What is a DDoS attack in cloud infrastructure?

Distributed Denial of Service (DDoS) is an attack against the availability of information under the umbrella of the popular CIA triad against the target of choice. This targeted attack as part of a ransom is demanded or an activism campaign where a significant account of traffic is run to online services to take them offline, slowdown service or crash the site.

This is a most frequent attack now – a – days, Internet Security needs to add preventive measures to its security roaster. Over the past year, DDoS has hit PayPal, Bitcoin, HSBC, Sony and gaming sites like Microsoft’s Xbox Live and Blizzard’s Battle.net and many more.

Cloud DDoS attacks are also a growing issue for organizations. Public cloud services are not immune from security threats, and some of the most pernicious attacks involve denial of service. Even when attackers can’t penetrate a workload or data store in the public cloud, the attacker can reduce cloud application performance, or block the application entirely, by overwhelming the network with junk traffic or excessive requests.

Example DDoS: SYN flood attack

This method has a capacity to overwhelm his target with a high volume of SYN requests to consume all the target systems resources. Once the targeted resources are exhausted, legitimate traffic will be severely delayed or halted, resulting in the targeted service going offline.  A DDoS protection device or a firewall can recognize a high volume of SYN requests in its traffic compared to a previously established baseline of normal traffic. It starts to drones or denies or block bad traffic from the sources of the excessive SYN requests until normal activity resumes.

Common DDoS Attacks type:

UDP Flood, ICMP (Ping) Flood, SYN Flood, Ping of Death, Slowloris, NTP Amplification, HTTP Flood

General segregation of DDoS attack that may attack OSI (Open Systems Interconnection)Cloud DDoS

Defensive majors for DDoS attack

Security controls aim at mitigating the effects of DDoS attacks have been continuously developed and they are quite effective these days. Intrusion prevention is performed by a software or hardware device that can intercept detected threats in real time and prevent them from moving closer toward victims. It is a useful approach to DDoS, Coding, and brute force attacks. Today, the general lack of adequate security infrastructure across the Internet is a major cause of the tremendous pressure faced by Internet Service Providers to prevent and mitigate DDoS attacks on their infrastructure and services, on their own.

Preventive majors that act upon detection and prevention of DDoS attacks:

(a) by reconfiguring the security mechanisms such as firewalls or routers to block future attacks,

(b)by removing malicious content from the attack trace by filtering out possible attack packets, or

(c) by appropriate browser setting and by reconfiguring other security and privacy controls to avoid the occurrence of future attacks. However, for effective DDoS prevention, identification of true attack source(s) is an essential task. Although identification of the true source of an attack is a daunting task due to an open and decentralized structure of the Internet, several novel approaches have evolved in the recent past. IP traceback is one such powerful candidate among the mechanisms used to identify the true source of attacks in a network.

(d) IPSs and IDSs both examine network trace searching for attacks, there are critical differences. IPSs and IDSs both aim to detect malicious or unwanted trace and both can potentially do so well, but they differ in their response generation.

Defensive majors for Cloud protection

Overall, between in-house management and third-party SecaaS providers, most organizations are feeling reasonably comfortable with the majority of foundational security controls today.

The following technologies have you successfully implemented to protect sensitive data and control access to your public cloud environment(s), whether internally managed or in the form of security-as-a-service:

VPN, Vulnerability Scanning, Log and event managing, Anti-Malware, Network access controls, Identity and access a management (IDM/IAM), Encryption, Multifactor authentication, IDS/IPS, Forensic and incident response, Application control (Application whitelisting), DLP(Host or network-based), Agent-based remove workload monitoring of cloud-based applications, cloud encryption gateways and/or cloud access security brokers(CASBs)

Why most of the vendors offer protection against cloud DDoS?

The reason why most of the vendors offer protection against cloud DDoS attack also offers a hybrid model. This hybrid approach often called a cloud overflow option, however, brings together some of the best of both worlds. Of keen interest to security professionals is ending any controls they can easily integrate between on-premises and cloud environments, creating an effective hybrid controls model. Unfortunately, not all tools and controls are easily translated into supporting the hybrid model, so this has been a challenge. Fortunately, some technologies are bridging the gap, notably multifactor authentication, anti-malware and vulnerability scanning.

The following security technologies have been able to integrate protection in-between the private and public cloud are:

VPN, Vulnerability Scanning, Anti-Malware, Network access controls, Encryption and key management, Multifactor authentication, IDS/IPS, DLP(Host or network-based), Threat intelligence sharing/feeds, Asset/automated configuration management. This may explain why many organizations are pushing configuration management to API-integrated cloud models entirely, or it may simply mean that many organizations are struggling with configuration management in general (for both internal and cloud deployments). Sadly, almost none of the control areas we inquired about (other than multifactor authentication) are able to function in a hybrid model for more than 50% of respondents.

The initial hardware purchasing costs are limited considering the on-premises devices will only need to be able to handle smaller DDoS attacks. The costs for cloud protection are also limited because most DDoS attacks can be mitigated locally and will not require any overflow at all. From a security perspective, the approach covers the entire range of possible attacks. Some of the leading DDoS vendors, such as Arbor Networks, Radware, and Imperva, offer these hybrid options.

When looking for a DDoS security setup that is both cost-effective and holistic, you should certainly consider the hybrid DDoS models. Cloud overflow provides the best option for companies that have an on-premises network that relies on Internet-facing services, but that is not large enough to warrant its own full-scale DDoS protection deployment.

 

Author: Jasmin Bhambure

SecuArk Pvt.Ltd