Every day at Radware we have customers and prospects asking us about the key determinants in sourcing and testing a DDoS protection service.
- What are the major considerations I should be covering for DDoS?
- How do I know if I’m covering my bases?
- What are the key cyber-attack vectors that I should concern myself with?
- What are the technical vectors included in multi-vector cyber-attacks?
During a recent media interview, I was asked similar questions, but specifically about cyber-attack risks that threaten ATMs and POS systems – an issue worth investigating considering the looming Windows XP support changes. Just last week, the Federal Financial Institutions Examination Council (FFIEC) issued a statement to notify financial institutions about potential DDoS attacks associated with cyber-attacks on Automated Teller Machine (ATM) and card authorization systems and the continued distributed denial of service (DDoS) attacks on public-facing websites. The statement also describes steps that the members expect institutions to take to protect themselves from these potential attacks and it highlights resources that institutions can use to help mitigate risks.
Our team worked together to provide the quick checklist below to help you see how (and if!) you are covering the cyber-attack threats facing your environment. It can help you to identify types of DDoS attacks, threats, targets and techniques. We hope you find it useful and please feel free to reach out and ask us any questions.
|DDoS Threats||Attack Type||Attacking Target||Detection||Mitigation|
|SYN Floods||TCP Out-of-State Flood|
|Packet Anomalies Flood|
|HTTP Floods||Get Requests|
|Post Requests – Variable Values|
|Invasive HTTP Vertical Scanning|
|Invasive HTTP Horizational Scanning|
|Search Engine Floods|
|UDP Floods (Non DNS)||UDP Floods (Non DNS)||ICMP Echo Request (Ping) Flood|
|SSL Computing||SSL renegotiation||SSL vulnerability|
|SSL traffic||HTTPS flooding|
|SSL handshake||Computation power|
|HTTP (Get/Post) Flood Attack||HTTP Get/Post Flooding||Bandwidth|
|HTTP vulnerability||Protocol / RFC|
|Slow Rate Attacks (AKA RUDY or R-U-Dead-Yet)||Slow HTTP Post requests||Processing Power|
|Connections / Sessions|
|Partial data / transaction attack||Application data integrity||Application security control weakness|
|SMTP flood||Application data integrity||Application security control weakness|
|FTP flood||Application data integrity||Application security control weakness|
|DNS Threat||DNS traffic||DNS volumetric attacks|
|DNS spoofing attacks|
|DNS amplification and reflection|
|Protocol flaw||DNS ID hacking|
|DNS cache poisoning|
|DNS root server attacks|
|SIP / UCS Attacks||Protocol flaw||SIP Protocol Anomaly Attack|
|SQL Injection||Code injection||SQL database|
|Malformed DNS queries / packets|
|High volume properly formatted DNS queries|
|DNS amplification / reflection attacks|
|Compute Intensive Attacks||Slowloris|
|New variant – Slow Read|
|Valid but CPU/memory intensive web/database requests|
|Brute Force Attacks||Zone Enumeration / Dictionary Attacks- DNS Brute Force|
|Invalid Website Input Parameters Attack|
|Search Engine Request Attacks|
|HTTP Brute Force|
|Buffer Overflow Attacks||Buffer Overflow DNS|
|Other Attacks||HTTP Get Flood|
|LOIC or Variants|
|HOIC or Variants|
|HTTP Post Flood|
|nkiller2 (TCP Persist)|
|SIP Call-Control Flood|
Carl is an IT security expert and responsible for Radware’s global security practice. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense. Carl writes about network security strategy, trends, and implementation.