by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : May 2013
GOVERNMENT IT managers should be aware that distribut- ed denial of service (DDoS) at- tacks may become more than just a frustrating nuisance that they need to deal with on their networks. Such attacks may increasingly be used as a ploy used to create background interference during a major emergency. Think of it as cre- ating a communication tra c jam that keeps first responders stuck in low gear. But first, a little update on where DDoS stands today. A study by Prolexic Technologies reports a 718 percent increase this year in the overall band- width consumed by DDoS attacks and a recent report from Verizon says that most recent DDoS attacks have been launched by activist groups. And many Internet Service Providers (ISPs) have reported a general increase in DDoS related tra c. Meanwhile, the Department of Homeland Security and the FBI have issued an alert noting that they are aware of dozens of telephony denial of service (TDoS) attacks aimed at government or financial communications centers. This variation is similar to DDoS attacks. Computer controlled calls are made in a high volume, but they target voice lines rather than computers. So far the targets have been mostly administrative, not 911, telephone lines. But this could change. Evidence of DDoS attacks launched in conjunction with real emergencies is spotty, but IS YOUR AGENCY PREPARED FOR DDOS ATTACKS WITH A MORE LETHAL PURPOSE? INTERNAUT BY SHAWN McCARTHY GCN MAY 2013 • GCN.COM 15 STEPS TO DEFEND AGAINST DDOS ATTACKS Ask Internet Service Providers (ISPs) to establish service limits related to the amount of bandwidth one customer can use. Some will balk at this, but it's a way to notice if a compromised machine is suddenly generating more network traf- fic that usually does. Short, low-bandwidth messages have a better chance of getting through than real-time connections. Investigate whether you fall-back plans can include short stand-alone messages capable of controlling specific government or technical functions, i.e., traffic lights. Conduct drills that take your digital communication totally off line. What is your back-up communication plan? What other channels do you have available and do participants know how to immediately fall back to these other channels (and in which order?) 1 2 3 there have been instances. For instance, in 2010, after a hurricane in Myanmar/Bur- ma, an international DDoS at- tack targeted media sites that had relocated after the storm. This made it di cult for them to share government news. This year, not long after the April Boston Marathon bombing, the social news site Reddit set up a section to allow visitors to post photos and share theories about the event. The pages grew in popularity and received at- tention from the mainstream press. Once that happened, the site became the target of a massive DDOS attack which shut o contact for over 50 minutes while site managers work to re-route tra c and address security issues. High tra c sites often use content delivery networks (CDNs) -- essentially a distrib- uted system of servers housed at multiple data centers. At the peak of the attack, Reddit was hit with over 400,000 requests per second to its CDN. The requests came from "thousands of separate IP addresses, all hammering il- legitimate requests, and all of them simultaneously chang- ing whenever we would move to counter," according to a statement made by one of the Reddit editors. The banking industry has also been targeted many thousands of times with DDoS attempts, sometimes in con- junction with specific news events related to economic reports. Government needs to be aware of these connections because, in extreme situa- tions, DDoS could be used to block Internet access to tra c controls, river or dam moni- toring, contact with police, and more. Dealing with DDoS attacks is di erent than dealing with other security issues. An agency can have the tightest security available and it could still be vulnerable to DDoS because it basically blocks all data tra c access. Other ways must be found to deal with the threats and to mitigate potential daily risks Most organizations can't easily stop a DDoS confrontation. But they can work to overcome its e ects. Below are a few steps to help mitigate the threat of DDoS attacks launched with an ulterior motive. As standalone measures, none will protect an agency from a DDoS attack during an emergency situation. But they can help reduce the risk, raise awareness, and promote dis- cussions on what an agency's fall-back position should be. The larger issue is pushing the responsibility upstream to regional ISPs. That's a huge topic unto itself, but its one that needs to be addressed. •