Help companies and their IT teams prevent DDoS attacks

Danger is not illusory, and the risk is more and more high

If you think your company is small, unimportant, and money is not strong enough to think that the attackers are interested in the policy, then please reconsider. Any company can be a victim, and most of the arrangements are briefly attacked by DDoS. Whether you're a Fortune 500 company, a government arrangement or a small-middle company (SMB), the city is now a list of the bad people on the internet today. Even the company that knows the safe way, uses a lot of money and teaches to maintain itself, including Amazon, Visa, Sony, Monsanto (Monsanto) agricultural biochemistry, postfinance pay, PayPal (PayPal) pay and Bank of America (America), Have all become victims of this threat.

In comparison, the number of DDoS attacks has increased significantly, and its invasion program is also in the promotion, far beyond the 100,000 trillion-bit seconds of traffic. A long time invasion of an E-commerce site in Asia has hit more than 250,000 zombie computers, and heard that many are in China.

DDoS attacks are all sorts of ways

On the most basic level, DDoS attacks are a vain attempt to make a machine or a network resource unavailable to the policy user. Although the methods, motives and policies of DDoS attacks are different, such incursions generally include the service of one or more persons attempting to suspend or suspend the connection between the host and the Internet temporarily or indefinitely.

In general, this is done through the collaboration of a distributed botnet, using hundreds of or thousands of of zombie computers, which have previously been infected and have been subjected to long-distance remote control, awaiting an attacker to announce instructions. DDoS attacks by means of the proposed flood of mass communications, forced to overthrow the service resources, or the use of the connotation of shortcomings, so that the policy service device.

Tidal waves invade packet-net-handling message Protocol (ICMP) tides (such as Smurf and ping tidal attacks), synchronous (SYN) tides (using bogus tcp/syn packages), and other tidal attacks using sequential levels. Tidal DDoS attacks often lend themselves to the asymmetrical power of large distributed botnet. These networks can create multiple threads, sending a great number of entreaties to paralyze the network service.

The collapse of the invasion generally sends a distorted packet using the operating system vulnerability. Using sequence-level DDoS attacks, use the service order (for example, buffer overflow or fork-road bombs) to make the system collapsibility. The malicious software carries DDoS attacks that can damage a potential botnet system with Trojans, which in turn triggers many downloads of zombie sequencing.

Moreover, the incursion has become increasingly messy. For example, botnets can communicate data packets not only to the policy service, but also to an intrusive connection with the service to launch a huge amount of bogus disposal from within.

Why use DDoS?

Criminals use DDoS because it is cheap, hard to find and highly efficient. DDoS attacks are cheap because they use a distributed network of countless zombie computers that are captured by computer worms or other automated methods. For example, DDoS assault Mydoom is the use of a worm to distribute the flood of proposed instructions. As these botnet businesses worldwide, Chile on the black market, attackers can use less than 100 dollars to buy botnets, and perhaps hire people for specific attacks at a cost of $5 per hour.

DDoS attacks are difficult to explore because they often use normal connections and follow normal licensing communications. Results, this kind of invasion is very efficient, because the general situation in the policy service will be wrong to trust the communication, the fulfilment of these supplications, the end of itself swallowed up, contributed to the invasion. For example, in the Http-get tidal invasion (such as Mydoom), begged to send through the normal TCP connection, and the network service is identified as legitimate content.

To be instigated by money or ideology

The money-instigated DDoS attacks are generally based on extortion, extortion or competition. Extortion schemes are often the result of a demand-for-victim arrangement that pays a large ransom to prevent a refusal, thereby making the extortion party profitable. For example, a British electronic gaming website was reported to have been paralysed by DDoS attacks after rejecting demand for ransom.

The attacks from unethical business rivals are more widespread than they are imagined. A job search found that more than half of all DDoS attacks on American companies were proposed by competitors to gain an unfair commercial advantage.

Ideological incursions can be suggested by the government or grassroots hacker activists. Hackers have been known to be famous by plugging in highly prestigious arrangements or websites to express different views or conflicting practices. Perhaps one of the most notorious hacker activists today is the LAX collective "John Doe" (Anonymous), its claim of responsibility (and reputation) is black out of the well-known arrangements, such as the FBI and CIA sites, and is now targeted on a wide range of six continents in 25 countries on the website.

Who's the next victim?

As the hacker activists ' agenda is so precarious and unpredictable, any company can be seen as the latest hot mark and hacked by hackers. Websites that are known for their high degree (for example, Facebook) or activities (such as the Olympics, the European Cup or the U.S. election) are briefly on the offensive.

And the government's proposed network warfare DDoS attacks, vulnerable to the attack is not just the government policy. These incursions can also be targeted at suppliers that provide vital infrastructure, communications and transportation services, and may attempt to damage key business or financial transaction service providers.

The cloud's service is now uniquely vulnerable to targeted aggression. Because of the demand for excessive accounting or transaction disposal sites (such as comprehensive search engines or data mining sites) very schemes he devises demand resources, they are also the preferred approach to DDoS attacks.

What can it do

It is clear that some of it needs to be vigilant, first to be strong, to withstand DDoS attacks. "When companies rely on the availability of Internet connectivity, DDoS protection should be a norm in the business Continuity/disaster rehabilitation program," says Gartner, a professional analyst firm. "To be useful to do this, a company must be well prepared and resilient when confronted with DDoS attacks," he said.

It has some needs to be alerted

Briefly, some of it should know who is the Network service provider (ISP). Some of it should work with service providers to develop useful contingency plans. In many situations, network service providers can be the first fangde to withstand DDoS attacks.

IT should be clear on its own thin links. A well-prepared it arrangement should be able to identify some of the networks that have been most briefly attacked by DDoS attacks, such as Internet pipelines, firewalls, aggressive protection (IPS), load balancers, or services. In addition, there are some needs close to the supervision of it that can fall under the invasion of some of the paralysis, but also assess whether the need to qualify or optimize its function and flexibility.

Finally, it is certain that it should know its own communication situation. It has a certain inability to manipulate things it cannot see. As a result, some it should scan and monitor inbound and outbound traffic in order to see abnormal traffic or form, and go through these anomalies to determine the guidelines of the Web site or discover botnets within the network. In order to be well prepared, it is also necessary to check the 7-level traffic to determine and manipulate the mixed, application-level DDoS attacks.

It's a bit of a need to step up vigilance

It arrangements should be heavily funded in the evaluation and placement of appropriate product and service responses. For example, some of the next-generation firewalls have integrated aggressive exploration and countermeasures against known DDoS attacks, and can be updated automatically only if they continue to supply the latest signatures.

In the ideal situation, it needs firewalls to deepen the scanning of outbound and inbound traffic-including the order in which the checks are used-and to monitor suspicious forms, as well as warnings to the handling layer. Some it should conclude that a firewall solution can be used to make up for DDoS attacks by blocking, filtering, or redirecting from a recognized form, traffic, or feature.

For comprehensive communication intelligence, it can also think of the device flow profiling software, which can be used in different order or users to check the use of data, in different time to check the data, and related to multiple origins of the communication data, such as NetFlow and Ipfix.

Looking to the future, some of the leaders in it should focus on new skills in order to put them into arsenals. For example, IP location, this skill can help identify the suspicious origin of inbound packets.

Some of it should be resilient

As mentioned above, the rejection service invasion is set up in the system of destruction and blockage. As long as there is a can, it some should pingzhang high redundancy, high function components, as well as according to the policy of bandwidth management, progressive network flexibility.

For example, some of the next-generation firewalls can connect large schemes to expand multicore profiling and near-line-speed deep packet scanning skills, complete multiple threats and use synchronous scans, profiling all size files, and thousands of-gigabit-speed convergence. Such firewalls can be targeted for best functional and sensitive equipment, with automatic/automatic high availability (HA) problem handling, intelligent and manipulative, and bandwidth prioritization.

Conclusion

If an arrangement of business across the internet, then it becomes a policy of DDoS attacks will not and will not be the problem, but when the problem. However, there are many ways in which it can be adopted to minimize and prevent this impact. It arrangements should be closely related to the leadership of the company, the early warning of their own thin some, ready to the corresponding countermeasures, and Pingzhang high function, high redundancy of the network security components to sensitively resist the invasion.

The original address of this article: http://www.zkddos.com/wendang/jishu/16.html, reprint please indicate the source, at the same time welcome everyone to visit the blog and give comments and suggestions.