Mitigate DOS Attacks on the Data Center

There is much that a data center can do to protect their servers against virus security threats, but DOS (denial of service) attacks are much harder to defeat. When one’s web site is under attack, how is one to know which of the hits on the web site are from genuine users and which are from hackers. They look the same to the untrained eye.

Denial of service attacks are designed to take down web sites by overwhelming them with traffic. When the hacker uses a network of hijacked computers to assist with this attack, this is called a distributed denial of service (DDOS) attack. These hijacked PCs are called a botnet.

These attacks sometimes come from criminal groups who rent their botnet to other criminals or hackers. Political-activists and hackers who call themselves Anonymous are behind some of these attacks. Does your company sell fur coats or drill for oil in the Amazon? Look out.

There are DDOS-detection appliances you can use or your ISP can alert you that a denial of service attack is underway, but what do you do next? If your company fumbles about for 1 hour trying to figure out how to change router and firewall rules, it is too late as the company’s web site might already have been knocked offline. Now you can read about your disaster in The Wall Street Journal.

Last week, I attended the 8.8 Computer Security Conference where I heard a marketing guy, David Fernandez, and a scientist, Terrence “Tuna” Gareau, give a presentation on DDOS. I think Terrence is scientist, he kept shooting styrofoam darts into the audience. Yes, he must be a scientist given his bent toward eccentricity.

David and Terrence are from Prolexic. Their company provides DDOS mitigation services. They explained that there is a certain multiplier effect with sophisticated DDOS attacks. A DNS lookup instruction, an ACK, or an HTTP GET request of 1024 bytes can result in 4 or 5 times that amount of data being sent out from the web server. That just makes matters worse.

The way their service works is, when your data center is under attack, you quickly change your routing to send traffic to any of their data centers, operating in the cloud around the world. Their training security consultants use Prolexic-patented scrubbing technology to filter out DOS traffic and forwards only legitimate traffic to your site. They also let you know when you are under attack if you have not discovered that yourself.

Your in-house networking people, unless they are very good and have lots of tools at their disposal, are not going to be as good at DOS mitigation as people who focus only on that. It might be worth considering outsourcing that part of your network protection.