Nexigen, Cincinnati's premier cyber security provider specializing in cyber security managed services and security operation has recently seen the return of volumetric DDoS Attacks taking down big names such as Twitter, Amazon, and the beloved Information Security journalist Brian Krebs. What wasn't mentioned in these reports were the thousands of other, smaller sites that were impacted by these attacks. So, with Black Friday approaching it's time to consider how you'll handle a DDoS attack.
If you're in retail or eCommerce the next few days can make or break your fourth quarter. In 2015, the weekend starting with Black Friday saw 102 million shoppers spending just shy of $300 USD each (Source: https://www.thebalance.com/what-is-black-friday-3305710). A DDoS can effectively eliminate your ability to cash in on this spending spree and could drive your customers to other establishments.
What's vulnerable to DDoS attacks:
Here's a brief list of the threat vectors your company might have:
- Corporate office (http://www.information-age.com/ddos-ransom-notes-why-paying-will-get-you-nowhere-123459804/)
- Data center (Especially a co-located space) (http://www.datacenterdynamics.com/content-tracks/servers-storage/ddos-attacks-against-data-centers-hit-peak/84778.fullarticle)
- DNS Vendor (Such ad Dyn, GoDaddy, or OpenDNS) (https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/)
- Credit Card Processor (http://www.theregister.co.uk/2004/09/23/authorize_ddos_attack/)
- Hosting Provider (http://www.securityweek.com/hosting-provider-ovh-hit-1-tbps-ddos-attack)
- ISP / Telco Provider (http://tech.firstpost.com/news-analysis/internet-service-providers-in-mumbai-targeted-in-ddos-attack-326708.html)
Prepare for volume: (Data Center, Hosting Provider, ISP)
Integrate a service like F5 Silverline (https://www.f5.com/pdf/products/silverline-ddos-datasheet.pdf) in front of your web applications and deploy to multiple data centers to allow for site fail-over. Cloudflare also provides and excellent solution (https://www.cloudflare.com/ddos/).
This will offload an attack directly against you, protecting your data center circuit from the brunt of the attack.
Diversify your DNS: (DNS Vendor)
A great resource on diversifying your DNS service can be found at https://www.internetsociety.org/blog/tech-matters/2016/10/how-survive-dns-ddos-attack-consider-using-multiple-dns-providers
Having multiple DNS providers with in-sync zone files can help protect you from an attack on a single DNS service, such as the attack refenced above on Twitter, Spotify and Reddit.
Work with your ISP: (Corporate HQ, ISP)
Many ISP's now offer DDoS Protection for your internet circuits which can protect your headquarters and branch office from attack. Having multiple circuits on different IP blocks is also a great way to manage outages.
Prepare to take payments offline (Credit Card processor)
Some processors will create a solution to allow you to cache card data until the connection comes back online. This requires that you have a PCI certification for the amount of data you will store, but can prevent outages in case your processor is attacked. Some companies are also working with multiple processors in order to provide redundancy to mitigate these threats.
About the Author -
Chris Huntington is the Chief Information Security Officer at Nexigen. Nexigen provides the leading cyber security solutions on premise, in the cloud through infrastructure or code review. We are the only full service SOC, Digital forensics, Threat Hunting, Remediation, Cloud Security Brocker in the Cincinnati Area.
For more information on how to protect your business from cyber threats like DDOS please email firstname.lastname@example.org.