November 28, 2013
DDoS attacks are a serious concern. The consequences of an attack could lead to financial and reputational damages. In fact, many of us have already been affected.
But most of us fall into the dangerous trap of a “why me?” tendency.Why would an attacker target your business specifically? What would they have to gain from taking your web applications and infrastructure offline?The reality is you may never be targeted. But, as we have seen in data collated by Nexusguard Labs, that does not mean you will never feel the consequences.You may be collateral damage.
The Internet is built on shared resources
When people think of sharing resources, they tend to think about shared web hosting. Every user shares server resources, bandwidth, and other resources throughout the data center.But this is not where resource sharing stops. In fact, every one of us shares crucial resources with other people.You could be sharing:
Server resources like RAM, CPU, and disk space
Network resources like bandwidth
Network hardware including edge routers and switches
Internet service providers (ISPs)
Backbone Internet providers
As your budget increases, you will probably move away from resource sharing on a basic level. You will invest in dedicated servers, network resources, and your own datacenter.
However, this does not eliminate sharing. It only pushes it further up the supply chain.
Shared resources create indirect DDoS threats
Since we are all sharing resources at one level or another, we all face the threat of DDoS attacks.On a shared hosting level, a DDoS attack on one website will implicate neighbors. Even though they are not directly targeted, their applications start to slow down, lose responsiveness, or go offline.One way to counter this would be to use a dedicated server, or colocate your own hardware. However, an attack anywhere in the data center you use will create gateway congestion.
Meanwhile, even further up the supply chain, the biggest attacks can affect an entire ISP. Although these attacks with bandwidth in excess of 100gbps are uncommon, they are a very real threat, becoming more common year after year. Nobody is safe from the implications of a DDoS attack. So what can be done to mitigate these widespread risks?
Mitigating attacks on shared resources
At Nexusguard, we know how hard it can be to mitigate increasingly intelligent and large scale DDoS attacks. In many ways, the battle gets more difficult when you are protecting yourself against attacks that target other people.
There are a few strategies we suggest:
Use dedicated resources: Wherever you can, choose resources that are your own, like a virtual private server (VPS) over shared hosting.
Do better baselining: You will not spot an attack if you do not know normal patterns. So know your traffic, look at how applications are used, and uncover the peak volumes of traffic in a given period.
Keep up-to-date: DDoS attacks change and evolve. For example, in the last year we have seen more intelligent application-based attacks that do not depend on obvious spikes in traffic. Make it your business to know what is happening by following trends and new patterns.
Find your weaknesses: Using qualified external testers, regularly test every part of your infrastructure and every application you use. Find the weaknesses in your platform, and get advice on preparing against attacks before they happen.
Our analysis shows, without doubt, DDoS attacks are becoming more sophisticated. The war rages on, with large enterprises like ISPs, data centers, and telecom companies targeted consistently. And if they are targeted, everybody who shares their resources is too.
If you are a provider facing this exact problem, talk to one of our representatives and learn about how Nexusguard’s Infraprotect can help you deliver a service that conveys your organization’s commitment to consistent and high quality services. Preparation, defense, and mitigation are essential, not just for the prime targets of attack, but for every organization online.