Secure Your Website and Business Identity

Published on by

Secure Your Website and Business Identity

ddos-attack-2015 It was coming up to our end of week team meeting on a quiet afternoon in August 2015. Discussions were about what the weekend would be like with everyone looking forward to winding down and how we would spend our family time. Somewhere thousands of kilometres away someone had a different idea (ominous music plays).

It all started as a blip on the radar with our incoming data charts starting to show excessive activity. That is not necessarily unusual as we often see spikes in activity. However before long we knew the prolonged and aggressive spikes meant a potential attack. Then the phone calls and emails from our customers started to roll in and the rest of the weekend went downhill fast…

What started as a Friday prelude to the week end was an attack that lasted (on and off) for over a week. It impacted most of our customers’ websites, it was a large attack that was relentless. It disrupted customers and cost a great deal in time and money before it was eventually beaten. No one asked for money, there was no vulnerability uncovered, it was done solely as a business disruption.


It lead to us, and our service providers, researching and investing in new solutions to minimise the impact of these malicious events.

In 2015 service providers knew about Distributed Denial of Service (DDoS) attacks, however in general normal protocols at the firewalls could halt and control these attacks, and most providers were confident that their hardware and redundancies could manage the excess load.

While that attack didn’t successfully break any of our systems, our customers experienced long load times for their sites (in some cases the sites seemed completely inaccessible) for hours over several days, and our whole team had several sleepless nights instead of a relaxing weekend working with our upstream providers to mitigate the attack.

Once the dust settled we, and our providers, had learned a lot along the way and we were lucky that our customers were very patient and understanding.

 

What’s a DDoS attack?

 

Broadly, DDoS attacks are where traffic is maliciously pushed into a network in excess of the volumes that network is designed to handle often with a purpose of holding a business or website to ransom or doing irreparable damage to a business’s reputation by taking them offline when their customers need them.

RMS-Traffic-crop A good analogy for internet traffic is looking at traffic flows on your highways and roads. Some roads are built to handle a higher volume of traffic than others so we can see a hierarchy of roads; interstate highways (e.g. M1), highways (e.g. M4 / Pacific Highway), main roads, suburban roads and so on.

In Sydney, we have seen incidents occur that restrict traffic on the M1 (being the main Brisbane to Sydney to Melbourne highway). What occurs is that traffic that would normally flow fine with 3 lanes to use grinds to a standstill when funnelled down to a smaller space or forced to share with unexpected additional traffic (i.e. holiday periods). This issue then gets compounded when more traffic continues to try to enter the highway than can exit. This can cause traffic jams that can last hours and even days as with this example in January 2017.

Each highway is built to handle a maximum volume of traffic and there is a cool interactive viewer available from the NSW Roads and Maritime Service.

 

The same is true of the internet which uses a hierarchy of network services that carry the traffic over the internet between service providers from websites and eventually to consumers sitting at a browser.

Highways on the web are measured in gigabits per second (Gbps) of bandwidth; and the cars are the packages of data which can be kilobytes or megabytes. A typical website may send a few kilobytes (KB) or maybe a megabyte (MB) of data from a server to a visitor’s browser, so loading one page of a website is just a tiny part of the overall capacity available or like 1 car on a national highway.

For example, the premium service advertised by the NBN boast speeds up to 100Mpbs, so should in theory be able to handle around 15 large page views every second (though that is somewhat simplified and rarely the case in reality).

Networks that support the internet are also built to handle specific volumes of data traffic. If you flood the network with traffic then we see the same result as with our highways and that means reductions in service and potentially closure of the network. There are many devices like firewalls and routers within a network and each is able to handle a maximum traffic volume (like intersections in road systems) when the volume exceeds the maximum then traffic jams occur.

At the very basic level this is what occurs with a DDoS attack. These attacks are getting more frequent and more aggressive as is discussed in this blog post by CloudFlare one of the world’s leading Content Delivery Network (CDN) providers. CloudFlare have seem attacks that are up to 400 Gbps (400,000 times the maximum speed on our NBN example earlier). Imagine the chaos if someone increased traffic flow on to the M1 into Sydney by 1,000's of times the normal peak hour traffic!

 

hackers-images

Why DDoS Attacks Occur

 

Firstly, let’s dispel one common myth, DDoS attacks are not generally instigated by a 14 year old teen geek in their bedroom who is bored.

The vast majority of the world’s DDoS attacks are instigated by organised crime syndicates and criminals commonly and erroneously referred to as “Hackers”. The purpose is to disrupt business and it may be associated with a ransom or request for money. It also may be used to find a weakness in specific target systems that can occur when those systems are overloaded.

Large DDoS attacks are also not cheap to execute and can cost $10,000’s or even $100,000’s to stage.

 

How do DDoS attacks start

 

Stupidity generally!

Like many of the ransomware attacks that have recently been in the news (like WannaCry and Petya), the criminals need client computers on the internet infected with a “bot” or program that can be controlled remotely. These “bots” are often delivered in innocuous emails to users who stupidly click on a link offering a “a tax refund” or “nude pics”. Often nothing seems to happen when the email is opened, so no action is taken, but the damage is already done.

DDoS attacks rely on 1,000’s of these infected computers worldwide in order to stage an attack.

These computers, particularly in large corporations or institutions, will often be left on all the time and run old version of operating systems and anti-virus software. The attacker has a signal that activates the “bot” in infected computers and they start transmitting traffic to a network, an IP Address (internet address) or a website. These attacks are generally well planned and evolve quickly, so that blocking an address or website will just mean that the attack moves to a nearby address and continues.

These virtual cars clogging up the internet highway look and feel just like the real thing, but of cause they are not, meaning that security software and firewall rules generally can’t differentiate between the attacking traffic and genuine visitors to the network.

Eventually most attacks stop on their own, either because they run out of money or infected computers get blocked or shutdown. However, attacks can go on for a long time and, because on the internet even micro-seconds are valuable, even a short attack can cost businesses millions of dollars.

 

DDoS Mitigation Services

 

Recently services have started being offered that can block, or mitigate, DDoS attacks. Many of these services use a scrubbing technique that can identify a DDoS signature and then re-route that malicious traffic to a dead end in the internet highway. How these services work is generally kept under wraps and different services have different proprietary methods.

eCorner works with our upstream providers, Macquarie Telecom and Vocus, to enable a DDoS mitigation service, these services act to protect the network and our customers from the impact of DDoS attacks. They do not stop DDoS attackers from trying to maliciously interrupt businesses but the attack does not achieve what was intended. At the same time it enables the service providers to learn more about the types of attacks and in doing so improve the service.

 

What questions should you ask your hosting provider?

 

If you have a website that is available on the internet then you have a service provider hosting your website. Website hosting is very often misunderstood by small to medium sized businesses, sometimes even by enterprises, and so can be a point of failure for any website. Website hosting costs range from a few dollars a month to thousand's of dollars. Typically the differentiators are (apart bandwidth, computing speed and storage capacity):

  • Location of hosting
  • Contention rate - how many websites share the same infrastructure
  • Security
  • Service Level Guarantees

Many people ask why location is important. Some types of websites that collect information related to people and businesses are required to maintain all data in Australia. Data that is maintained offshore is subject to the laws of the country in which it is hosted, for most small businesses it will not be an issue but it is important to be cognisant of what data you are collecting and where it is held. These principles need to be reflected in your website privacy policy or terms of service. The other potential problem that might be encounted is in the event of a failure that results in liability and insurance claims. If the website is hosted outside of Australia, then it may not be covered by cyber and/or business insurance for an Australia business. If your business is applying for cyber insurance it is very likely that these questions will be asked by the insurer.

eCorner provides hosting to our customers and generally it is just part of the package that you have chosen with us. Every website that we host shares the same logical security infrastructure. That includes PCI DSS compliance and always on DDoS protection monitoring incoming traffic to your website.

 

If you are unsure what level of security your hosting service provider delivers then ask.

  • Where are the servers hosting your website?
  • Is the environment compliant with Payment Card Industry Data Security Standards (PCI DSS)?
  • Is there anti-virus protection on servers?
  • Are server operating environments and software patched regularly for malicious issues?
  • Is all website software that is used patched and updated regularly?
  • Is there DDoS protection always enabled?
  • Are there system backups that enable recovery in the event of a catastrophic failure?
  • Who bears responibility in the event of failure or attack?

 

What can you do to stop attacks?

 

Largely it comes down to common sense. Tell everyone that you know to be careful with email they open and websites that they visit. Both have the potential of downloading malicious bots and viruses that can corrupt your systems or enable attackers to enter more easily.

There are a few simple rules:

  1. Keep all software up to date and apply recommended patches (particularly your operating system – i.e. Windows or Mac OS)
  2. Install anti-virus and security software (such as Kaspersky or MacAfee) on your computers and servers
  3. Keep your anti-virus software up to date!
  4. Turn off computers when not being used (save the environment and a few dollars at the same time)
  5. Do not open emails from sources that you do not know
  6. Do not open unsolicited emails from banks, insurance firms, government department, none will send you anything important via email.

 

For more information on being safe and sensible online, check out – www.staysmartonline.gov.au.

Comments: 1
More about: ddos, eCommerce, hosting, security

Comments: 1

Alex Morco |
RE: Secure Your Website and Business Identity
No doubt, all the mentioned points are very useful and necessary while selecting hosting company for ecommerce business, My site loading speed was more than 20 seconds and bounce rate was 82%, It was due to thousands of products, I tried Cloudways managed ecommerce hositng for 3 days,https://www.cloudways.com/en/managed-ecommerce-cloud-hosting.php… , Store performed very well and now loading time is 2 second and bounce rate is 35%.
Only registered users may post comments.
Sign in and post comment Register now