We’ve started selling online VPS on #OpenStack two years ago when #DDoS wasn’t so Distributed. Now, it’s our number one concern in our services and we’ve done lot of changes over the time in our Cloud Infrastructure to protect ourselves.
It’s a Pity, that an important part of these instances are bought to attack outside sites and we were in the duty to suspend their services – we don’t want to be the part of the community that is not helping to reduce this sort of bad cyber-behavior-. the dedicated time to apply more points of control is increasing day by day in our stuff… sometimes we felt that we are lack of ideas…
Cheapest instances have bigger chance of being used in this trend of DDos-to-hire. Now we can say is also profitable business? You can rent botnets to amplify your attack since $2.99 – depending on how much time you will be using it and what sort of sites you want to attack -. These sites presume they can down even the most ‘stubborns’.
I’ve just discovered a post by Kerry Butters (@kesbutters) called “Surviving in the Age of Internet Pirates” that confirms my thoughts that one of the most important resources to protect your site from ‘this not so new trend’ are DevOps.
Ops are only keeping things online based on their knowledge/experience – or the certified courses they’ve got – on different vendor’s technologies. However, vendors are not bringing enough answers to this sort of threat. Probably, they can bring some technology, but they can not presume of being 100% effective. DDoS’s modus operandi is changing almost every minute, and they can not predict which of them could turn out into the most dangerous.
Even the most secure organization have suffered from leaked information… what can you expect from your Ops stuff?
I’ve fully agreed with Kerry that prevention is key. You have to think how to distribute your portal among different cloud providers, not because they can be hacked, because they can hacked resources like your control panel, without getting into your application’s data, and make you disappear how they did it with ‘Code Space’. Then, using different providers, could be useful to stay online even when they could wipe out your entire data and instances from one of these sites.
Use static content with CDNs when you can. Some CDNs have protection against DDoS. Lock down your Network, it wouldn’t be an easy task is you are working with SDN technologies, probably you need to add applications and more code (we add an extra protection limiting the data rate at every virtual network instance)
Review every application element in your portal and test it to be sure they can scale without any concern. You can add auto-scale scripts for your instances depending on CPU/Network/Storage usage thresholds.
Patch, patch and patch your application software pieces, you need to be updated about any new bug or vulnerability.
Conclusion: who is more likely to bring this kind of protection?. You need DevOps. DevOps can react on the fly, even add/compile some piece of code into your applications to protect you. People that could understand what kind of basic protection your need into your application and how you need to architect your portal to stay online even under any sort of attack.
The usage of high performance hardware is not longer an option today.
Below, I’m sharing with you the Digital Attack Map built through a collaboration between Google Ideas and Arbor Networks.
See you around!