Any business that has found themselves under a DDoS attack knows just how damaging it can be. DDoS attacks can suspend the availability of your products or services for hours, sometimes even days, without the right security measures.
What is a DDoS Attack?
DDoS stands for distributed denial-of-service. This is an attack that hackers or criminals use to temporarily suspend websites, business applications and email services by flooding their server with an enormous amount of traffic. This flood of bandwidth causes the system to shut down because it is incapable of handling the load.
It generally takes multiple systems to produce the DDoS attack, with these systems working together to target a single system, usually an application server using default data ports. A common system used to orchestrate these attacks is a botnet installed on multiple computers (where the owners of these computers may be unaware it is there, like a virus) and used to forward traffic and bandwidth toward the server being targeted. Websites are sometimes targeted by DDoS attacks for unknown reasons. It could be an anonymous hacker or state-sponsored criminals doing large-scale attacks on anything from online banking systems to government services. In many cases the disruption of service is a diversion intended to distract IT teams in order for the hackers to steal your valuable data.
DDoS Mitigation and SSL
Traditional DDoS mitigation solutions attempt to protect your business from DDoS attacks by setting in place a series of techniques for resisting these attacks. DDoS mitigation works by protecting the target server and its relay networks. While using “traffic scrubbing” filters, new network traffic is passed through the attacked network and analyzed. This allows the traffic to be identified and understood, allowing bot traffic to be recognized for its differences from normal traffic. Any hijacked computers that are sending traffic to the server could be recognized and separated from the attributes of legitimate traffic.
Protecting Internet traffic between a mobile application and a server is typically accomplished by the use of Secure Sockets Layer (SSL) encryption technology. SSL encryption typically uses default ports such as 443 for communications. While this simplifies the technology, it also makes it vulnerable: hackers know exactly what to target.
The problem is exacerbated because of the complexity of keeping track of SSL configurations across servers. Companies often try to avoid this complexity by using default server configurations, which makes attacks even easier.
How Likely is a DDoS Attack?
The larger and more known a business is, the more likely it is to suffer from an attack. There are small-scale hackers that are capable of initiating these attacks and will often test their skills on websites that are well known, to see how capable they are. Additionally, a website that is well known is more likely to have competition and threats on the internet. DDoS attacks happen every day, and protection from these attacks is more important than ever.
The problem is growing. The average data size of a DDoS attack more than doubled to 10 Gbps between 2011 and 2013. DDoS attacks have doubled server downtime for financial institutions alone. In the span of just six weeks in 2013, 15 major U.S. bank websites were offline for a collective 249 hours, twice the amount for the same period in 2012. In 2014, the number of attacks in the 10 Gbps and above category grew by 38%. Today more than 2,000 DDoS attacks occur daily. Take a look for yourself at this Digital Attack Map.
Typical DDoS Defenses: Are These Enough?
A popular offering today is DDoS-resistant hosting. This is a type of web hosting that has protection built into it for the website owner. Generally, it means the hosting is using content distribution networks to distribute your content on servers across the world. This means your visitors will have faster load times, as the content is located on a server within their region. It also means that your website is more difficult to attack, as the content is located on many servers, rather than just one. This avoids the possibility that a DDoS attack can be targeted toward a single server and may reduce the likelihood of an attack.
Unfortunately, DDoS-resistant hosting is rarely a strong enough defense for big brands and businesses. Traditional DDoS defenses are expensive because they require additional bandwidth and infrastructure. Also, they are largely ineffective because both the flaw and responses are well known to attackers. Whether it is the use of transit access control lists (tACLs), Unicast Reverse Path Forwarding (uRPF), load balancers, or other common solutions, hackers have demonstrated their ability to get around them.
A New Alternative
CENTRI’s BitSmart offers a new, cost-effective strategy for mitigating DDoS attacks and delivering consistent high performance to mobile customers. The solution eliminates the SSL flaw that hackers exploit by allowing the server to select a random port during the key exchange phase. The port is chosen from a predefined list which can be configured by the financial services company. By automatically managing SSL configuration across ports, BitSmart eliminates the reason for using default server configurations that open the door to attackers. BitSmart also optimizes legitimate app traffic by up to 80%, leaving you with more bandwidth headroom to ride out an attack. During normal times, bandwidth optimization reduces the need to purchase excess capacity and delivers a faster app experience for your customers. Find out more about CENTRI here.
Thanks for reading,
About the Author James Salter is the Director of Marketing at CENTRI. James has 20 years of experience in software and technology marketing and enjoys sharing his insights on data security, enterprise issues, the Internet of Things and driving value from solutions. Connect with James on LinkedIn.