DotBridge, an eCommerce SaaS provider fell prey to a DDoS onslaught. Someone wanted to attack one of their customers web-based business and take it offline, and without a secure hosting company at his back, they may have succeeded.

DotBridge subscribes to our secure, virtualized server service protected by 1) monitoring and response, 2) DoS/DDoS mitigation devices, and 3) a team of knowledgeable and reactive support engineers.

This combination of protection and response is standard for every client that subscribes to our service, and DotBridge is just one real-life example of how we work every day fighting on behalf of our valued customers.

Click Here to read DotBridge’s blogpost on the FireHost experience.

Just like choke holds, Denial of Service attacks come in a variety of flavors – Flood Attacks, SYN Attacks, Smurf Attacks, Ping of Death Attacks, and the ultimate tap out producer Distributed Denial of Service Attacks (to name a few). Each method is designed to achieve a single goal – stifle the target website or online application.

Generally speaking, DoS/DDoS attacks accomplish this by directing a flood of “packets” (fake visitors, often robots) to your website at the same time. In simple terms, a denial of service attack takes up all your hosting environment’s available bandwidth and resources making it impossible for human traffic to reach your website or service.

DoS/DDoS Popularity and Severity on the Rise

Geared toward taking sites offline rather than stealing information or deceiving unknowing web surfers, DoS/DDoS attacks could be regarded as the cyber “crime of passion”. These attacks have effectively silenced religious and political groups from publicly publishing their opinions. High-profile organizations make headlines most often, but really any group with “offbeat” opinions could be the target of a DoS/DDoS onslaught.

Extortion is another popular motive behind DoS/DDoS attacks. Just recently, several Australian sports-betting websites lost millions in revenue over a busy weekend when criminals held their web services hostage for ransom money. Other commercial entities are starting to feel the effect of DoS/DDoS deployments too. Recruit Advantage and Bitbucket have both recently suffered losses due to prolonged outages, and it’s only a matter of time before mass-market retailers use attack-for-hire services to wreck holiday sales for the competition.

DoS/DDoS attacks can take a website or online service to it’s knees effectively and inexpensively, so they are growing to become a popular add on to botnet operators’ portfolios. For a mere $200/day, common Rent-a-DDoS operations can dish out botnet deployments ranging from 100Mbps to 100Gbps. Prolonged over several days, an attack of this magnitude could leave your start-up with a 5-digit invoice for bandwidth.

How to Prevent a DoS/DDoS Smackdown

Unlike other cyber crimes, this type of attack may not pose a direct threat to your clients’ PII (personally identifiable information). That doesn’t spare you the expense of lost sales, regaining public opinion, and technical resources however. In addition to those more “expected” costs, you’ll face charges for the bandwidth consumed during the exploit, and that bill alone could be enough to lead your startup business to early retirement.

The worst part is that if a cyber opponent has you in his or her sights, you’re going down for the count. There are no known prevention methods on record. DoS/DDoS attacks are like a jump spinning rear kick delivered in your blindspot. Scary, deadly stuff.

Don’t Take DoS/DDoS Exploits Lying Down

Since you can’t “eat healthy and excise” your way out of a DoS/DDoS attack, your best bet is to position your website or online application to mitigate the incident. Do this by monitoring your traffic and system state closely at all times. Knowing traffic trends gives you the best chance for getting your guard up FAST, so you have a chance at successfully mitigating the attack.

No matter what equipment or techniques are deployed to mitigate a DDoS/DoS attack, if your internet connection is smaller than the attack size – you’re down. For example, if you have a 100Mbps connection to the internet and the attack is 400Mbps (typical attack size), then the attack exceeds your available bandwidth by 4x saturating your entire network rendering services incapable of responding.

However, if you have enough bandwidth capacity available these techniques and devices are good allies to have when you’re immersed in the heat of a denial of service battle:

• Traffic Redirection – Deny all traffic, good and bad. This method is effective for getting your resource consumption under control and restoring order to your server, but it does not solve the problem of getting customers back in your virtual door.
• IP Filtering – Using routers or firewalls to filter traffic by geography for example can be an effective way to deny traffic from IPs based outside your service area – the US for example. Unfortunately, these devices can only sniff invalid IPs; they are not effective when spoofed or valid IPs are attacking.
• Intrusion Prevention Systems / Application Firewalls – These expensive and adaptable devices “learn” your traffic and can help deny access from malicious origins very effectively.
• DoS Mitigation Appliances – Specialized hardware and software made specifically to fight DoS attacks, DoS/DDoS mitigation appliances provide functionality similar to IPSs and WAFs. This appliance should sit on the very edge of your network (outside your firewall) so it’s taking the attack load off your network.
• Application Optimization – Expertly configured applications can help mitigate D0S/DDoS incidents or an influx of desirable traffic for that matter. Caching pages, for example, can help defray the impact of an attack.
• Load Balancing / Clustering – Servers can handle a substantial amount of traffic (both good and bad), so load balanced / clustered environments provide diversification and help prevent a bottleneck within a single piece of hardware.

If you’re attacked by a DoS/DDoS exploit, your network will consume bandwidth at a high rate for a sustained period of time, so review and understand your billing agreement for bandwidth overage. The alternative, limiting your bandwidth pipe will help prevent the unexpected bill, but again it doesn’t get you back online for business.

If you find yourself under attack by DoS/DDoS, use social platforms like Twitter and Facebook to communicate updates with your customers and other interested parties. Customers and prospective business partners appreciate being notified as soon as possible. Plus, being the first to report the attack lets you control the message and keeps any rumors at bay.

While the software world has fought diligently to reduce the number of affective attack on the personal computer at home through anti-virus programs, hackers have turned their attentions to that which is most vital, but often not very well protected – the hosted website. A variety of tactics are being used by hackers against websites without regard to the size or industry of the business or organization. An American-based Internet security agency recently reported that Internet threats rose by two-thirds in April of 2009.

Many of these attacks are related to phishing -  the attempt to illegally acquire sensitive information from site visitors and internet goers. With login credentials and other information, hackers can mount attacks against an organization’s intranet, their website or their data with valid, stolen information. In some cases information can be solicited from the web hosting company itself, with a hacker posing as an employee of the company.

Also on the rise is a form of attack known as Denial or Service (DOS) or Distributed Denial of Service (DDoS) attacks. With a DDoS attack, unknowingly, users’ computers across the world can be under the control of a hacker. A hacker can cause hundreds to thousands of computers to hit servers that are hosting websites. This mass attack can cause servers to stop, crash or restart resulting in one to hundreds of websites going down. Most recently, there were 4 major attacks against web hosts. This strategy affected thousands of web hosting companies’ clients, taking thousands of websites and web applications offline. The affect of having your lead- or revenue-generating website offline for an extended period of time can be devastating.

Protection from human manipulation, DDoS attacks and other common Internet attacks can and should be handled at the hosting level by a secure hosting company. Human manipulation can be mitigated through change management protocol. Change management protocol requires a level of interaction to help prevent unauthorized access to hosting information from falling into the wrong hands. A secure, redundant network infrastructure, top-tier equipment and superior data centers will mitigate Denial of Service attacks from effectively bringing servers down.

Industry-leading, web host security means much more than just a firewall, more than just a system monitor that tells you when something goes wrong after the fact. Contact a FireHost agent now to see how FireHost‘s managed, proactive, secure hosting can protect you against a new rise in Internet attacks.

You may have heard about DoS/DDoS Attacks in the news, including reports of high profile DoS attacks in Georgia last summer and more recently the attack against Register.com. As a business website owner, it’s important you understand these attacks, how they work, and how a secure hosting environment can prevent them from ruining your revenue and reputation.

In general terms, hackers use denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks to tie up processor resources rendering the computer useless to you, the user. DoS/DDoS attacks can manifest in a number of ways. The target computer may be forced to reset numerous times consuming processor resources and incapacitating the machine. These attacks can also disrupt your service by obstructing communication with end-users.

Victims of a DoS/DDoS attack often experience the following common symptoms:

• Unusually slow network performance.
• Unavailability of a particular website.
• Inability to access any website.
• Dramatic increase in spam emails.

FireHost customers are protected from DoS/DDoS attacks by industry-leading security.

Network Layer Security
We run dual high availability routers and firewalls providing full network redundancy for every client. This network layer design safeguards websites, emails, and databases from unauthorized intrusion by a DoS/DDoS attack.

Application Protection
On top of that, we run web application firewalls (WAFs). This closes the holes within your websites and applications and provides another layer of DoS/DDoS protection

As an industy leader in secure web hosting, we pride ourselves in providing clients peace of mind. Contact a FireHost Agent today for more information about our world class DoS attack prevention and website security services. ]]> http://www.fireblog.com/secure-hosting-environment-can-prevent-dos-and-ddos-attacks/feed/ 0