by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : September 2015
How to minimize the impact from DDoS attacks BY RODNEY CAUDLE INDUSTRY INSIGHT IN EARLY 2000, one of the first known distributed denial-of-service (DDoS) attacks shut down Yahoo for three hours when an attacker repurposed a university’s computers to flood the Internet portal’s traffic. Such synchronized attacks from multiple sources against a sole target characterize DDoS attacks, a relatively new phenome- non compared to traditional denial-of-service attacks, which originate from a single source. Thanks in part to the in- creasing number of devices on the Internet and the availability of high-speed Internet access, there’s a larger pool of possible sources for all kinds of at- tacks. In the early 2000s, DDoS attacks reached a speed of approximately 4 gigabits/sec. Now they av- erage 10 to 60 Gbps or even faster. A DDoS incident in February peaked at almost 400 Gbps, and the average DDoS attack now lasts 17 hours. Three types of DDoS attacks have appeared in recent years: • Resource consumption, in which attackers initiate a large number of bogus con- nection requests to a single destination. Attackers might also launch a resource consumption attack by attempting to exhaust the target server’s disk space or another finite resource by using legitimate traffic to force the server to create large numbers of log files. • Bandwidth consump- tion, in which attackers consume all available bandwidth on the networks leading to the targeted server by sending bogus traffic in quick succession. The resulting surge renders the targeted server unavail- able. It can also take down other servers on the same network. • Keeping connections open, which involves at- tackers completing numer- ous three-way handshakes to establish legitimate connections but then using Slowloris software to delay the process by designing each connection to instruct the target that it is “busy.” The attackers can keep numerous connections open for extended periods by sending a data fragment to each connection every few minutes, thus tying up the server so it can’t respond to legitimate traffic. DDoS attacks on the public sector accelerated more than in any other industry in the fourth quar- ter of 2014. Commonly, opposition to legislation and political activism are motivators in DDoS attacks on government. Hackers aim to damage an agency’s finances, reputation or both while gaining notoriety on social media. Government agencies and the services they offer, by their nature, will always be targets. And because DDoS attacks can be launched with increasing ease — even by hackers with little tech- nological expertise — agen- cies should operate as if a DDoS attack is inevitable. DDoS attacks come without warning and, equally disconcerting, can escalate from start to peak effectiveness in as little as one minute. Some Internet service providers offer au- tomatic responses, but they can cause outages and block legitimate traffic. However, with some advance planning, agencies can reduce the perceived gains from future attacks. What agencies can — and should — do is make themselves less appealing targets. Distributing services across various locations, instead of placing them in only one data center, is the first step. That way, a single DDoS attack cannot take the agency’s entire suite of services off-line, and the agency won’t have to rely exclusively on the Internet service provider’s solution, which is usually expensive. Agencies should also consider using a content de- livery network as an entry point to its services because it can mask network con- nections from attackers. Such services are benefi- cial but also expensive, so agencies must consider the cost-to-benefit ratio. Another step agencies can take is establishing a relationship with a man- aged services partner that can provide built-in protec- tions from DDoS attacks. The partner can distribute the services through differ- ent data centers, thereby reducing the exposure and impact of DDoS attacks. • — Rodney Caudle is direc- tor of information security at NIC. DDoS attacks on the public sector accelerated more than in any other industry in the fourth quarter of 2014. GCN SEPTEMBER 2015 • GCN.COM 15 0915gcn_015.indd 15 8/31/15 9:36 AM