by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : February 2013
24 GCN FEBRUARY 2013 • GCN.COM Denial-of-service attacks have become an increasingly easy way to damage websites and other online resources to attract atten- tion, punish perceived wrongdo- ing, and even for extortion. The hacktivist collective Anonymous last year turned its Low Orbit Ion Cannons on a number of govern- ment Web sites, in a high-profile protest of law enforcement ac- tions and proposed legislation. Since then, both the profile and the volumes of attack traffic have grown. Denial-of-service attacks --- DOS --- are a horse of a different color in the threat landscape. Because they affect availability rather than data or systems, they often require more of a disaster response than a security incident response. At the same time, the variety of techniques for carrying out DOS attacks complicates de- fense. In most cases, agencies are going to need outside help to do it right, the professionals advise. "There is no way you are going to mitigate these attacks from a fixed infrastructure," said Fran Trentley, senior service line direc- tor for Akamai Technologies' pub- lic sector business. "You can't." The problem boils down to scale. With attackers having available greater bandwidth and increasingly powerful tools to launch attacks that can over- whelm your resources, it can be cost-prohibitive and ineffective to maintain the capabilities --- not only in hardware and software but also in manpower and train- ing --- needed to defend yourself in-house. Blocking the attacks requires leveraging on-demand resourc- es of a cloud, said Neal Quinn, chief operating officer at Prolexic Technologies. "Deploying devices onsite is of little value," he said. "Handling this in the cloud is ab- solutely important." Akamai and Prolexic sell third- party cloud-based services and are hardly objective observers on this issue. But they are not alone. US-CERT agrees that outside as- sistance is at least helpful, if not absolutely necessary. In its Janu- ary 2012 report on the Anony- mous distributed denial-of-ser- vice attacks, US-CERT noted that service-level agreements with ISPs and hosting providers often include DDOS mitigation ser- vices that agencies should know about and take advantage of. However, enterprises are not entirely helpless on their own. Network and application fire- walls can identify and block mali- cious traffic. There also is a trend toward application-based DOS attacks that do their dirty work inside servers rather than by bombarding them from the out- side with high volumes of traffic. These attacks can be addressed, at least in part, internally. "Historically, the tools have been up to the job," said Carlos Morales, vice president of global sales engineering and operations at Arbor Networks. Although vendors and US- CERT agree there are steps that organizations can and should take to ensure a layered defense against DOS attacks, the cost of maintaining a staff and in- frastructure to deal with them completely could outweigh the benefits. When you need those defenses, there is a good argu- ment for turning over at least some of the job to specialists who have the resources and ca- pacity to provide an on-demand response rather than keeping that response on constant stand- by yourself. THE NEW DOS TARGET Denial of service attacks, which traditionally have bombarded networks with an overwhelm- ing number of requests, are get- ting more efficient. And as these attacks mature, it's more im- portant than ever that agencies understand the kind of attack they're facing so they can mount Denial-of-service attacks often require more of a disaster response than a security incident response. The bottom line: don't go it alone. SURVIVING YOUR NEXT DENIAL-OF- SERVICE DISASTER