With even Australia recently copping a 12Gbps distributed denial of service (DDoS) attack, network operators need to hold Internet service provider (ISP) customers to higher security standards to ensure they don't compromise the integrity of increasingly-important cloud services, a senior security analyst has warned.
Although anti-spoofing technologies are already available to help identify DDoS attacks – many of which rely on spoofing the identity of a trusted source server to elicit large volumes of acknowledgements from the target server – many ISPs had yet to implement the technology.
Lack of proactive action to stem the flood of DDoS attacks – which have been getting progressively worse this year despite being based on just a few basic types of attacks – is leaving network operators economically vulnerable as floods of unchecked DDoS data soak up bandwidth that would normally be used for other purposes.
“Network operators are suffering economically and in a brand reputation sense from being on the receiving end for these huge amounts of traffic,” Roland Dobbins, senior analyst with the Arbor Networks Security Engineering & Response Team recently told CSO Australia.
“They are ultimately going to have to make some business decisions and make sure they have this ability to see when this type of traffic comes across their network. They're going to have to say to ISPs 'if you keep sending us spoofed traffic, we're going to de-transit or de-peer you.”
Network operators should screen prospective ISP customers' own DDoS defences before signing them as customers and adjust tenders to include screening requirements so that ISPs are actively assisting the operators' own anti-DDoS efforts, he added.
Doing this effectively requires the collection and classification of telemetry traffic, as well as an ongoing effort at each ISP to classify and trace DDoS attacks in real time. “Threats against availability are the #1 security threat against any cloud service,” he said.
“If we could get to the point where network operators had implemented anti-spoofing at their inner customer aggregation edges, where [ISP] customers plug into their networks, it would be a whole lot easier to track down the few remaining who don't do it deliberately. These attacks are disproportionately big, and the collateral damage on ordinary people really captures the public's attention.”
Late last year, Google partnered with Arbor Networks to launch the Google Digital Attack Map, a tool that tracks the flow of DDoS attacks around the world. According to that tool, Australia has seen two DDoS traffic surges [[xref:http://www.digitalattackmap.com/#anim=1&color=0&country=AU&time=16324&view=map .
This article is brought to you by Enex TestLab, content directors for CSO Australia.