Defending Against DDoS Attacks

Dealing with DDoS Attacks

This post has already been read 5841 times!

by Simon Parker, Minerva Security

As recent news demonstrates, it only takes a single, small lapse in security to open the door to hackers and to destroy a company’s reputation.

Who can think of Target without thinking of the disastrous hacking that exposed the credit cards of millions of Target customers?

In this article I will look at a particularly powerful and common form of attack and provide a few simple precautions can help protect you, your customers and your reputation.

What DDos attacks?

One of the most powerful tools used by cyber criminals is the DDoS attacks, otherwise known as the “distributed denial of service” attack. This particular attack begins by deriving a weakness in a particular computer system, making it the DDoS master. This DDoS master then identifies weaknesses in other systems, installing malicious software on systems providing the master with remote access to connected PCs.

These infected PCs can then be used to launch an attack against a particular target, which could involve trying to hack any sensitive data or financial information.

Absolutely any computer system is vulnerable to an attack like this.

In fact, these particular hacks can even take down computers which are highly protected, for example Xbox and Playstation. Thus taking security precautions, and having a plan to deal with an attack is vital. So let’s look at how you can better protect your business against this common form of attack.

Accessing Your Systems During Attack

It is essential that you retain access to your systems during a DDoS attack. In any company, getting into a computer system remotely in an emergency is a vital tool, particularly for the support staff of your business. Without one, your people can’t fix the problems that arise during off-hours, holidays, and weekends when your normal staffing are offsite.

Hackers can hinder ordinary access to your servers and websites. Thus it is important to have a means to access your systems in the event they are targeted by a DDoS attack.

Secure Way to Talks to Your Systems

Most companies have a firewall in place between the Internet and their internal network. A number of IP addresses are set aside for access to various web pages and other systems within your company. This is particularly what the people who try to hack in will exploit.

They set up a number of machines that hit this addresses and bombard them with requests. Whether or not they are valid is not the issue. The fact that no one else can access your systems is the goal. For this reason, you need to ensure that you have a separate set of IP addresses that aren’t on the grid. These private IP addresses are not listed on the web domain servers and they are entered in manually.

The private IP addresses also attach to servers whose only purpose is to grant access for service personnel. From there, your staff can connect to the other machines within your internal network to see what’s going on. As a result, this allows you to have a bird’s eye view of the situation, and you can then take action to clear locked nodes and reallocate resources manually. These same servers will also have the monitoring and repair tools your staff needs to find out where the bottlenecks and problems lie.

You Need a Secure Access Methodology

Your on-call staff, as well as the rest of your support people, should be issued fobs or credit card-sized access code generators. These are issued by the company that supplies you with your access system that resides on your access servers. Commercial security systems today use highly sophisticated algorithms to synchronize these fobs and digital code generators to the software they provide you.

When you login in they will present you with a security code and you respond with the one that the fob/credit card has displayed. This will authenticate the staff member, and will allow them to log in with their id and password.

The more sophisticated systems have biometric ID as well in order to access the code generator. This will ensure that only certain individuals can access the larger versions that attach to remote PCs.

But what if the network is down?

These access servers also have dial-up lines as a backup to the ordinary internet access. This might sound old fashioned to you, but it is an effective means to communicate with a server whose internet access is blocked. DSL lines are another option, as you have your support people’s homes with a company DSL modem set up and running.

Larger companies commonly have hardwired links run to the support staff’s homes. This, however, is an expensive way to go about it and wouldn’t be something which all companies can afford.

WiFi is another option, however it is not widely used as there is a risk of interception of access information monitoring and unauthorized access.

A Little Preparation Averts or Mitigates a Crisis

If you want to be sure to be able to get into your systems when something is going south, you need a secure system that is separate from the main system. You need one that has an encryption access system that only permits your people to log in to the corporate network. With this in place, they can connect to your various servers within a server farm.

While this does add overhead to the total cost, it really pays in the long run as it ensures that your systems are monitored, problems are addressed quickly, and that cyber attacks can be thwarted.

Without another system you’d need around the clock staff monitoring each server farm 24/7. This is a far more costly solution involving a higher headcount.

Remote access with a rotating on call schedule is a cost effective solution. You can also outsource it to a company that specializes in this type of work, and you will find yourself getting the best of all worlds, all rolled up in one.

Simon Parker
Follow Me
Latest posts by Simon Parker (see all)