On Thursday, Twitter was taken down by a denial-of-service attack, while Facebook suffered related problems. And other social/media sites like Gawker and Live Journal were hampered by attacks as well. These attacks illustrate just how crucial network security is in a world where organized cyberattacks can bring down even the most prominent sites.
While the news cycle is quickly headed to the point of diminishing returns (lots of ruminations on DDoS, where the attacks originated, and how it was done), I've yet to see posts on how such attacks can be prevented.
In light of Twitter's susceptibility, preventing networks from similar attacks must be on the minds of many organizations. How would you go about protecting your company?
I asked Joe Habib from WildPackets about it, and he provided three tips for preventing network attacks:
- Using a network analysis tool, capture all data in one place. All pertinent network traffic can be aggregated to a single location, rather than scattered across the network. Data is captured in a common data format and does not need to be transferred or translated in any way for analysis.
- Set up alerts to isolate questionable behavior and zero in on it. If you see requests for considerable more data being requested than normal, look into the matter. Many network analysis tools today allow you to be notified when thresholds are exceeded. You know the typical or average level, so beware of extending beyond the "norm."
- Use network forensics data mining tools to reconstruct the sequence of events that occurred at the time of the attack. This will give you a complete picture. If you were not able to prevent a particular attack this time, you will at least gain crucial information to prevent a similar attack in the future.
The right tools help IT personnel get to the root of the problem. Having the appropriate tools in place and following the correct procedures helps eliminate or mitigate the effects of an attack. At least that's what John Pescatore, a security analyst at research firm Gartner, said was the hard lesson that Twitter has learned. "It basically just shows that Twitter wasn't spending the money to filter out DDoS attacks," he said, according to an article in the Los Angeles Times.
Follow me on Twitter @daveofdoom.