Tuesday, December 28, 2010

What I learned from DDoS attacks recently

It's a real pain to have your system constantly under increased levels of attacks from all points of entry.  But that is the challenge!  To be able to address issues once their ugly head pops out.

In my recent dealings as a systems engineer to an e-commerce site.  I will have to re-learn everything their is to know about the limits of what you could do to the domain you have control and to those that you don't have.

In this post I am going to give you my insights on how things can go terribly wrong and the things that we failed to realise on the soonest possible time.

I.  Patching Session

Its common knowledge to all systems admins the true worth and importance of patch management.  Patches are released to address known vulnerability issues to a software package installed on the system, it could be a port exploit or a known bug that allows an attacker to take control of a feature or functionality that a package is expected to perform.  In my seat, patches where never released for the reason of lack in understanding and a clean management handle for admins to perform their job.

If a patch is known to break the application sitting on the system.  Then the patch is not worth it!  This is sure guarantee for the troubles that lies ahead.

II.  Ensuing Budget to cover the Holes

As part of the core management team.  My goal is to have my department levy the necessary budgetary requirements that will en-corporate a great deal of resource focusing on securing those information technology investments.  Hardware Architecture and Platform design goes hand in hand and its best that you do it right early on than regret it afterwards.  In my recent memory,  this is my biggest disappointment.   If the ratio of income generated online is equivalent to a magnitude of ratio to all offline income pouring in to the company basket.  Then you should consider acquiring the best known DDoS provider around to help you combat unwanted attacks where it leaves your entire technical team entirely hands tied at their ends.

III.  Human Divestment (Incident Response Teams)

A core team of engineers composed of your systems/network engineering team and members of your development core team, should be tapped to organise your quick action force readily in dispose whenever the problem arises.  Though I will caution even with the most experienced systems engineers, they need to undergo training to counter new treats coming from the net.  There are areas in data and information security which helps organise the chaotic deluge of skill-sets and help shape the team to perform duties that require the following:  1) Risk management, 2) Threat assessment and 3) Exploit forensics.    Though I must warn that It takes awhile to fine tune this team but worth every penny you invest on.

IV.  The Ethical Hack

Ethical hacking maybe a name that spawned from the nasty reality of hackers doing more damage than good.  For me the idea was simply to exploit/identify  vulnerabilities and be able to fix them before others can.  You could do so much with tools that aides in performing such activities.  However, it is likely that part 1 of this document may be the only thing missing in your whole security plan.  In my experience working with enterprise systems patch management has played a considerable role in a systems admins life, thus aiding in the process of hardening your box.

In my opinion, the whole TCP/IP stack which holds up the world wide web is the problem!  The standard on which the OSI layers had been built was several decades ago and IPV4 is likewise a problem.  Countless number of papers have suggested otherwise on a need to research on the next logical predecessors of TCP/IP.  This means a whole new generation of routers and switches to handle how data,voice,image traffic will move.  I believe that "Nicola Tesla" envisioned such with the use of wireless communication without the need to use cables.  However, this would prompt a new generation of exploiters to counter check if this new standard will be the defining technology.

For the time being we are limited to the tools that our current technology can accommodate.  The sad thing is that any ordinary guy with some technical knowledge can do so much damage because of the available tools on the net.  Therefore hacking to your system (ethical hacking) is a must in order for you to see if those security placements will hold.   Give it your best shot! 

To be continued ...

No comments:

Post a Comment