On October 21, we learned that the distributed denial-of-service attack has become a vastly greater threat than ever before. By attacking domain name service provider Dyn, a botnet was able to make multiple websites largely unreachable, including Netflix, GitHub, Twitter, the New York Times, and many others. Overloading Dyn with spurious domain name lookups kept it from responding to legitimate requests.
DDoS attacks have been around for a long time. The attacker gets control of a large number of machines and coordinates them to flood the target with data packets. 2016 saw attacks of unprecedented scope.
The reason is the Internet of Things. Smart devices perform simple tasks with the aid of an Internet connection. The owner can control them or get information from them remotely. Most of them have very poor security. They have default user names and passwords which are difficult to change. Some have their own Wi-Fi access points, without adequate security. Criminals use software such as the infamous “Mirai” to take control of these devices by the thousands and build botnets from them.
Traditional computer security measures provide little protection against these attacks. New approaches, designed to meet an attack of a million pinpricks, are necessary.
Monitoring traffic for changes from the normal pattern is the first line of defense. The more quickly you can detect an attack, the more quickly you can stop it. Specialized software can dynamically analyze traffic patterns and distinguish bogus from legitimate data packets, giving a quicker indication that an attack is under way.
Standard firewalls give very limited protection against DDoS attacks. A Web application firewall (WAF) provides more help by using application-specific rules to block malicious and malformed requests, but it won’t stand up against a heavy attack.
A cloud-based mitigation service is the strongest defense against serious DDoS attacks. The people running the service are specialists, and they constantly update their service as new forms of attack appear. These services have large amounts of reserve processing power and can put multiple machines on a single IP address. This extra capacity lets a site absorb a much larger amount of traffic without exceeding its capacity.
Website owners can never stand still. New threats develop and require new defenses.
Contact us at firstname.lastname@example.org to learn more about our services, or call Alary Clinitech in Oshawa, Toronto and Southern Ontario at (416) 291-7377.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.