DNS, Load Balancing and DDOS attacks

Posted on

Throughout history, civilizations have suffered from a false sense of security. One of the most famous incidents occurred during the war between Greece and Troy. The Trojans felt so confident that Troy was impenetrable that they wheeled in a great wooden horse into their city as a sign of victory, without giving their action a second thought. The Trojans never considered that what they thought was a peace offering from the Greeks could breach their single line of defense and lead to their demise.

Like the Trojans, companies, network administrators, and IT personnel often suffer from the illusion that a single security solution can adequately protect their entire IT investment. Often, those assumptions can lead to the same disastrous results that befell the Trojans. If you need any other convincing, just look at the widely publicized and very effective Distributed Denial of Service (DDoS) attacks that have been in the headlines recently.

An October 2016 report in Atlantic magazine revealed that a single hour of a DDoS attack can cost upwards of $100,000 per hour.  Since most DDoS attacks span several hours, losses add up quickly. An 11-day DDoS-caused outage experienced by Virgin Blue, for example, cost the airline $20 million.

The latest — and largest — incident occurred just a couple weeks ago, when a series of DDoS attacks sourced from a bot network (or “botnet”) saturated the Internet connections of Dyn, a domain name system (DNS) provider for Amazon, Spotify, Twitter, and other frequently visited sites. The hours-long attack, which came in three waves and hit more than 150 websites, resulted in lost revenue of up to ~$110 million in sales, according to the CEO of Dynatrace, whose company monitored the incidents.

To fight these multi-pronged attacks, companies also need a multi-dimensional (or “layered”) defense approach to secure their network and data assets. The idea behind layered security or defense-in-depth, is that multiple strategies are better suited than a single solution when it comes to protecting a network from multi-dimensional attacks. Layered security uses different protection methods (or “controls”) at different points in a network, so that a weakness or flaw that exists in one layer can be compensated by the protection delivered by another layer. An attacker that gets past a company’s first line of defense will be met by the second level of defense. If the attacker penetrates the second level of defense, it will have to deal with the next line of defense. In this way, layered security is designed to thwart, impede, or stop the threat until the threat can be quashed.

Load balancers are ideally suited for inclusion within a layered security model. The primary function of a load balancer is to spread workloads across multiple servers to prevent overloading servers, optimize productivity, and maximize uptime. Load balancers also add resiliency by rerouting live traffic from one server to another if a server falls prey to DDoS attacks or otherwise becomes unavailable. In this way, load balancers help to eliminate single points of failure, reduce the attack surface, and make it harder to exhaust resources and saturate links.

To mitigate or avoid the same fate suffered by Dyn, companies should lock down their DNS servers to prevent them from being used as part of an attack as well as implement DDoS mitigation services that can detect and react when a volumetric attack is being staged. Load Balancers with integrated intrusion prevention (IPS) and web application firewall (WAF) services also add another layer of protection by detecting and preventing application-focused Layer 7 DDoS attacks.

There is nothing worse for a business than having a network impaired or down due to an exploited vulnerability other than not having a good plan to deal with the problem. No organization is immune from DDoS assaults. As attacks become more sophisticated we can expect that the methods to protect against them will need to continue to evolve as well. Fortunately, we have the tools today to combat cybercrime, but it’s really all about selecting the right ones and using them in the right way. To paraphrase John Stewart, Cisco Senior Vice President and Chief Security Officer, ‘it’s important to understand your adversary, know its motives and methods, prepare your defenses accordingly, and remain vigilant.

Additional Information

What is load balancing

Click here to read our latest post on DDOS Attacks – The Damage they cause and how you can prevent them.

Posted on

Maurice McMullin

Maurice McMullin was a Principal Product Marketing Manager at Progress Kemp.