Bank launches how-to guide for DDoS defence

Powered by SC Magazine
 

Attacks can't be avoided, but can be mitigated.

French bank Societe Generale has released a guide to help businesses prepare and defend against Distributed Denial of Service (DDoS) attacks.

The guide covers preparation, identification, containment, remediation, and aftermath and is the fourth incident response management document released by the bank.

The bank's computer emergency response team said it hopes the document (pdf) will be a useful resource, but that it preferred to “stay under the radar” regarding the prevalence of DDoS and what actions victims typically take.

In Australia, DDoS attacks have remained a problem for businesses.

“DDoS is still a problem and is driven by the same motives,” AusCERT senior information security analyst Zane Jarvis said. “They do it because it works.”

Log review is the most important step in DDoS defence, Jarvis said, because it helps to ascertain if an attack can be blocked.

“We then can work with upstream providers to block the attack, or reach out to the security community to clean infected machines.”

Australian DDoS victims should contact AusCERT as a first response.

Responding to DDoS

Preparation:

  • Establish contacts with ISPs and law enforcement, and relevant internal staff.  
  • Create a whitelist of priority IP address and protocols and map infrastructure.
  • Harden potential network infrastructure targets and baseline its performance so an attack can be quickly identified.
  • Set the DNS time-to-live settings for potential target infrastructure to about 600 to facilitate DNS redirection.
  • Work out a ballpark cost of an attack.

Identification:

  • Review source IP addresses, destination ports, URLs and protocol flags, and be specific about what your ISP should block.
  • Find out whether the company received an extortion demand before the attack and establish suspects.

Containment / remediation:

  • Disable application bottlenecks, and block DDoS traffic as close to cloud service as possible.
  • Consider switching to alternate sites with DNS and blackhole attack traffic to the affected site. Also consider sinkhole routing.
  • Set outbound filters to block responses to DdoS traffic.
  • Call a national CERT and the police and provide them with detailed notes.

Aftermath / recovery:

  • Check with network teams before setting services live.
  • Assess what worked, what did not and build the experience into your disaster recovery.

Correction: This article originally attributed the guide to the French Computer Emergency Response Team (CERT). The document was actually prepared by French bank Societe Generale. iTnews apologies for the error.

Copyright © SC Magazine, Australia


Bank launches how-to guide for DDoS defence
Kenny Louie, CC2.0
 
 
 
Top Stories
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
Defence spends $50m to upgrade RAAF's air traffic systems
First step in long-running modernisation.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 903

Vote