Advertisment

DDoS attacks on the rise in the Middle East

author-image
Harmeet
New Update

DUBAI, UAE: Numerous surveys of IT decision makers cite the issue of security and availability as the major impediment to the adoption of cloud computing. With the presence of cyber-criminal groups such as Anonymous and the Syrian Electronic Army (SEA) carrying out co-ordinated attacks on high-level companies, security threats have taken the centre stage in the region.

Advertisment

Not surprisingly, Middle East data center operators, public and private, must now reassess their defenses against the primary threat to availability-distributed denial of service attacks (DDoS). The sheer size of these attacks has increased drastically from previous years. In the Middle East, by the end of 2013, the average attack size was 2.8 Gbs, higher than the global average of 2.3 Gbs.

Attacks are moving from volumetric-based-where they try to simply overwhelm the connection with data- to more sophisticated, application-layer attacks that target specific services and are not high-bandwidth, making them difficult to identify. The new application-layer DDoS attacks threaten a myriad of services from Web commerce to DNS and from email to online banking.

Mahmoud Samy, Area head, Middle East, Pakistan and Afghanistan at Arbor Networks says that data center operators should pay close attention to the following tips to protect against DDoS attacks:

Advertisment

Protect data centers from threats that cannot be stopped by other security devices

Data center operators have a tendency to deploy firewalls and Intrusion Prevention Systems (IPS) in front of data center assets. While key elements of an overall security strategy, firewalls and IPS devices are not effective solutions against DDoS attacks.

Because these devices constantly maintain state information for every session established between a client on the Internet and the corresponding server in the data center, these products themselves are commonly targets of DDoS attacks. According to Arbor's 2013 Worldwide Infrastructure Security Report, more than a third of those who have deployed these devices within their data centers experienced stateful firewall and/or IPS failure as a direct result of DDoS attacks during the survey period.

Recently, NSS Labs released its Network Firewall Comparative Group Test Report, which found two major issues. One is stability where three out of six firewall products failed to remain operational when subjected to stability tests. The second issue is that external hackers were able to trick firewalls into allowing them inside the firewall of a trusted client. The conclusion can be drawn that firewalls and IPS are not effective solutions against threats such as DDoS attacks.

Advertisment

Secure the availability of the most important asset: the data center services

Availability should be considered first and foremost because all other aspects do not matter if the services are not available. If users cannot access the services offered or hosted, then all other security concerns such as integrity and confidentiality are simply not relevant. Service providers must consider threats against availability such as DDoS as they design their security policies, and on the flip side, companies must consider threats against availability as they evaluate cloud providers.

When Internet-facing services are down due to attacks against availability, the impact can have severe business consequences. Only a few minutes of downtime can be very costly. Moreover, it can tarnish the brand, lower employee productivity, and even result in penalties or Service Level Agreement credits.

Protect the data center infrastructure and connectivity as well as customer services and data

Beyond protecting critical services from threats, data center operators must be aware of threats against the infrastructure and the pipes into and out of their data centers. A large-scale DDoS attack against the infrastructure can initially be stopped on-premise in the data center, but as the attack grows in volume, the data center operator must partner with upstream Internet Service Providers (ISPs) or Managed Security Service Providers (MSSPs) to stop the large-scale attack.

Advertisment

Data center operators must have established procedures to communicate with bandwidth suppliers. Leveraging technologies to streamline communications between the data center edge and the upstream providers is also critical. However, needing to figure out an ad-hoc plan be very daunting-especially during an attack.

Provide much needed visibility at the data center edge and inside data centers

Good security requires good visibility. Data center operators must invest in visibility and operational tools so they can gain the situational awareness to effectively address threats. From utilizing SIEMs to leveraging NetFlow technologies, data center operators should understand where threats are coming from externally, as well as what traffic is inside the data center.

This visibility can help assure data is not being accessed or removed from your data center by unauthorized persons. It can also detect threats against availability before customers are affected.

Detect emerging threats by looking beyond the borders of the data center

Because the threat landscape is continually evolving, operators need a 360 degree view to detect emerging trends and stop new threats. For example, Arbor Networks' ATLAS initiative is a collaborative effort with 100+ ISPs who have agreed to share anonymous traffic data on an hourly basis, and who have deployed honeypots across the globe.

The global insight can be used to detect emerging trends and threats, resulting in policies that can be incorporated into data center security products to stop emerging threats and prevent attacks. Operators must be able to see beyond the walls of the data center in order to secure it.

tech-news