The digital revolution has created the demand for companies to build their online business presence through a spectrum of mediums such as websites, social media and applications. Particularly, on premise, hybrid and cloud applications are increasingly being used more within organisations because of its reduced costs, universal (always available) access, flexibility and up to date software.
Unfortunately, the public nature of these mediums are vulnerable and create avenues for hackers to infiltrate. Hence, organisations need to build defences to protect their digital assets from various threats such as a Distributed Denial of Service (DDoS) attack. According to PwC’s Global State of Information Security Survey, Australia is leading the world in cyber security incidents increasing by 109 per cent to 9,434 over the past 12 months, which was triple the number of incidents globally at 38.5 per cent.
Deflecting the DDoS
DDoS attacks are one of the most common and dangerous threats facing Australian organisations. DDoS attacks are an IT professionals’ nightmare – they can knock out applications that generate revenue and facilitate revenue or can take down entire networks.
Organisations face many challenges when attempting to protect themselves against the sophistication of DDoS attacks. Two key traditional methods to help prevent attacks is to run data through a high capacity server as well as scrubbing filters (first line of defense) to prevent an inflow of fake traffic. In addition to traditional, on-premises solutions, many enterprises have adopted cloud-based DDoS protection services. The benefits of these on-demand services include increased and scalable bandwidth to protect against massive attacks, 24/7 monitoring and response from security experts, and a constantly updated knowledge base designed to protect against all attack vectors. Cloud based DDoS protection services help keep enterprise’s websites up and running – even in the face of volumetric attacks that would otherwise flood the organisation’s network.
However, the comprehensive set of tools provided by cloud-based DDoS protection services is only effective when set up and configured correctly. One method of protecting a website from DDoS attacks is to use a technique called Domain Name System (DNS) Redirection, where web traffic is steered through a DDoS scrubbing centre by modifying the IP address for the site. This strategy often works, but recent DDoS attacks on the DNS such as iiNet experienced this year prove vulnerabilities in protection services if organisations don’t correctly configure their cloud-based DDoS protection. There is also the fact that organisation’s IP addresses are not truly invisible from the prying eyes of the Internet.
Stopping the prying eyes
Using a tool called CloudPiercer, organisations can determine whether they are unwittingly exposing the hidden IP addresses of their public-facing sites.
So, if the address of a public facing site is not as invisible as the business may need, what’s the next step?
DDoS protection customers who want to use DNS Redirection to foil potential attackers should take two steps to ensure the security of their sites. First, reach out to a security provider to help set up and configure the DNS Redirection solution to the business’ account.
The second half of the solution—and the key to protecting a site—is to ensure deployment of firewall rules to only allow traffic coming from the DDoS Protection Service. This establishes a clean path from the Internet to the cloud-based DDoS protection service through to a site. Any other attempt at accessing the site from the Internet should be blocked. To do this, configure rules on the local firewall and work with an ISP to put in place rules that will only allow web traffic from the protection service to your site.
Protection is complete
As the digital revolution brings more devices online, the trend of the DDos attack will continue to increase as there will always be malicious – or curious – people who will use all the available tools to discover things on the Internet that organisations would prefer to keep private. Rather than trying to hide the information (a time-consuming and ultimately counter-productive task), protect the site – and the business – by making sure DDoS protection tools are set correctly to prevent unauthorised requests from compromising a site and ultimately DNS hijackers.
Want to know more?
Why not become a CSO member and subscribe to CSO's mailing list.
Get newsletters, updates, events and more right here.