By Clare Stonebridge, Jisc network security services manager and Ben Crowther, Jisc defensive services manager, 31 March 2022.
Distributed denial of service (DDoS) attacks are the malicious acts of cyber criminals attempting to disrupt computer and internet resources. These attacks have increased in size, frequency and duration over the past few years and continue to cause significant disruption and financial repercussions.
During the second half of 2021, Netscout Systems reported cyber criminals launched 4.4 million DDoS attacks, with a 102% increase in attacks targeting the global education sector. We saw a decrease in attacks on the Janet Network likely due to remote working and lockdowns. However, we had nearly 800 confirmed attacks on Janet last year, so vigilance and complete understanding of the threat is critical to staying protected.
In addition, the attempts to breach the regular traffic of a server or network overwhelms the infrastructure and can result in systems being down for prolonged periods. Students and staff need constant access to these systems, and we must not forget the potential financial and reputational damage for institutions from such disruption.
Awareness of cyber attacks has become more prevalent. As a result, we hear a lot of information about cyber security, but what does it all mean? Here’s a rundown of everything DDoS and how you can prevent attacks.
What are the different types of denial-of-service attacks?
Cyber criminals use vast volumes of traffic to flood the connection your organisation relies on, whether services, resources, or a network.
- Volumetric
Attackers utilise different strategies to generate substantial traffic volumes to overload an organisation’s bandwidth. By sending as much traffic as possible to one site, they prevent genuine traffic from flowing. These are the most common types of attacks. If a volumetric DDoS is large enough, it will fill your connection to the internet, stopping all inbound and outbound services to your organisation.
- State exhaustion
By exhausting and consuming all resources, attackers drastically disrupt your servers and networks. These attacks find weaknesses in the security and network products between the server and consumer. Additionally, state exhaustion attacks will consume your edge network or security infrastructure resources. Again, this can cause interruptions to your organisation’s internet connection.
- Layer seven
These attacks are usually the most complex and aggressively take over an application or website. Layer seven represents the top layer of behind-the-scenes software, which provides users with functionality. Cyber criminals target specific services or servers, such as a web server and will result in slow responses from the server or the total inability to respond to legitimate requests.
How can I identify an attack of different types?
It’s not always obvious when you are under attack from cyber criminals, which is why they can be so detrimental. Volumetric and state exhaustion attacks are usually visible through latency and connectivity monitoring as well as in security applications such as firewalls. Keeping a close eye on your server health is a good way of identifying layer seven attacks, and some security appliances can identify these attacks.
What can I do to mitigate an attack?
Firewalls can be used to block attacks to a certain extent. Although, any DDoS features or rate limiting capabilities on firewalls need to be baselined against your ‘normal’ traffic levels. Firewalls come with default settings, but you need to set your own thresholds, so that protections are applied when these are exceeded. Layer seven attacks can require specific blocks such as IP reputation blocking, so it’s crucial to have these technologies in place to protect the things you care about.
How can Jisc help?
Members get foundation DDoS mitigation included in their membership. However, you can explore further protection options with foundation DDoS mitigation plus and critical services protection.
Foundation DDoS mitigation plus provides automated detection and protection against large volumetric and state exhaustion attacks at all times. In contrast, critical services protection safeguards business-critical services by providing out-of-hours coverage with automatic protection. These extra layers of protection act like an insurance policy giving you peace of mind that your organisation is protected at crucial times of the year and throughout.
Get in touch with your account manager to find out more about these Jisc services.