As a powerful hacker attack method, DDoS is a kind of special denial of service attack. As a distributed, collaborative, large-scale attack, it often locks victim targets on large Internet sites, such as commercial companies, search engines, or government department sites. Because of the bad nature of DDoS attacks (often through the use of a group of controlled network terminals to a common port to launch a shock, the rapid and difficult to prevent, with great damage) difficult to detect and control, it is also widely concerned by the network security industry. From the initial intrusion detection system (IDS) to the current emerging global security network system, in the prevention of DDoS attacks in the process of advanced network security measures to play a role in the fight against hacker attacks increasingly, towards the intelligent, global direction stride forward.
Knowing each other: full anatomy of DDoS attacks
Distributed attack systems are very much like the common client/server model in our daily life, but the increasing complexity and invisibility of DDoS systems is hard to find. The intruder controls some nodes and designs them into control points, controlling a large number of hosts on the internet, designing them as attack points, and loading the attacking program in the attack point, which is the attack that the computer attacks on the target. The prelude to DDoS attacks is the first to compromise some of the less secure computers as control point hosts. Because these computers are notoriously flawed in standard Web services, they have not had time to patch or system upgrades, or the operating system itself has bugs that make intruders easy to break in.
Typical DDoS attacks include bandwidth attacks and application attacks. In bandwidth attacks, network resources or network devices are consumed by high traffic packets. When an attack is applied, TCP or HTTP resources cannot be used to process transactions or requests. When launching an attack, the intruder simply runs a simple command, send commands to all control points on a layer, let these attack points "cannon"-Send a large number of useless packets to the target, under such "artillery", the target network bandwidth is occupied, the router processing power is depleted. And compared to the general hacker attack means, DDoS's terrible place has two: first, DDoS uses the Internet's openness and submits the packet from any source address to any target address; Second, it is difficult to separate illegal packets from legitimate packets.
Repeated wars and failures: the source of the failure of preventive measures
Now that you understand the origins of DDoS attacks, why do they make it so rampant? To be fair, the passive and one-sided forms of defense used in the past are the real reasons for DDoS attacks to be difficult to be curbed.
In the case of DDoS attacks, some users choose to discard the packet's filtering methods directly. By changing the direction of the data flow, discard it in a data "black hole" to block all data streams. The disadvantage of this approach is that all data streams (whether legitimate or illegal) are discarded and business applications are aborted. Packet filtering and rate throttling can also turn off all applications and deny access to legitimate users. The result of this is very obvious, is "unworthy", can be said to be precisely satisfied with the desire of hackers.
Since "unworthy" is not desirable, then what about the effectiveness of routers, firewalls and intrusion detection systems (IDS)? From an application standpoint, filtering unnecessary protocols by configuring routers can prevent simple ping attacks and invalid IP addresses. However, it is often not effective to prevent more sophisticated sniffer attacks and application-level attacks initiated using valid IP addresses. The firewall can block the specific data flow related to the attack, but like the router, the firewall does not have the function of anti sniffing, so the means of prevention is still passive and unreliable. At present, the common IDs can carry out abnormal condition detection, but it can not be automatically configured, requires a high level of security experts to manually adjust, so the response to the new attack speed is slow, after all, is not the solution.
Global security: Full containment of DDoS talons
The crux of the problem lies in probing into the reasons for the failure of various precautions against DDoS attacks, the unpredictable source of attacks and the endless array of attacking methods. In order to completely break this passive situation, the current industry-leading network security technology manufacturers have tended to agree: that is, in the network configuration of the overall linkage of the security system, through the software and hardware technology, in-depth network terminals of the global preventive measures to strengthen the implementation of network security management capabilities.
Rui Jie network launched at the end of 2004 GSN?? The global Security Network solution, for example, gives its own unique insight into the solution of DDoS. First of all, GSN?? A unified registration of all behavior required for network access on the network, and no registered network access behavior will not be allowed to access the network. Through GSN?? With the help of security policy platform, administrators can effectively understand the operation of the whole network, and then control the security behavior in the network. In the specific prevention of DDoS attacks, each of the access behavior in the network will be detected by the system and judge its legitimacy, once found that the behavior of security threats, the system will automatically invoke security policy, take direct blocking access, restricting the terminal access to the network area ( such as avoiding the core data or critical service areas within the network, restricting access, and so on, and limiting the way in which the terminal enjoys network bandwidth, minimizing the risk of DDoS attack attacks.
In terms of end-user security control, GSN?? It can evaluate the security of all the users who enter the network, and eliminate the threat of the end users in the network as the source of DDoS attack. When the user terminal is connected to the network, the security client automatically detects the security status of the end user. Once detected a user system security vulnerabilities (not timely installation of patches, etc.), users will be separated from the normal area of the network, and automatically placed in the system repair area to be repaired, until the system to complete the security policy, to enter the normal network environment. In this way, not only can eliminate the network inside each terminal to create the threat of security risks, but also to the network of each end user's access behavior has been effectively controlled. By automating "health checks" while accessing the network, DDoS can no longer lurk in the network and launch attacks using terminal devices within the network.
For users, the development of normal business is the most fundamental interest. With the increasing dependence on Internet, the harmfulness of DDoS attack is increasing. Many security experts have written that: early detection of vulnerabilities in the system, timely installation of system patches, as well as the continuous promotion of network security policies, are the effective way to prevent DDoS attacks. And the emergence of the Advanced global Security Network system has realized the system level and the network stratification plane unifies effectively carries on the security solution The automatic deployment, further enhances to the DDoS this kind of "whereabouts Misty" the vicious network attack automatic prevention ability. Despite the current DDoS-represented hacker attacks are still arently, but in the foreseeable future, the vast number of users will be clenched in the hands of the security blade will be able to cut off the clutches of DDoS.