Cloud computing is no longer the future of businesses. It is the now. Everything is offered cloud-based: cloud-based storage, cloud-based services, cloud-based security. With more than half the businesses in the United States integrating cloud computing into their business operations, it has become the way to communicate and collaborate, and serves as a platform for basically every business process—from hosting email servers to online transactions to remote desktop meetings. However, the reasons that make cloud computing the fearless leader in exploring the next level of technology in business are also what make it a favorite target of attacks.
The cloud is scalable and flexible. It allows for rapid deployment of programs and applications on short notice. Data and resources are easily accessible on the cloud. It grows with you. Do you need to allow for thousands, or even millions, of people to have logins for your site? There’s a cloud for that. Unfortunately, the scalability and flexibility of the cloud can also be utilized for potential attacks. Distributed Denial of Service (DDoS) attacks are becoming more common as the cloud continues to grow. Do you know what you’re up against?
What is a DDoS attack?
A DDoS attack is a united effort from thousands, or tens of thousands, of systems on the Internet to flood a server with the ultimate goal of creating downtime for the victim. A botnet, which is a network of computers, or “bots” or “zombies,” that have been compromised and perform automated tasks without the user’s knowledge. This includes the sending of spam emails and viruses to DDoS attacks. A DDoS attack may range from full on flooding the bandwidth or going straight for application layer attacks through an overload of requests with an intent to crash the server or consume all of the server’s resources.
DDoS attacks are difficult to prevent since it is not a single attacker, but more so a legion of bots. This makes it difficult to defend against the source of the attack, especially when the traffic may spoof the source IP address. However, you can be prepared by having a strategy in place to mitigate and respond. In general, the steps to a computer security Incident Response are:
- Preparation: Set up a network architecture that can withstand high volume attacks and have multiple paths for communication and continuity available.
- Identification: Identify the nature of the suspicious activity, then protect the evidence and report it to those that have a need to know. In the case of DDoS, identify the targeted IP address and the nature of the attack (UDP, Reflected DNS, etc.)
- Containment: Contain the incident as quickly as possible. For a DDoS attack this may mean filtering inbound traffic or provisioning extra computing resources.
- Eradication: Use information gathered from containment to identify the cause of the incident. DDoS attacks are often retaliatory or used as a distraction for another type of attack. Perform a complete security assessment of the systems involved.
- Recovery: Restore your system by setting up a course of action that implements improved protection techniques.
Although completely protecting yourself from DDoS attacks is impossible, it is possible to mitigate the impact an attack can have on your IT systems. If you have a network security team who are experts in this field, then DDoS attacks should not be something that discourages you from transitioning to the cloud or deploying cloud-based services. It’s not about limiting advancements in technology to protect you, but rather advancing security tactics to stay protected. Contact a ReliaCloud expert today to learn more about why our information security services should be a part of your IT strategy.