This is a 7 part introduction to Cybersecurity. The second and following parts of the guide introduces the reader to a case study:
Which Technologies, Products/Providers Can Be Used To Counter 2 threats (DDOS attack and SQL Injection)?
Disclaimer: Preliminary Recommendation is based on the type of DDOS attack employed by the hackers, as described in the open media sources (without the sight of the actual system), therefore to be edited, once more information become available.
In order to recommend the technologies, products and providers, one needs to understand the “anatomy” of the attacks. For this reason, relevant information was gathered and analyzed, as otherwise the recommendation would be largely superficial.
Background information about the attack:
DDoS attacks often serve as a camouflage for a targeted attack, that aims an important data.
In the famous Talk Talk attack, which happened in October 2015, the hacker appears to have used many systems to simultaneously launch attacks against a remote host to flood the company’s website with internet traffic in order to overload digital systems and take them offline. Due to the fact that some sensitive customer information was taken, means that the second attack was taking place simultaneously.
The major advantages to an attacker of using a DDoS attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down.
These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for period of time.
Therefore to make a recommendation of solutions should not be made, by simply recommending some products, as would not help to resolve a problem in a sustainable way. The right approach would be holistic, and thus the choice of providers will depend on the final selection of solutions applicable in this precise case.
The Anatomy of the attack will need to be established first. Then from which “Illness” it collapsed and then, what Remedy can treat this illness (some approaches will provide a short term remedy, others – a long-term solution). Finally, I will go into the Precautions and Maintenance to enable robust immunity from further attacks.
Systems are like Humans – they may have signs that they are sick from Angina, so most doctors will prescribe ready products (like anti-Angina pills). Others will try to look at the deeper Anatomy and find holistic solutions that will treat the very source of the problem, not only the consequences, in order to allow a sustainable result.
None of the sources transmitting the information about the TalkTalk attack identified the way their internet traffic was overloaded (as one would need the understanding of it), which could be done either through:
1) a network-centric attack which overloads a service by using up a bandwidth
2) an application-layer attack which overloads a service or database with application calls.
Those forms of attacks either crash services or flood services. The inundation of packets to the target causes a denial of service. While the media tends to focus on the target of a DDoS attack as the victim, in reality there are many victims in a DDoS attack — the final target and as well the systems controlled by the intruder. Although the owners of co-opted computers are typically unaware that their computers have been compromised, they are nevertheless likely to suffer a degradation of service and not work well.
To choose the right approach, one needs to examine:
Which method was deployed by hackers to overload the traffic? HOW EXACTLY the system was affected? SYMPTOMS that were occurring during the attack? HOW MANY devices were affected and became a BOTNET or “ZOMBIE ARMY” (A group of co-opted computers under control of an intruder)?
The effect of a DDoS attack is determined by its duration and scenario – these two elements define the scope of damage inflicted on the target.
It is important to have all information about the whole EVOLUTION & DEVELOPMENT of all 3 attacks happened within the last 12 months.
Generally, to have a basic protection from DDOS threats, the organization needs to consider its defense strategy and tactics, subscribe to a junk traffic filtration service and take all required actions depending on a particular case. It has to bear in mind that without this, when an attack starts, it will be much more difficult to escape the losses.
Defensive responses to denial-of-service attacks typically involve the use of a combination of attack detection, traffic classification and response tools, aiming to block traffic that they identify as illegitimate and allow traffic that they identify as legitimate.
Introduction to Cybersecurity Part 1
Introduction to Cybersecurity Part 3
Jean Lehmann is an independent consultant, cyber security expert and editor and business ambassador to Hedge Think. He was recently a guest lecturer at INSEEC on Banking Management and the Hedge Fund industry, and is a member of Keiretsu forum, a global investment community of accredited private equity angel investors, venture capitalists and corporate/institutional investors. Jean has extensive consulting experience for leading such projects as the market entry strategies in the Brazilian market of several mid-size to large European financial institutions. Jean has considerable knowledge of the Hedge Fund and Asset Management industry, for having developed as a quantitative analyst some of the most sophisticated financial models in the structured finance product market for a leading US Hedge Fund and a German investment bank. He also has particular expertise in the field of Network Security and Cryptography. As a research staff member at IBM Zurich, he developed innovative algorithms for anonymous communication systems. He was also in charge of Brazilian security consulting services for Gemalto and recently completed a CyberSecurity consulting study for a European airline company. Jean holds a MSc. in computer science and telecommunication engineering with an emphasis on network security and cryptography from Eurecom/EPFL, a DEA in financial mathematics from HEC School of Management, and an MBA from INSEAD/Wharton alliance.