DDOS, an acronym for Distributed Denial of Service Attack, is a Denial of service attack where the incoming traffic flooding the target system originates from multiple sources sometimes in the thousands or more, effectively making it impossible to stop the attack by simply blocking IP addresses. It also becomes difficult to distinguish between legitimate user traffic and attack traffic.
In the past year, IT security in the financial sector had had the enormous challenge of DDOS mitigation even as the prevalence of the problem continues. Recent DDOS attacks on major financial corporations such as JPMorgan Chase & Co are said to be costing these banks at least $30,000 per minute of these attacks and although major banks may have the capacity to handle such losses, this may spell trouble for smaller banks.
Information revealed from research by Corero network security through the Ponemom Institute shows that 20 percent of interviewed bankers did not think their structures are capable of detecting a denial of service attack, while other organizations assume that traditional firewalls can provide DDOS protection, a task they were not designed to do. As a result, attacks get through to their financial systems.
It is clear that organizations need to add a first line of defense to provide protection and remove the noise from the DDOS attacks before they hit their main networks and also so that firewalls and servers can work optimally.
Another key observation from the DDOS attacks is the length and frequency that these attacks take. As a result, financial enterprises have to prepare by setting in place on-premise DDOS mitigation solutions. With the growth of internet based technologies such as cloud computing, new strategies for data storage and access may also have to be implemented.
Network Security providers have to start asking the right question on DDOS mitigation so that they can get the right solutions for their defenses. The right approach may include hardening hosting platforms, using cloud based DDS mitigation services and appliances deployed within the data center.
Cloud based service providers use various complicated DDOS mitigation services which are implemented at the hardware level ensuring that their customers have uptime in the event of DDOS attacks. Such approaches may also point to the advantage of moving some critical systems to cloud based services especially for financial institutions. However, many financial institutions may also have to agree on the safety and integrity of their data when on the cloud.
By combining different technologies, cloud service providers are successfully deploying both proactive DDOS mitigation and on demand service in case of the onset of an attack. Some top DDOS mitigation techniques are shared below:
The Syn Proxy
This is a mechanism where gateway appliances that sit before the actual server and proxy the responses of the actual server and request traffic sources to respond with an ACK packet. Unless these IP addresses respond, their traffic is not forwarded. As a result, when a Syn flood occurs, all connection requests are screened and only legitimate ones allowed passage.
Limiting the connections
Another way that DDOS mitigation can be deployed is by limiting the number of new connection requests while giving preference to existing connections, allowing the server to service critical existing requests.
Aggressive aging of connections
Another strategy of DDOS mitigation is to remove idle connections that fill up the connection tables in the firewalls and servers through aggressive aging.
Using dynamic filtering
Dynamic filtering controls access to server resources by identifying undisciplined behavior and punishing that behavior for a short time based on time spans set on the filter. Given the knowledge of such measures, there are some important DDOS mitigation policies that must be in place to guarantee that DDOS attacks are identified and dealt with effectively. These include:
1. User feedback mechanism
In case your users experience DDOS attacks, they should have a clear, fail-safe way to communicate any lockouts that they face. This can save a financial institution much needed time to resolve the issue. It also allows an institution to understand how effective or poor, the DDOS mitigation system is.
2. Transparent Mitigation
To prevent the loss of clients during an attack, it is vital that financial institutions use mitigation technology that continues to allow users into the site without delay or hold up during such DDOS attacks. When that happens, the hackers may not be eager to continue their attacks.
3. Get ready for huge traffic
As network attacks intensify, financial institutions can rely on building a robust system that can handle up to 20GB per second of data distributed in a data center. With Network DDOS, financial institutions can further prepare by having databases of open DNS servers or SNMP servers with open public communities that still allow access to clients even with a DDOS attack in progress.
4. Ensure accurate detection
DDOS mitigation solutions should not just focus on applying effective defense but should be accurate at detecting attacks too.
The post Lessons Learned From DDoS Attacks On Banks appeared first on Rivalhost Blog.