Recent two well publicised attacks on Corporate infrastructure highlighted its vulnerability and susceptibility to DDOS.
In both cases, the attackers were apparently politically motivated with consequences an outage of services and calculable effects on the bottom line.
Why is it that these two incidents are important? It is because often, the executive consideration for the infrastructure availability is dictated by cost alone with the dismissive commentary of 'It will never happen to us...', with the unspoken corollary 'If it happens then I am in deep trouble'. But it is a bet that many executives take and an increasing number begins to lose. Well it did happen to Twitter and Melbourne International Art Festival site. Both apparently hit for political reason, the first by Russian, the second by Chinese loyalists.
Firstly, what exactly is a DDOS.
Remember those seriously geeky and passionate Information Security people who keep telling you and your mum to "Secure your PC's!" ?
Increasingly, many Government Departments and Corporates allow connections from home. Often, due to cost of procurement (Mainly brought on by reliance on outsourcing services), deploying 'home grade' vulnerable branch office sites (ADSL router with poor InfoSec practices). The corporate exposure footprint increases rather than diminishes as time passes.
There is a very good reason for good security practices, a poorly secured home PC (no or old Firewall, AV, patching) can become a platform for a BOTNET (Robot Net). As the diagram below shows, the compromised machines (Zombies) become slaves to do the bidding of the 'bot herder' or 'bot master'. Entire Botnets of hundreds of thousands of PCs are available for sale on underground hacker sites.
Source: Wikipedia
So what exactly is the best way to prevent such a devastating attack on your corporate, revenue rising/public facade? There are two ways to do this, the first is expensive and complicated. The second cheap and reliable... though it relies on others too (an acknowledged weak link).
It transpires that the most effective way to prevent DDOS is to appropriately secure any PC's you have under your management so that those machines can not be used against you and others. Akin to good building fire codes, securing the Internet facing perimeter machines will prevent the entire city from burning down.
To be fair to outsourcing firms and technologists, there are other strategies that will minimise your exposure to DDOS, involving significant investment into Infrastructure and architecture. Harm minimisation is not harm prevention however and it comes with a big ticket price tag.
Your vulnerable PCs are:
* Employee private home PCs connected to the Internet.
* 'Small' branch office sites, connected directly to the Internet via VPNs to minimise costs.
* Executive and field staff Laptop/mobile PCs with Cellular (e.g.:NextG) internet.
The advice is, as it always was:
* Deploy and maintain PC firewall.
* Deploy and maintain AV (Anti Virus) software
* Deploy and maintain a regular OS patching regime
Coupled with appropriate InfoSec security regimen (including threat monitoring) the next time you get the unenviable task to respond to Attorney's General letter asking about your 'Compliance requirements for securing essential infrastructure', you will be able to actually write something meaningful rather than 'planning for planning to do something' that seems to be the common response in these hard financial times.
The advice of how to best prevent outages to your critical infrastructure can be expensive and confusing.
Call Mr. Wulf at NOMEONESTIQ to talk how we can help you in choosing the best options for you.
