How will I know if my credit union is under (DDOS) attack?
by. Robin Remines
More often than not, a DDoS attack is not readily noticeable at first. How can that be? Your credit union has invested thousands of dollars in firewalls, IPS, IDS, anti-virus/anti-spam protection! It seems unfathomable that with all that sophisticated equipment that a threat of any sort would get through right? Wrong – and it is that misaligned logic that places your infrastructure at risk.
To understand how to detect DDoS attacks you need to start with a basic understanding of how each type of protective strategies works for your infrastructure. This diagram (courtesy of Radware) is a great tool for determining the “blind spots” in your protective measures. Gather your credit union IT staff and walk through the diagram to expose any weaknesses. Notice that each tool has a specialty function and that there really is no “one size fits all” approach. Once your gaps are identified, establish a timeline and budget based on your risk assessment.
Armed with the understanding of how all of the security tools align to provide the greatest protection, there are basic steps you can take to detect if a DDoS attack is in-progress. There are many types of attacks so the symptoms can be different. For volume based attacks traffic and resource across service can be affected and stop responding. Often an edge device will be so overloaded that it stops responding and you see huge spikes in traffic and odd traffic. In various low and slow attacks a single server or service may stop responding as it often targets a specific application service to lock up all the resources. Again there will be odd traffic patterns, although in this case they may be low traffic but huge resource load on the server or application.
Steps to detect:
- Know your normal baseline traffic and application load – You can’t identify issues if you don’t have a feel for what “normal” is for your infrastructure. Log normal CPU and APP times and have them readily available for comparison.
