2015-11-24

To the IT Security Rescue: DARPA and the Extreme DDoS Defence Program

IT security is a big deal – especially today with concerns that the government may be compromising some private networks. We know that the agency has compromised Google and Yahoo! in the past. Today, the Defence Advanced Research Projects Agency (DARPA) is working to fight against certain kinds of security breaches. On the surface of it, it seems contradictory, since DARPA is a branch of the U.S. Department of Defence.
But, here's a deeper look into the agency, and what they're doing and why.
DDoS Attacks and Why They're Important
A DDoS attack is a special type of DOS attack, commonly called a "Distributed Denial of Service" attack. It's an attempt to bring down a network using multiple compromised systems, which are usually infected with malware or a virus – usually a trojan.
The point of a denial of service attack is to make so many requests from the server that it can't keep up, and crashes – taking the site or network offline.
A distributed attack means that multiple computers are making requests for information or data from the server. And, because they are spread out, it's very difficult to stop. It's difficult to distinguish between legitimate users and attackers because, often, innocent computers are hijacked in the attack and made to look like legitimate users.
Security companies that specialize in this type of threat know how to deal with them. And, you can visit this website if you want to know more about how detection and analysis works from inside the industry – including the concept of "white hat hacking" or "penetration testing."
Option One: Self-Defence Tactics
One option commonly employed by companies and organizations in the past was a homebrew self-defence strategy. This is the simplest way to defend against an attack, but it's also a method that's a bit outdated. Usually, a coder or in-house IT employee would write some Python script that would filter out bad traffic.
Sometimes, enterprises would use existing firewalls to block malicious traffic. In the early 2000s, this was a simple affair. Today, attacks are fairly complex and, while it's simple to write a script, it doesn't work nearly as well as it used to. A firewall will quickly be overloaded under the mildest of today's DDoS attacks.
Option Two: Specialized Equipment Defence
Another option is to use specialized equipment to defend your company or organization. It's a similar approach to the DIY method in that an enterprise is doing all of the work to stop an attack.
However, instead of relying on scripts and firewalls, the business buys and deploys dedicated DDoS mitigation hardware.
The hardware sits in a company's data centre in front of the standard servers and routers. It's made specifically to detect and filter malicious traffic.
Companies that use this approach face multiple challenges. First, the hardware is costly. And, if the company isn't under attack, the devices are just sitting there, collecting dust. They can also be expensive to operate. You need skilled network and security people to run them.
They have to be constantly updated by your operations and IT team if you want protection against the latest threats. DDoS tactics change on a daily basis. And, finally, the Achilles heel of the hardware is that they can't handle volumetric attacks. All an attacker has to do is figure out your maximum bandwidth and exceed it.
Option Three: ISP Defence
Most companies outsource their DDoS mitigation. Some enterprises use their ISP to provide the service. An ISP can have more bandwidth than a single company would, which helps with large attacks.
But, there are still problems with this approach. The most obvious is that ISPs aren't in the business of threat detection and mitigation. They sell bandwidth. So, their systems might not actually be very good at detecting and defending against a well-orchestrated (or even not-so-well orchestrated) attack.
Option Four: Cloud Mitigation Provider
This option essentially outsources the problem to a company that specializes in cloud services. Cloud mitigation providers are experts when it comes to providing DDoS mitigation from the cloud.
In other words, these companies have built out massive network resources. They have more bandwidth capabilities than your average hosting provider or cloud storage vendor, and they can mitigate the threat of an attack at multiple sites around the Internet. Basically, they redistribute the bad traffic that comes in to lessen its effects. In many cases, there is no effect.
They can scrub traffic for you, and send only the "clean" traffic to your data centre.
One major reason you'd want to hire these people is for their expertise. They usually have network and security engineers and researchers on staff that are monitoring the latest threats and tactics hackers use so that customers are well-protected.
They also have bandwidth – lots of it. They provide more bandwidth than an enterprise could ever hope to provision on its own. This is effective in stopping even the largest of attacks.
They have multiple types of DDoS mitigation hardware. Since DDoS attacks are very complex, there's an inherent need for multiple layers of filtering to keep up with the latest threats. Cloud providers use multiple technologies, including their own proprietary technology to defend against attacks.
Source: http://ift.tt/1X9bYrd


via DDoS Attacks