Life without DDoS
DDoS attacks happen more and more often - in recent years they have come out on top in the list of network threats for corporate clients and telecom operators. Protection against them is an actual problem not only for every Internet business, but also for many other companies using web resources. As a rule, such attacks are aimed at disabling critical applications and resources of the owner. Today, the means to protect customers from such attacks is a necessary element in the arsenal of any large data center operator.
The growth of cybercrime led to the widespread use of DDoS attacks with all the ensuing consequences. DDoS (Distributed Denial of Service) - a simultaneous attack of a system from a large number of computers - is usually intended to make it difficult or impossible for users to access a website or an Internet service. The simplicity of DDoS attacks makes this method available even for an ordinary programmer who does not have much experience with such activities. Yes, and it costs "DDoS service" is quite inexpensive: according to Arbor Networks, an attack that can "put" the website of a small company for a week will cost about $ 150 .
How common is this phenomenon? A recent report by Arbor Networks notes that data centers and clouds have become a major target for DDoS attacks. Last year, about 70% of respondents using data center services reported that they were facing DDoS attacks. At the same time, a large number of attacks with a capacity exceeding 100 Gbps have been registered. Such “events” are already too expensive for an ordinary attacker, they are usually organized by “customers”, and more often for political purposes. Much of the recorded incidents were aimed at the failure of applications - such attacks are now observed regularly.
')
In 2014, two thirds of the data center were attacked in the world. Financial losses from DDoS attacks suffered 44% of the data center. At the same time, DDoS attacks reached 400 Gbit / s. Also 29% of cloud services suffered from intruders.
The difficulty of identifying cybercriminals committing DDoS attacks sometimes creates a sense of impunity. In Russia, "zadidosit competitor" has become a kind of national sport. If you type “order a DDoS attack” in a search engine, you can get about a dozen links: many websites explain how to order it, how much it costs, etc. Today, resources of even large Russian companies are under heavy attack. Suffice it to recall a series of DDoS attacks on the websites of leading Russian banks, including Alfa Bank, Gazprombank, VTB, Sberbank and the Central Bank of Russia. And with the onset of the Ukrainian crisis, the number of DDoS attacks on the resources of Russian organizations has increased significantly. The need to protect information resources from DDoS attacks ceases to be a private problem and acquires a national character.
Often DDoS attacks are made using botnets. According to Kaspersky Lab, in Russia in the first quarter of 2015, their number increased compared to the previous similar period and amounted to almost 1,400. Russia ranked fourth in the ranking of countries whose web resources were most often targeted by the organizers of DDoS attacks. In total, in the first quarter of 2015, cybercriminals made more than 23,000 DDoS attacks using botnets on resources in 76 countries. Although criminals do not limit their arsenal for DDoS attacks to botnets alone, this tool remains one of the most common and dangerous.
Information suppression mechanisms are used today for a variety of purposes, including political ones and as tools of competition or blackmail. Their victims are online stores, tour operators, state-owned enterprises, online media, social networks, financial sector companies, and providers providing Internet access services. In such conditions, preventive protection against DDoS attacks becomes mandatory. After all, the consequence of such attacks can be a serious material or reputational damage - lost profits, customer outflow, deterioration of the company's image. Therefore, counteracting DDoS attacks remains a hot issue for companies from the banking, telecommunications, government sectors and a number of organizations from various industries and different types of activities.
Organizations and industries most at risk of DDoS attacks (according to MFI-Soft)
DDoS attacks can be aimed at “clogging up” communication channels, saturating their bandwidth, which complicates user access to a web resource. For such attacks, various types of floods are used: UDP, ICMP and other streams of falsified packets. Attack power can be hundreds of Gbit / s - this can disrupt even a fairly large data center.
The purpose of DDoS attacks can be system resources, which leads to a decrease in its performance. For example, protocol-level attacks target existing hardware hardware limitations or vulnerabilities of various protocols. Firewalls, load balancers "clogged" parasitic packets, with the result that network systems do not have time to handle legitimate traffic. Either software vulnerabilities are used, which allows attackers to change the configuration and parameters of the system. Sometimes such attacks lead to the inoperability of any application or OS as a whole. In recent years, this type of attack has become predominant.
When building a network security system, it is important to take into account modern threats and especially targeted and DDoS attacks. If the data center operator does not have sufficient experience and special technical means to combat this phenomenon, a DDoS attack can cause the inaccessibility of its network devices and IT infrastructure of its clients. The introduction of services to protect against DDoS-attacks in the data center is a guarantee of stable and reliable operation of applications and resources of customers.
Since the fall of 2012, the DDoS Protection service offered by SAFEDATA protects and repels various DDoS attacks based on the Perimeter hardware and software system from MFI-Soft, a Russian developer of solutions for protecting communication networks. Perimeter is a carrier-class system, one of the most high-performance solutions on the DDoS protection system market, and it can be expanded.
The availability of web services and their uninterrupted operation is guaranteed in accordance with the SLA concluded with the client.
The principle of operation of the APC "Perimeter" at the border router.
The system monitors network traffic in real time, identifying malicious activity and allowing you to suppress complex DDoS attacks. After all, DDoS-attacks are constantly being improved, and attackers can change the principle of impact on the attacked server during an attack.
Perimeter monitors traffic, filters it, helps detect various types of network attacks, warns about network anomalies and suppresses them. Protected traffic is monitored for anomalies: if they are detected, the client is informed about a possible DDoS attack. The use of such a complex allows the telecom operator or data center owner to maintain the quality of the services provided, the continuity of business processes, and also reduce the risks of financial and reputational threats to customers.
To detect traffic anomalies, the system analyzes in real time the traffic passing through routers, filters it, and uses high-performance traffic filtering methods at the TCP / IP stack level and at the application level (HTTP, DNS, SIP, etc.). To filter network traffic and suppress application-level attacks, the system interacts with operator equipment, such as routers or firewalls.
"Perimeter" cleans traffic from spurious packets without interfering with the access of legitimate users, allows you to provide reliable protection, implements filters that are sufficient to repel any DDoS-attacks. The complex can be used by large projects and organizations to protect its own resources, as well as by Internet / hosting providers, data centers and other operators to protect customer resources. It is important that Perimeter is the decision of the Russian manufacturer, therefore, there is a guarantee of confidentiality and protection of the operator’s commercial information, round-the-clock Russian-language service support. Finally, this solution, made to the base of domestic developments, meets the requirements of local regulators.
This article uses materials from MFI-Soft, describing the capabilities of the Perimeter system.
Our previous posts:
- Review and testing of storage systems IBM FlashSystem 820
- Personal data: dura lex, sed lex
- SAFEDATA data center: three in one. Migration Chronicles
The growth of cybercrime led to the widespread use of DDoS attacks with all the ensuing consequences. DDoS (Distributed Denial of Service) - a simultaneous attack of a system from a large number of computers - is usually intended to make it difficult or impossible for users to access a website or an Internet service. The simplicity of DDoS attacks makes this method available even for an ordinary programmer who does not have much experience with such activities. Yes, and it costs "DDoS service" is quite inexpensive: according to Arbor Networks, an attack that can "put" the website of a small company for a week will cost about $ 150 .
How common is this phenomenon? A recent report by Arbor Networks notes that data centers and clouds have become a major target for DDoS attacks. Last year, about 70% of respondents using data center services reported that they were facing DDoS attacks. At the same time, a large number of attacks with a capacity exceeding 100 Gbps have been registered. Such “events” are already too expensive for an ordinary attacker, they are usually organized by “customers”, and more often for political purposes. Much of the recorded incidents were aimed at the failure of applications - such attacks are now observed regularly.
')
In 2014, two thirds of the data center were attacked in the world. Financial losses from DDoS attacks suffered 44% of the data center. At the same time, DDoS attacks reached 400 Gbit / s. Also 29% of cloud services suffered from intruders.
DDoS in Russia
The difficulty of identifying cybercriminals committing DDoS attacks sometimes creates a sense of impunity. In Russia, "zadidosit competitor" has become a kind of national sport. If you type “order a DDoS attack” in a search engine, you can get about a dozen links: many websites explain how to order it, how much it costs, etc. Today, resources of even large Russian companies are under heavy attack. Suffice it to recall a series of DDoS attacks on the websites of leading Russian banks, including Alfa Bank, Gazprombank, VTB, Sberbank and the Central Bank of Russia. And with the onset of the Ukrainian crisis, the number of DDoS attacks on the resources of Russian organizations has increased significantly. The need to protect information resources from DDoS attacks ceases to be a private problem and acquires a national character.
Often DDoS attacks are made using botnets. According to Kaspersky Lab, in Russia in the first quarter of 2015, their number increased compared to the previous similar period and amounted to almost 1,400. Russia ranked fourth in the ranking of countries whose web resources were most often targeted by the organizers of DDoS attacks. In total, in the first quarter of 2015, cybercriminals made more than 23,000 DDoS attacks using botnets on resources in 76 countries. Although criminals do not limit their arsenal for DDoS attacks to botnets alone, this tool remains one of the most common and dangerous.
Information suppression mechanisms are used today for a variety of purposes, including political ones and as tools of competition or blackmail. Their victims are online stores, tour operators, state-owned enterprises, online media, social networks, financial sector companies, and providers providing Internet access services. In such conditions, preventive protection against DDoS attacks becomes mandatory. After all, the consequence of such attacks can be a serious material or reputational damage - lost profits, customer outflow, deterioration of the company's image. Therefore, counteracting DDoS attacks remains a hot issue for companies from the banking, telecommunications, government sectors and a number of organizations from various industries and different types of activities.
Organizations and industries most at risk of DDoS attacks (according to MFI-Soft)
Data center protection - customer peace of mind
DDoS attacks can be aimed at “clogging up” communication channels, saturating their bandwidth, which complicates user access to a web resource. For such attacks, various types of floods are used: UDP, ICMP and other streams of falsified packets. Attack power can be hundreds of Gbit / s - this can disrupt even a fairly large data center.
The purpose of DDoS attacks can be system resources, which leads to a decrease in its performance. For example, protocol-level attacks target existing hardware hardware limitations or vulnerabilities of various protocols. Firewalls, load balancers "clogged" parasitic packets, with the result that network systems do not have time to handle legitimate traffic. Either software vulnerabilities are used, which allows attackers to change the configuration and parameters of the system. Sometimes such attacks lead to the inoperability of any application or OS as a whole. In recent years, this type of attack has become predominant.
When building a network security system, it is important to take into account modern threats and especially targeted and DDoS attacks. If the data center operator does not have sufficient experience and special technical means to combat this phenomenon, a DDoS attack can cause the inaccessibility of its network devices and IT infrastructure of its clients. The introduction of services to protect against DDoS-attacks in the data center is a guarantee of stable and reliable operation of applications and resources of customers.
Since the fall of 2012, the DDoS Protection service offered by SAFEDATA protects and repels various DDoS attacks based on the Perimeter hardware and software system from MFI-Soft, a Russian developer of solutions for protecting communication networks. Perimeter is a carrier-class system, one of the most high-performance solutions on the DDoS protection system market, and it can be expanded.
The availability of web services and their uninterrupted operation is guaranteed in accordance with the SLA concluded with the client.
How it works?
The principle of operation of the APC "Perimeter" at the border router.
The system monitors network traffic in real time, identifying malicious activity and allowing you to suppress complex DDoS attacks. After all, DDoS-attacks are constantly being improved, and attackers can change the principle of impact on the attacked server during an attack.
Perimeter monitors traffic, filters it, helps detect various types of network attacks, warns about network anomalies and suppresses them. Protected traffic is monitored for anomalies: if they are detected, the client is informed about a possible DDoS attack. The use of such a complex allows the telecom operator or data center owner to maintain the quality of the services provided, the continuity of business processes, and also reduce the risks of financial and reputational threats to customers.
To detect traffic anomalies, the system analyzes in real time the traffic passing through routers, filters it, and uses high-performance traffic filtering methods at the TCP / IP stack level and at the application level (HTTP, DNS, SIP, etc.). To filter network traffic and suppress application-level attacks, the system interacts with operator equipment, such as routers or firewalls.
"Perimeter" cleans traffic from spurious packets without interfering with the access of legitimate users, allows you to provide reliable protection, implements filters that are sufficient to repel any DDoS-attacks. The complex can be used by large projects and organizations to protect its own resources, as well as by Internet / hosting providers, data centers and other operators to protect customer resources. It is important that Perimeter is the decision of the Russian manufacturer, therefore, there is a guarantee of confidentiality and protection of the operator’s commercial information, round-the-clock Russian-language service support. Finally, this solution, made to the base of domestic developments, meets the requirements of local regulators.
This article uses materials from MFI-Soft, describing the capabilities of the Perimeter system.
Our previous posts:
- Review and testing of storage systems IBM FlashSystem 820
- Personal data: dura lex, sed lex
- SAFEDATA data center: three in one. Migration Chronicles
Source: https://habr.com/ru/post/259815/
All Articles