Click here to close now.

Welcome!

Java Authors: Liz McMillan, Pat Romanski, Carmen Gonzalez, Roger Strukhoff, Harry Trott

Related Topics: Virtualization, Java, SOA & WOA, .NET, Cloud Expo, Security

Virtualization: Blog Feed Post

Directed DDoS Attacks as Screens

Hiding behind that DDoS attack is a nightmare. Stop it before the nightmare comes true

Military science has a simple mechanism utilized at almost every level of both tactical and strategic thinking: Pin the enemy down with a distraction (a feint or an actual attack, either way), and then hit them where they’re not looking. This maxim has worked very well from squad level tactics where you pin them down with a base of fire while half the squad creeps around the enemy to hit them from the side to strategic tactics like when you attack on the entire front, but keep a massive reserve to push through any point that shows weakness. While the correlations of security to warfare can grow rather tiresome, sometimes, they are the correct correlations. The manner in which DDoS attacks are increasingly being used is well defined by this military maxim.

Picture from ArmChairGeneral.com Kursk, 76 years ago the day this blog was posted. The space in the middle between the darker red lines is where the Soviet army found weakness in the German lines around Prokhorovka. After a general counter-offensive, this weak spot is where they poured their reserves and ended the last major German offensive of WWII.

Why is that? The trend for DDoS attacks is to use the DDoS to mask some other intention – literally using it as a massive assault, so a few targeted attacks can be hidden within to try and break through the defenses of the organization being attacked. The methods range from highly sophisticated to pretty straight-forward, but there is a lot of sense in utilizing this tactic. First off, if the security team is focused on the DDoS, there’s a chance they’ll miss the more targeted attacks. Second off, with millions of connections occurring, the attack of a few packets might be overlooked, and third, while adjusting things to deal with the DDoS, security or other IT staff might well make a change that opens the door to one of these targeted attacks.

The aim is to get inside and steal data, the distraction is the DDoS, which is a very real attack, but forces the defender to split resources, or even dedicate all resources to defending against the DDoS. As in warfare, sometimes this tactic is staggeringly successful, and sometimes not. Even when not successful, the damage done to business can be immense. In the month before this blog post was written, nearly every major US bank had experienced DDoS attacks, with most suffering some form of reduced service or even outage during the attacks. The linked to article does not include others who were targeted after the date of publication, so the total number of US banks is pretty large.

And if you think that banks are being targeted enmasse for some random outside reason, I’ve got a highly influential spot on the Anonymous board of directors to sell you.

The DDoS attacks being waged against banks are for some other, more nefarious reason, and while I don’t know what that is at the moment, they’re banks. That does make it easy to speculate “financial gain” in one form or another.

The thing is, there are a variety of ways to stop such attacks, including utilizing our own BIG-IP (meant to handle outrageous volumes of requests, and able to identify most DDoS methods before they reach your servers) to stop DDoS dead in its tracks. The problem is that we often don’t treat security seriously until it is a problem. If you’re a large enough organization, at this point you should be able to determine that you will at some point be the target of a DDoS attack. If you’re a financial institution, no matter how small, you should be able to come to that same conclusion. So stop waiting for services to go down, find some money in the budget, do some research, and put something in place. Most major banks started to address DDoS last year, and took a closer look at it again in April – the last two targeted waves of attacks – but not all. There are a ton of reasons why some didn’t, but the trend is now obvious, procrastinating may hurt.

My co-worker David Holmes has written about mitigating a lot of these attacks here, and his approach is just one of several. In fact, if you search his blog for DDoS or Attack Mitigation, you get a ton of valuable information.

The thing is that pretty clearly there’s an ulterior motive to these attacks, and stopping the DDoS stands a good chance of either exposing or stopping whatever the ulterior motive is. And in banking, blocking ulterior motives is a way of life, no?

Many banking websites disabled logins during the attacks on their premises, but this alone can cause customer flight for the people who do all of their banking online. It’s their money, they tend to get testy if you won’t let them at it. Rumors abound, for example, that Citibank blocked logins for days and only slowly returned functionality. Meanwhile, customers were stewing. That’s a problem they will have to resolve outside the technological realm, but is also a proof that the easy answers – take the website down, protect customers’ money by disabling logins, etc – are not good enough. I’m not picking on Citi here, they were just the one I was pointed at by online friends, other big financial firms did much the same thing while under these attacks.

The security of our financial information is of tantamount importance to all of us. Banks do a very good job of protecting that information (consider number of breaches versus number of transactions or accounts as a measure), but in a changing environment they must consider doing even more. DDoS prevention appears to be a staple of FSI security moving forward. And as is always the case with security and the Internet, that will solve the current round of problems, but with billions of people on the internet, another challenge is just a mouse-click away.

Here’s hoping that none of the hidden agendas were realized while those attacks were going on, and here’s to security folks who now have to be more alert about other parts of security while defending against a DDoS. Thanks for doing what you do, most of the people out here have no idea how effective you are at keeping our data safe. And that’s probably for the best.

Read the original blog entry...

More Stories By Don MacVittie

Don MacVittie is Founder of Ingrained Technology, LLC, specializing in Development, Devops, and Cloud Strategy. Previously, he was a Technical Marketing Manager at F5 Networks. As an industry veteran, MacVittie has extensive programming experience along with project management, IT management, and systems/network administration expertise.

Prior to joining F5, MacVittie was a Senior Technology Editor at Network Computing, where he conducted product research and evaluated storage and server systems, as well as development and outsourcing solutions. He has authored numerous articles on a variety of topics aimed at IT professionals. MacVittie holds a B.S. in Computer Science from Northern Michigan University, and an M.S. in Computer Science from Nova Southeastern University.

@ThingsExpo Stories
The Workspace-as-a-Service (WaaS) market will grow to $6.4B by 2018. In his session at 16th Cloud Expo, Seth Bostock, CEO of IndependenceIT, will begin by walking the audience through the evolution of Workspace as-a-Service, where it is now vs. where it going. To look beyond the desktop we must understand exactly what WaaS is, who the users are, and where it is going in the future. IT departments, ISVs and service providers must look to workflow and automation capabilities to adapt to growing demand and the rapidly changing workspace model.
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impact.
Wearable devices have come of age. The primary applications of wearables so far have been "the Quantified Self" or the tracking of one's fitness and health status. We propose the evolution of wearables into social and emotional communication devices. Our BE(tm) sensor uses light to visualize the skin conductance response. Our sensors are very inexpensive and can be massively distributed to audiences or groups of any size, in order to gauge reactions to performances, video, or any kind of presentation. In her session at @ThingsExpo, Jocelyn Scheirer, CEO & Founder of Bionolux, will discuss ho...
Cloud data governance was previously an avoided function when cloud deployments were relatively small. With the rapid adoption in public cloud – both rogue and sanctioned, it’s not uncommon to find regulated data dumped into public cloud and unprotected. This is why enterprises and cloud providers alike need to embrace a cloud data governance function and map policies, processes and technology controls accordingly. In her session at 15th Cloud Expo, Evelyn de Souza, Data Privacy and Compliance Strategy Leader at Cisco Systems, will focus on how to set up a cloud data governance program and s...
As organizations shift toward IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. CommVault can ensure protection &E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his session at 16th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Partnerships, will discuss how to cut costs, scale easily, and unleash insight with CommVault Simpana software, the only si...
Hadoop as a Service (as offered by handful of niche vendors now) is a cloud computing solution that makes medium and large-scale data processing accessible, easy, fast and inexpensive. In his session at Big Data Expo, Kumar Ramamurthy, Vice President and Chief Technologist, EIM & Big Data, at Virtusa, will discuss how this is achieved by eliminating the operational challenges of running Hadoop, so one can focus on business growth. The fragmented Hadoop distribution world and various PaaS solutions that provide a Hadoop flavor either make choices for customers very flexible in the name of opti...
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch of Docker's initial release in March of 2013, interest was revved up several notches. Then late last...
Roberto Medrano, Executive Vice President at SOA Software, had reached 30,000 page views on his home page - http://RobertoMedrano.SYS-CON.com/ - on the SYS-CON family of online magazines, which includes Cloud Computing Journal, Internet of Things Journal, Big Data Journal, and SOA World Magazine. He is a recognized executive in the information technology fields of SOA, internet security, governance, and compliance. He has extensive experience with both start-ups and large companies, having been involved at the beginning of four IT industries: EDA, Open Systems, Computer Security and now SOA.
HP and Aruba Networks on Monday announced a definitive agreement for HP to acquire Aruba, a provider of next-generation network access solutions for the mobile enterprise, for $24.67 per share in cash. The equity value of the transaction is approximately $3.0 billion, and net of cash and debt approximately $2.7 billion. Both companies' boards of directors have approved the deal. "Enterprises are facing a mobile-first world and are looking for solutions that help them transition legacy investments to the new style of IT," said Meg Whitman, Chairman, President and Chief Executive Officer of HP...
The industrial software market has treated data with the mentality of “collect everything now, worry about how to use it later.” We now find ourselves buried in data, with the pervasive connectivity of the (Industrial) Internet of Things only piling on more numbers. There’s too much data and not enough information. In his session at @ThingsExpo, Bob Gates, Global Marketing Director, GE’s Intelligent Platforms business, to discuss how realizing the power of IoT, software developers are now focused on understanding how industrial data can create intelligence for industrial operations. Imagine ...
Operational Hadoop and the Lambda Architecture for Streaming Data Apache Hadoop is emerging as a distributed platform for handling large and fast incoming streams of data. Predictive maintenance, supply chain optimization, and Internet-of-Things analysis are examples where Hadoop provides the scalable storage, processing, and analytics platform to gain meaningful insights from granular data that is typically only valuable from a large-scale, aggregate view. One architecture useful for capturing and analyzing streaming data is the Lambda Architecture, representing a model of how to analyze rea...
SYS-CON Events announced today that Vitria Technology, Inc. will exhibit at SYS-CON’s @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Vitria will showcase the company’s new IoT Analytics Platform through live demonstrations at booth #330. Vitria’s IoT Analytics Platform, fully integrated and powered by an operational intelligence engine, enables customers to rapidly build and operationalize advanced analytics to deliver timely business outcomes for use cases across the industrial, enterprise, and consumer segments.
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
SYS-CON Events announced today that Open Data Centers (ODC), a carrier-neutral colocation provider, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Open Data Centers is a carrier-neutral data center operator in New Jersey and New York City offering alternative connectivity options for carriers, service providers and enterprise customers.
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
PubNub on Monday has announced that it is partnering with IBM to bring its sophisticated real-time data streaming and messaging capabilities to Bluemix, IBM’s cloud development platform. “Today’s app and connected devices require an always-on connection, but building a secure, scalable solution from the ground up is time consuming, resource intensive, and error-prone,” said Todd Greene, CEO of PubNub. “PubNub enables web, mobile and IoT developers building apps on IBM Bluemix to quickly add scalable realtime functionality with minimal effort and cost.”
Sensor-enabled things are becoming more commonplace, precursors to a larger and more complex framework that most consider the ultimate promise of the IoT: things connecting, interacting, sharing, storing, and over time perhaps learning and predicting based on habits, behaviors, location, preferences, purchases and more. In his session at @ThingsExpo, Tom Wesselman, Director of Communications Ecosystem Architecture at Plantronics, will examine the still nascent IoT as it is coalescing, including what it is today, what it might ultimately be, the role of wearable tech, and technology gaps stil...
In the consumer IoT, everything is new, and the IT world of bits and bytes holds sway. But industrial and commercial realms encompass operational technology (OT) that has been around for 25 or 50 years. This grittier, pre-IP, more hands-on world has much to gain from Industrial IoT (IIoT) applications and principles. But adding sensors and wireless connectivity won’t work in environments that demand unwavering reliability and performance. In his session at @ThingsExpo, Ron Sege, CEO of Echelon, will discuss how as enterprise IT embraces other IoT-related technology trends, enterprises with i...
When it comes to the Internet of Things, hooking up will get you only so far. If you want customers to commit, you need to go beyond simply connecting products. You need to use the devices themselves to transform how you engage with every customer and how you manage the entire product lifecycle. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, will show how “product relationship management” can help you leverage your connected devices and the data they generate about customer usage and product performance to deliver extremely compelling and reliabl...
The Internet of Things (IoT) is causing data centers to become radically decentralized and atomized within a new paradigm known as “fog computing.” To support IoT applications, such as connected cars and smart grids, data centers' core functions will be decentralized out to the network's edges and endpoints (aka “fogs”). As this trend takes hold, Big Data analytics platforms will focus on high-volume log analysis (aka “logs”) and rely heavily on cognitive-computing algorithms (aka “cogs”) to make sense of it all.