& cplSiteName &

Required DDoS Counter-Measure Needs Counter-Counter-Measure

Brian Santo
7/26/2016
50%
50%

DDoS attacks have grown so vast that enterprises have no legitimate option but to offload at least some traffic to the cloud as a necessary counter-measure. What's less well understood is that doing so creates a new risk: when a company moves to the cloud to mitigate network security attacks, other companies doing business with the same cloud provider create new potential vulnerabilities.

There are three basic categories of distributed denial of service (DDoS) attacks, explains David DeSanto, a network security expert working for Spirent Communications plc . A volumetric attack aims to overwhelm an enterprise network with traffic, consuming so much bandwidth the company cannot sustain legitimate business. A protocol attack aims to take advantage of a legitimate function; an example would be an attack that keeps opening TCP sessions that never get completed, consuming network resources that are now unavailable for legitimate traffic. An applications attack is one that takes advantage of a vulnerability or flaw in an application.

All three can be mitigated in the cloud, with the exception of the largest volumetric attacks, which have become so huge they can only be mitigated by using the cloud.

The biggest volumetric DDoS attack thus far was over 500 Gbit/s. Another recent attack might prove to have been over 600 Gbit/s. "No on-site solution can deal with that," DeSanto says.

Nobody wants to buy more of anything than they need, and that includes bandwidth. Companies commonly elect to buy capacity in a shared cloud resource, because buying dedicated resources can be expensive and -- from a cost-only perspective -- inefficient, if not wasteful.

Many companies naturally opt for the flexible, resource-sharing plans.

Cloud service providers give their customers access to hypervisors, the tools used to monitor and sometimes control virtual machines (VMs) running in the cloud.

DeSanto says that there have been demonstrated instances of hypervisors being misconfigured or not configured well, and that opens up a particular vulnerability -- Cloud Customer A can sometimes get access to Cloud Customer B's communications.

"You're only as secure as your neighbor," DeSanto said, "unless you're on your own cluster."


Want to know more about the latest developments in T&M, service assurance, monitoring, and other test issues? Check out our dedicated test channel here on Light Reading.


DeSanto says most of the known problems in hypervisor configuration have been fixed, though he adds that the root problem is inherent in the system, and for all anybody knows, there might be others that have yet to be discovered.

Seems like a situation in which you're damned if you do and damned if you don't. But maybe it's more like darned if you do, damned if you don't, because if you're a company looking at the cloud for DDoS mitigation, you do have some options to protect yourself.

Buy dedicated resources if you can. If that's not practical, make sure you have as much access to network information as you can get, so you can detect intrusions and developing DDoS attacks.

And run tests on your environment, pre-deployment and afterwards. Penetration testing is recommended. Spirent's CyberFlood product was designed for security and app performance testing, on network Layers 4 through 7.

— Brian Santo, Senior Editor, Components, T&M, Light Reading

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Featured Video
From The Founder
The world of virtualization is struggling to wrench itself away from the claws of vendor lock-in, which runs counter to everything that NFV stands for.
Flash Poll
Upcoming Live Events
March 20-22, 2018, Denver Marriott Tech Center
March 22, 2018, Denver, Colorado | Denver Marriott Tech Center
March 28, 2018, Kansas City Convention Center
April 4, 2018, The Westin Dallas Downtown, Dallas
April 9, 2018, Las Vegas Convention Center
May 14-16, 2018, Austin Convention Center
May 14, 2018, Brazos Hall, Austin, Texas
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
Has Europe Switched to a Fiber Diet? Not Yet...
Ray Le Maistre, Editor-in-Chief, 2/15/2018
Will China React to Latest US Huawei, ZTE Slapdown?
Ray Le Maistre, Editor-in-Chief, 2/16/2018
Net Neutrality: States' Rights vs. the FCC
Mari Silbey, Senior Editor, Cable/Video, 2/13/2018
IBM, Microsoft Duke It Out Over Chief Diversity Hire
Sarah Thomas, Director, Women in Comms, 2/15/2018
5G: The Density Question
Dan Jones, Mobile Editor, 2/15/2018
Animals with Phones
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed