main

DDoSSecurity

Disaster Recovery: Data Center or Host Infrastructure Reroute

October 11, 2018 — by Daniel Lakier2

disaster-recovery-data-center-host-infrastructure-reroute-blog-960x540.jpg

Companies, even large ones, haven’t considered disaster recovery plans outside of their primary cloud providers own infrastructure as regularly as they should. In March of this year, Amazon Web Services (AWS) had a massive failure which directly impacted some of the world’s largest brands, taking them offline for several hours. In this case, it was not a malicious attack but the end result was the same— an outage.

When the organization’s leadership questioned their IT departments on how this outage could happen, most received an answer that was somehow acceptable:  It was AWS. Amazon failed, not us. However, that answer should not be acceptable.

AWS implies they are invulnerable, but the people running IT departments are running it for a reason. They are meant to be skeptics, and it is their job to build redundancies that protect the system against any one point of failure.  Some of those companies use AWS disaster recovery services, but if the data center and all the technology required to turn those fail-safes on crashes, then you’re down. This is why we need to treat the problem with the same logic that we use for any other system. Today it is easier than ever to create a resilient DoS resistant architecture that not only takes traditional malicious activity into account but also critical business failures. The solution isn’t purely technical either, it needs to be based upon sound business principles using readily available technology.

[You might also like: DDoS Protection is the Foundation for Application, Site and Data Availability]

In the past enterprise disaster recovery architecture revolved around having a fully operational secondary location. If we wanted true resiliency that was the only option. Today although that can still be one of the foundation pillars to your approach it doesn’t have to be the only answer. You need to be more circumspect about what your requirements are and choose the right solution for each environment/problem.  For example:

  • A) You can still build it either in your own data center or in a cloud (match the performance requirements to a business value equation).
  • B) Several ‘Backups-as-a-Service’ will offer more than just storage in the cloud. They offer resources for rent (servers to run your corporate environments in case of an outage). If your business can sustain an environment going down just long enough to turn it back on (several hours), this can be a very cost-effective solution.
  • C) For non-critical items, rely on the cloud provider you currently use to provide near-time failure protection.

The Bottom Line

Regardless of which approach you take, even if everything works flawlessly, you still need to address the ‘brownout’ phenomenon or the time it takes for services to be restored at the primary or to a secondary location. It is even more important to automatically send people to a different location if performance is impaired. Several people have heard of GSLB, and while many use it today, it is not part of their comprehensive DoS approach.  But it should be. If your goal with your DDoS mitigation solution is to ensure an uninterrupted service in addition to meeting your approved performance SLA; then dynamic GSLB or infrastructure based performance load balancing has to be an integral part of any design.

We can deploy this technology purely defensively, as we have traditionally done with all DoS investments or we change the paradigm and deploy the technology to help us exceed expectations. This allows us to give each individual user the best experience possible. Radware’s dynamic performance-based route optimization solution (GSLB) allows us to offer a unique customer experience to each and every user regardless of where they are coming from, how they access the environment or what they are trying to do. This same technology allows us to reroute users in the event of a DoS event that takes down an entire site be it from malicious behavior, hardware failure or simple human error. This functionality can be procured as a product or a service as it is environment/cloud agnostic and relatively simple to deploy. It is not labor intensive and may be the least expensive part of an enterprise DOS architecture.

What we can conclude is that any company that blames the cloud provider for a down site in the future should be asked the hard questions because solving this problem is easier today than ever before.

Read “Radware’s 2018 Web Application Security Report” to learn more.

Download Now

SecurityWAF

WAFs Should Do A Lot More Against Current Threats Than Covering OWASP Top 10

July 12, 2018 — by Ben Zilberman0

owasp-top-10-960x640.jpg

Looking in the rearview mirror

The application threat landscape has rapidly evolved. For years, users consumed applications over the internet using the common tool – web browsers. At every point in time, there were 2-5 web browsers to support, and the variety of application development and testing frameworks was relatively limited. For instance, almost all databases were built using the SQL language. Unfortunately, not long before hackers began to abuse applications in order to steal, delete and modify data. They could take advantage of applications in different ways, primarily by tricking the application user, injecting or remotely executing code. Shortly after, commercialized solutions named Web Application Firewalls (WAF) emerged, and the community responded by creating the Open Web Application Security Project (OWASP) to set and maintain standards and methodologies for secure applications.

DDoS AttacksSecurity

SIP Protection: What Your SIP Security Solution Should Have

April 3, 2018 — by Fabio Palozza0

sip-protection-960x591.jpg

SIP-enabled devices have gained widespread use in recent times. With more and more VoIP applications that use SIP as their signalling protocol being developed these days, the industry should put greater emphasis on safeguarding SIP assets against undesirable exploitations that may either degrade the quality of VoIP services or promote cyber-crime.

Attack Types & VectorsSecurity

My Network has High Cholesterol

June 22, 2017 — by Ben Zilberman0

network-high-cholesterol-960x601.jpg

5 out of 6 businesses struggle daily with low profile DDoS attacks that consume their bandwidth and resources and pose a burden, resulting in poor service level and customer experience

You know how when you get to a certain age, feeling ‘good’ is not good enough? Well it might be good for your everyday life – obviously, you don’t need to extract the most out of your brain and muscles for the day-to-day to-do’s, but there is no guarantee that there is nothing there that negatively impacts your performance, or may be silently growing.

Security

2017 Considerations before Buying an Attack Mitigation System

May 11, 2017 — by Carl Herberger2

buying-attack-mitigation-960x641.jpg

Managing the security of critical information has proven a challenge for businesses and organizations of all sizes. Even companies that invest in the latest security infrastructure and tools soon discover that these technology-based “solutions” are short-lived. From antivirus software to firewalls and intrusion detection and prevention systems, these solutions are, in fact, merely the most effective strategies at the time of implementation. In other words, as soon as businesses build or strengthen a protective barrier, the “bad guys” find another way to get in. Attackers are constantly changing their tactics and strategies to make their attacks and scams as damaging as possible.  The good news is that it appears that attacks and subsequent defenses are breaking down in categories which can be measured systematically. The following areas are of a particular concern as we look towards 2017-2018 planning for attacks:

Attack Types & VectorsDDoSSecurity

Cyber Security Predictions: Looking Back at 2016, Peering Ahead to 2017

December 13, 2016 — by Carl Herberger1

cyber-security-predictions-2017-960x557.jpg

2016: What a year! Internet of Things (IoT) threats became a reality and somewhat paradoxically spawned the first 1TBs DDoS—the largest DDoS attack in history. Radware predicted these and other 2016 events in the 2015–2016 Global Application and Network Security Report. Since initiating this annual report, we have built a solid track record of successfully forecasting how the threat landscape will evolve. While some variables stay the course, the industry moves incredibly quickly, and it takes just one small catalyst to spark a new direction that nobody could have predicted.

Let’s take a look back at how our predictions fared in 2016—and then explore what Radware sees on the horizon for 2017.

Attack Types & VectorsDDoSSecuritySSL

The Crackdown on Popular DDoSaaS Site VDoS Has Scary Implications

September 16, 2016 — by Carl Herberger1

vdos-attacks-2-960x640.jpg

The alleged creators of the popular VDoS website were arrested by Israeli authorities at the behest of the FBI on Thursday (September 8th). The 4-year-old site provided attack-for-hire services that helped its customers orchestrate more than 150,000 so-called distributed denial-of-service attacks (DDoS attacks) designed to take websites offline, and earned approximately $300,000 per year.

It is simply frightening that a 14-year-old child can build, maintain and earn hundreds of thousands of dollars a year and amass an estimated $1M after four years of operating a DDoS service before being stopped at the age of 18.

vdos-attack

Hacking for Hire

This is clearly only going to serve as an inspiration to legions of children who have talent and are interested in having high rewards for their employed pursuits. It’s the next step in the hacking-for-hire culture that has emerged over the past decade.

For some time now, we have watched talented child-hackers take down high profile targets and then receive lucrative job offers after they complete their incarceration.  What these two young men have shown us is that it is potentially more lucrative to nurture an entrepreneurial venture as a hacker than the previous pattern of hackers seeking to “build their resume.”

[You may also like: The Emergence of Denial-of-Service Groups]

This story sheds light on one of many DDoS as a service tools that rapidly gain popularity over the last few years.  VDoS is not the only attack-for-hire service out there. Many of the world’s most notorious hackers have developed their own iteration of a for-hire attack website, and many have learned how to avoid prosecution with extensive Terms of Service agreements that absolve them of personal liability.

And as we can see from the VDoS founders, DDoS-as-a-Service (DDoSaaS) is a profitable business! Radware’s ERT researcher, Daniel Smith, talks at length about the breadth and sophistication of for-hire attack services in his Rise of Booters and Stressers blog.

The Impact on Businesses

In addition, this raises a flag for organizations around the globe.  Companies must rethink DDoS protection strategies in a world where such tools commoditize attacks, site owners can make so much money so quickly, and the model for calculating return on investments of security protection technologies is reset.

[You might also like: DNS and DNS Attacks]

How to look at this?

  • Like everything, security attacking tools have moved to the cloud and are much easier to use
  • Financial incentives for people to jump into this business has been terrifyingly awesome
  • Most security controls purchased over the past few years whose main DDoS mitigation technique relies on source or destination IP address is no longer useful. Examples of IP-based blocking are the following:
    • Blackholing
    • Geo-IP Blocking
    • ACLs
    • Black & Whitelists
    • IP-Blocking

The time has come to find the vendors who can support real time detection with high quality (e.g. not requiring source or destination IP address) blocking. Also, this must be done while negotiating SSL and encoding algorithms.

Best of luck, and always know that Radware can help!

Download Radware’s “Hackers Almanac” to learn more.

Download Now