NC Nov-Dec 2023

More documents

Recommendations

Info

OPINION: DDoS ATTACKS SPANNING SECURITY GAPS AT THE EDGE ROMAN LARA, PRINCIPAL ANALYST AT NETSCOUT OUTLINES THE THREAT FACING ORGANISATIONS THAT FAIL TO ADAPT THEIR DDoS PROTECTION AT THE EDGE In recent years, threat actors have become increasingly efficient and effective at what they do, allowing them to launch more dangerous attacks and evade traditional defence techniques more successfully than ever before. During this time, cybercriminals have also been launching a greater number of attacks. Findings from NETSCOUT's latest Threat Intelligence Report show that global distributed-denial-of-service (DDoS) attacks reached an all-time high in 2022, with almost 13 million attacks taking place. This increase in attack frequency, coupled with the ease of use of DDoS-for-hire services, means organisations need to ramp up their protection of their critical online infrastructure, in addition to that of downstream customers. Although there are conventional protection solutions which can stop some types of DDoS attacks, businesses must go one step further to strengthen both their on-premises and cloud security measures from the different kinds of DDoS attacks which exist. There is no one-size-fits-all solution to DDoS protection at the edge, but by establishing a hybrid DDoS defence strategy, enterprise-level organisations stand a better chance of preventing the different types of DDoS attacks from significantly damaging their business. There are three main types of DDoS attacks which are used by threat actors to intentionally overwhelm a targeted website or digital network: protocol, application-layer, and volumetric attacks. PROTOCOL DDOS ATTACKS Firstly, protocol DDoS attacks are primarily focused on taking down services or underlying network infrastructure which are responsible for delivering content to the end users. The attacks disrupt services, thereby resulting in legitimate users being unable to connect to the resources. A common method to deploy a protocol attack is through a SYN flood attack. In 2021 NETSCOUT detected a shift in preference by adversaries to direct path attacks. These DDoS attacks target stateful devices such as servers, load balancers and next gen firewalls with the intention of filling Transmission Control Protocol (TCP) State Tables with bogus connections, resulting in specific resources being overwhelmed and becoming inaccessible to legitimate users. This allows cybercriminals to take down even highcapacity devices capable of maintaining millions of connections designed to protect services connected to the internet, such as file transfer, email, and web servers. A SYN flood attack involves an attacker overwhelming the target's servers with countless SYN packets - a request from another device to start a new communication channel - which contain spoofed IP addresses. In response to each SYN packet, the server invites the device to create the new channel. However, the invitation is never fulfilled, and the server continues to wait. As a result, the server eventually crashes from waiting too long for each individual SYN packet request. With this attack method, cybercriminals can dismantle high-capacity devices capable of sustaining millions of network connections, such as supercomputers. APPLICATION-LAYER ATTACKS Secondly, application-layer attacks are designed to disrupt web applications that end users interact with. An application-layer attack can be launched by a cybercriminal using even a single machine or legions of bots to continually request the same digital 26 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards WWW.NETWORKCOMPUTING.CO.UK
OPINION: DDoS ATTACKS resource - like a website or pdf - from the targeted server. As a result, the application is overwhelmed and is unable to deliver content to its users. These attacks are mostly used to target web servers, but can also go after any digital application, including session initiation protocol (SIP) and border gateway protocol (BGP) services. VOLUMETRIC ATTACKS Lastly, there are volumetric attacks. These involve threat actors flooding a target with malicious traffic in an attempt to consume all available bandwidth either within the target network/service, or between the target network/service and the rest of the internet. These attacks are simply about causing congestion. From 2006 to 2021, volumetric attacks reigned supreme, with DNS amplification attacks at the forefront. These attacks work by sending requests that generate large replies to multiple open domain name system (DNS) servers from a spoofed IP address to appear as though the request is coming from the target. At full scale, the large influx of DNS traffic onto a single server can overwhelm it, forcing the server to crash. Adversaries will typically choose one or more of these different types of attacks to use against the on-premises and cloud environments of targets in order to maximise the degree of damage. This demonstrates the need for organisations to integrate a multi-faceted defence approach across both their network availability and digital infrastructure to effectively mitigate modern DDoS threats. THE NEED FOR A HYBRID DDOS DEFENCE APPROACH The difficulty organisations face is having to put equal protections in place to reinforce their security across all network environments. This blocks DDoS attacks which are capable of evading either onpremises only or cloud-only defences. For instance, conventional cloud-based DDoS mitigation tools can defend against larger volumetric attacks targeting internet connectivity prior to them overwhelming local protection. Meanwhile, to defend against application-layer and encrypted traffic attacks, organisations will need onpremises defences near the targeted applications or services. However, with both examples, the solutions' level of effectiveness is very limited as it protects one network environment instead of the other. For organisations to overcome this, it is best practice for them to adopt a hybrid or multi-layer DDoS defence approach with both cloud and on-premises components that recognise all the different DDoS attack vectors and methodologies. HOW TO ESTABLISH A HYBRID SECURITY STRATEGY A hybrid DDoS defence strategy incorporates an on-premises, detection and prevention system with on-demand cloud-based mitigation capabilities at the edge. The combination of the unrelenting nature of adversaries and the growing complexity of DDoS attack methodologies and techniques necessitates the basis of a comprehensive DDoS mitigation strategy to be an on-premises, roundthe-clock, purpose-built DDoS attack protection system. This must be capable of automatically identifying and blocking all types of DDoS attacks and other cyberthreats prior to damage being inflicted on business-critical online infrastructure and services. While traditional cloud-based DDoS protection solutions are effective when it comes to stopping large volumetric DDoS attacks, they have difficulty in blocking other types of DDoS attacks designed to evade their systems. But cloud-based mitigation solutions shouldn't be discarded entirely, as they strengthen the protection of on-premises tools. Fundamentally, the best solution is to use a combination of an on-premises and a cloud solution with intelligent and automated integration, as this provides the most comprehensive protection possible. Although this doesn't represent a one-size-fits-all solution, this approach helps organisations to ensure that new and evolving DDoS threats can be dealt with in real time. INCREASINGLY EFFECTIVE THREAT ACTORS With cybercriminals becoming increasingly adept at launching dangerous attacks and evading traditional defence techniques, an inability to adapt and defend against these emerging DDoS attack techniques will significantly damage businesses. Therefore, businesses should implement a more comprehensive defence strategy to secure their network edges. Even though cloud-based solutions may be cost-effective, ultimately, they must do more to protect organisations from the rapidly evolving nature of the threat landscape and the emerging types of DDoS attacks. Nevertheless, a multi-layer, hybrid solution which deploys on-premises defence at the edge, alongside a cloud-based backup, ensures enterprises can maintain improved cyber hygiene and prevent extended server downtime in the event they're impacted by a DDoS attack. NC WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBERR 2023 NETWORKcomputing 27
Page 1 and 2: NETWORKcomputing I N F O R M A T I
Page 3 and 4: COMMENT COMMENT MANAGING THE SKILLS
Page 6 and 7: INDUSTRY NEWS NEWSNEWS NEWS NEWS NE
Page 8 and 9: COMPANY PROFILE COMPANY PROFILE: NE
Page 10 and 11: OPINION: STORAGE ENSURING STORAGE S
Page 12 and 13: OPINION: SASE IS SD-WAN THE RIGHT F
Page 14 and 15: CASE STUDY "MADE IN GERMANY" QUALIT
Page 16 and 17: SECURITY UPDATE COMPLYING WITH THE
Page 18 and 19: OPINION: IOT IOT AND THE FUTURE OF
Page 20 and 21: OPINION: DATA CENTRES HOW DATA CENT
Page 22 and 23: OPINION: DATA CENTRES Hot and Cold
Page 24 and 25: CASE STUDY GLOBAL TRANSFORMATION AN
Page 28 and 29: OPINION: NTNs TO 5G - AND BEYOND! K
Page 30 and 31: OPINION: CLOUD SECURITY BOOSTING YO
Page 32 and 33: OPINION: ESM ENGAGING AI FOR ENTERP
Page 34: OPINION: PROVIDERS NECESSARY PROVIS

NC Nov-Dec 2023

Create successful ePaper yourself

Delete template?

Save as template?