks intelligently and quickly. Such protection is available as a feature of other network/security appliances, but complete protection requires custom-built anti-DDoS appliances.

In this era of constantly changing technology, organizations have to keep on their toes to prepare for and defend against the latest assault on their network. Because application layer attacks are difficult to detect, they will continue to be a favourite attack vector and will continue to grow in frequency. By educating yourself and your organization, and by implementing the needed mitigation tools, you put your enterprise in a strong position to protect your network and your data.

About the Author:

Rishi Agarwal is Chief Evangelist at NSFOCUS, Inc. He has 12+ years’ experience in Product Marketing, Strategy, Business Development and Product Management. He has broad domain expertise in Network Security, Compute and Storage. Prior to NSFocus, he was a Senior Manager at Arbor Networks. Additionally, he has worked at leading technology vendors such as Microsoft, Intel and SanDisk.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo