DDoS attack


This was taken from an article from Dark Reading, covering a recent Gartner Security & Risk Management Summit. Gartner experts were discussing how to defend against 4 main types of attack threats.


1. Distributed denial-of-service (DDoS) and denial-of-service

Gartner’s advice for stemming a DDoS attack: First, assess the financial impact of losing your organization’s Web presence and come up with an incident response plan in case you get hit.

Consider DDoS mitigation services. The cheapest approach is a clean-pipes service, which can cost anywhere from 10 to 15 percent above your bandwidth service pricing. “The ISP detects and mitigates a DDoS so the bad guys don’t fill up your pipe.

A more premium version is a scrubbing-type service, where once you’re under attack, you send your traffic over to a provider. They act as a middleman and scrub the traffic clean so they take out the DDoS traffic and only send the good traffic. That can cost $10,000 per site, however, or you pay on a bandwidth basis.

Another option is a DDoS appliance that sits in the DMZ and detects and deflects DDoSes.


2. Certificate authority (CA)

The litany of certificate authority (CA)-type breaches and cyber attacks has led to many experts calling for a new approach to certifying the authenticity of a website or software.

How can you mitigate the CA threat? Gartner suggests certificate management tools and hardened browsers. The first problem is finding where you’re using them, and do you have any that need to be revoked? There can be tens of thousands of SSL certs in a typical company. A cert management tool can help root those out.

Another option is to harden browsers for sensitive operations, such as online banking or business-to-business transactions. And be sure to educate users on the limitations of SSL (Secure Sockets Layer) and how an SSL session doesn’t guarantee the authenticity of the site itself.


3. Domain Name Services (DNS)

While these types of attacks remain relatively rare, organizations need to take steps to ensure their DNS servers are protected because of the potentially devastating fallout, security experts say. Updating software is the first line of defense. Check your configuration and make sure it’s not compromised. DNSSEC, which digitally signs domains to ensure their legitimacy, should also be deployed by service providers, he said.


4. 4G LTE

The wireless explosion has brought with it more devices, and more exposures. And the transition from 3G wireless technology to the faster 4G will open the door for more vulnerabilities. These mixed environments will become targets. And the “over-the-air” updates used for wireless will only be as secure as the wireless environment itself.

Gartner recommends using a virtual private network (VPN) or application-level security for any sensitive applications that run on wireless devices for the next three years. Mandate a single wireless carrier if you can.

Are you prepared for a cyber security incident? Assess your incident response readiness. We can help if you have a security incident to help minimize the impact.

Incident Response Hotline: 800-925-0559