& cplSiteName &

Required DDoS Counter-Measure Needs Counter-Counter-Measure

Brian Santo

DDoS attacks have grown so vast that enterprises have no legitimate option but to offload at least some traffic to the cloud as a necessary counter-measure. What's less well understood is that doing so creates a new risk: when a company moves to the cloud to mitigate network security attacks, other companies doing business with the same cloud provider create new potential vulnerabilities.

There are three basic categories of distributed denial of service (DDoS) attacks, explains David DeSanto, a network security expert working for Spirent Communications plc . A volumetric attack aims to overwhelm an enterprise network with traffic, consuming so much bandwidth the company cannot sustain legitimate business. A protocol attack aims to take advantage of a legitimate function; an example would be an attack that keeps opening TCP sessions that never get completed, consuming network resources that are now unavailable for legitimate traffic. An applications attack is one that takes advantage of a vulnerability or flaw in an application.

All three can be mitigated in the cloud, with the exception of the largest volumetric attacks, which have become so huge they can only be mitigated by using the cloud.

The biggest volumetric DDoS attack thus far was over 500 Gbit/s. Another recent attack might prove to have been over 600 Gbit/s. "No on-site solution can deal with that," DeSanto says.

Nobody wants to buy more of anything than they need, and that includes bandwidth. Companies commonly elect to buy capacity in a shared cloud resource, because buying dedicated resources can be expensive and -- from a cost-only perspective -- inefficient, if not wasteful.

Many companies naturally opt for the flexible, resource-sharing plans.

Cloud service providers give their customers access to hypervisors, the tools used to monitor and sometimes control virtual machines (VMs) running in the cloud.

DeSanto says that there have been demonstrated instances of hypervisors being misconfigured or not configured well, and that opens up a particular vulnerability -- Cloud Customer A can sometimes get access to Cloud Customer B's communications.

"You're only as secure as your neighbor," DeSanto said, "unless you're on your own cluster."

Want to know more about the latest developments in T&M, service assurance, monitoring, and other test issues? Check out our dedicated test channel here on Light Reading.

DeSanto says most of the known problems in hypervisor configuration have been fixed, though he adds that the root problem is inherent in the system, and for all anybody knows, there might be others that have yet to be discovered.

Seems like a situation in which you're damned if you do and damned if you don't. But maybe it's more like darned if you do, damned if you don't, because if you're a company looking at the cloud for DDoS mitigation, you do have some options to protect yourself.

Buy dedicated resources if you can. If that's not practical, make sure you have as much access to network information as you can get, so you can detect intrusions and developing DDoS attacks.

And run tests on your environment, pre-deployment and afterwards. Penetration testing is recommended. Spirent's CyberFlood product was designed for security and app performance testing, on network Layers 4 through 7.

— Brian Santo, Senior Editor, Components, T&M, Light Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Featured Video
From The Founder
John Chambers is still as passionate about business and innovation as he ever was at Cisco, finds Steve Saunders.
Flash Poll
Upcoming Live Events
June 26, 2018, Nice, France
September 12, 2018, Los Angeles, CA
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
The Telco Debt Binge May End Badly
Scott Raynovich, Founder and Principal Analyst, Futuriom, 6/15/2018
Larry Ellison Laughed at the Cloud, Now the Cloud Is Laughing Back
Mitch Wagner, Executive Editor, Light Reading, 6/20/2018
Ciena CTO Says No to Skynet, Advocates Adaptive Networks
Kelsey Kusterer Ziser, Editor, 6/14/2018
Source Packet Routing Gets Real in 2018
Sterling Perrin, Principal Analyst, Heavy Reading, 6/15/2018
Mavenir's Billion-Dollar Blueprint
Ray Le Maistre, Editor-in-Chief, 6/18/2018
Animals with Phones
Backing Up Your Work Is Crucial Click Here
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed