Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The weaponisation of DDoS as a cyber-offensive tool

John Ellis | April 2, 2013
The Spamhaus DDoS attack has highlighted that the actions of a few can affect so many. Though the Internet will live on, it is a sign of things to come.

We have fielded both informal and formal requests for information on what we've seen and what recommendations we have for customers. And where possible and without disclosing any customer specifics, we share blocking tips and then implement them in our customers' configurations to protect them from likely attacks.

We're not as much interested in attributing attacks to a specific group of threats as we are in determining the pattern of the attacks and implementing counter measures to stop them. In this case, we advise customers to do the following (in addition to assessing their approach and strategy at the three levels mentioned above):

  • Protect their DNS: DNS security is a critical service because when it fails, all other services fail. We offer the EDNS service that uses the redundancy and availability of the Akamai platform to keep our customers' zones resolving.
  • Protecting from network-layer attacks: Network attacks attempt to flood the bandwidth into the target's data centre. Have a massive deployment footprint and load-balancing between servers, locations and geographies.
  • Protect the default page: A default page is the home page where the path ends in a "trailing slash" (for example, that web users see when they first come to your site. This is the page most commonly attacked in a DDoS attack and can be easily protected with basic caching.
  • Protect their redirect or splash pages: A splash page is a special page such as a custom 404, maintenance, or typo page that gives Web users information or redirects them to where the content is located. Oftentimes these receive attack traffic destined for the default page. These pages can also be protected by basic caching.
  • Protect dynamic sites: In those situations where caching is not a viable option, rate controls can limit the amount of requests that an attacker can send, and "waiting room" capabilities can park traffic and keep legitimate users engaged while at the same time alleviating pressure on backend applications.

Start the dialogue within your organisation today on what you can do to make your business resilient.

John Ellis is director, Enterprise Security, APJ, Akamai Technologies, Inc.


Previous Page  1  2  3 

Sign up for MIS Asia eNewsletters.