1 00:00:00,000 --> 00:00:02,285 We talked about the denial of service attack 2 00:00:02,285 --> 00:00:04,600 involving the continual flooding of a victim system 3 00:00:04,600 --> 00:00:06,971 with a request for services that causes a system 4 00:00:06,971 --> 00:00:09,000 to crash and run out of memory. 5 00:00:09,000 --> 00:00:11,221 Now, this usually happens when you're talking about 6 00:00:11,221 --> 00:00:13,479 one system attacking one system. 7 00:00:13,479 --> 00:00:15,880 But that wasn't enough with modern computers 8 00:00:15,880 --> 00:00:18,112 so, we moved up to the distributed denial of service attack, 9 00:00:18,112 --> 00:00:20,061 where hundreds or thousands of people 10 00:00:20,061 --> 00:00:22,611 target a single server to take it down. 11 00:00:22,611 --> 00:00:26,651 Now, in March of 2018, the website GitHub was actually hit 12 00:00:26,651 --> 00:00:29,000 by the largest DDoS that we've clocked to date. 13 00:00:29,000 --> 00:00:31,312 This is where tens of thousands of unique endpoints 14 00:00:31,312 --> 00:00:34,002 conducted a coordinated attack to hit that server 15 00:00:34,002 --> 00:00:36,341 with a spike in traffic, and the spike in traffic 16 00:00:36,341 --> 00:00:39,390 went up to 1.35 terabits per second. 17 00:00:39,390 --> 00:00:43,280 This took the website offline for all of five minutes. 18 00:00:43,280 --> 00:00:44,630 So, you can see how these DDoSes 19 00:00:44,630 --> 00:00:47,171 are really hard on a server and can take them down, 20 00:00:47,171 --> 00:00:49,630 but not for very long if you can stop them. 21 00:00:49,630 --> 00:00:51,186 So, your real question probably is, 22 00:00:51,186 --> 00:00:53,380 how can you survive one of these attacks? 23 00:00:53,380 --> 00:00:54,920 And how can you prevent it from taking down 24 00:00:54,920 --> 00:00:56,288 your organization's servers? 25 00:00:56,288 --> 00:00:58,059 Well, we have a couple of techniques. 26 00:00:58,059 --> 00:01:00,747 The first one is called blackholing or sinkholing. 27 00:01:00,747 --> 00:01:03,448 This technique identifies attacking IP addresses 28 00:01:03,448 --> 00:01:04,927 and routes all of their traffic 29 00:01:04,927 --> 00:01:07,819 to a non-existent server through a null interface. 30 00:01:07,819 --> 00:01:10,207 This effectively will stop the attack. 31 00:01:10,207 --> 00:01:12,867 Unfortunately, the attackers can move to a new IP 32 00:01:12,867 --> 00:01:14,688 and restart the attack all over again, 33 00:01:14,688 --> 00:01:17,210 and so, this is only a temporary solution. 34 00:01:17,210 --> 00:01:19,330 Intrusion prevention systems can also be used 35 00:01:19,330 --> 00:01:21,717 to identify and respond to denial of service attacks. 36 00:01:21,717 --> 00:01:24,347 This can work for small-scale attacks against your network, 37 00:01:24,347 --> 00:01:26,127 but you're not going to have enough processing power 38 00:01:26,127 --> 00:01:28,888 to handle a large-scale attack or a big DDoS. 39 00:01:28,888 --> 00:01:31,207 Now, one of the most effective methods to utilize 40 00:01:31,207 --> 00:01:34,097 is to have an elastic cloud infrastructure. 41 00:01:34,097 --> 00:01:35,488 If you've built your infrastructure 42 00:01:35,488 --> 00:01:37,876 so that it can scale up when demand increases, 43 00:01:37,876 --> 00:01:39,987 you can ride out a DDoS attack. 44 00:01:39,987 --> 00:01:41,907 Now, the problem with this strategy, though, 45 00:01:41,907 --> 00:01:43,219 is that most service providers 46 00:01:43,219 --> 00:01:45,420 are going to charge you based on the capacity 47 00:01:45,420 --> 00:01:47,579 and resources that you used, so, when you scale up, 48 00:01:47,579 --> 00:01:49,307 you're going to get a much larger bill 49 00:01:49,307 --> 00:01:51,858 from that service provider than you normally were expecting. 50 00:01:51,858 --> 00:01:54,150 And you're not getting a return on this investment 51 00:01:54,150 --> 00:01:55,980 because this traffic was all wasted. 52 00:01:55,980 --> 00:01:57,717 It wasn't generating any revenue for you. 53 00:01:57,717 --> 00:02:00,270 So, there's actually some specialized cloud providers 54 00:02:00,270 --> 00:02:02,125 out there that have taken on this challenge. 55 00:02:02,125 --> 00:02:04,601 People like Cloudflare and Akamai are designed 56 00:02:04,601 --> 00:02:06,667 to help you ride out these DDoS attacks. 57 00:02:06,667 --> 00:02:08,658 They provide web application filtering 58 00:02:08,658 --> 00:02:11,475 and content distribution on behalf of your organization. 59 00:02:11,475 --> 00:02:13,910 These service providers are focused on ensuring 60 00:02:13,910 --> 00:02:16,077 that you have highly robust, highly available networks 61 00:02:16,077 --> 00:02:19,288 that can ensure that they can ride out these DDoS attacks 62 00:02:19,288 --> 00:02:21,027 and these high-bandwidth attacks. 63 00:02:21,027 --> 00:02:23,360 This is going to also give you additional layer defenses 64 00:02:23,360 --> 00:02:25,100 throughout your OSI model, and it's going to 65 00:02:25,100 --> 00:02:27,100 help provide you additional protections.