March is being hailed the most active Hacktivist month on record. So far this month we have seen:
- March 9th, DDoS attack on Codero managed hosting provider – disrupting Twitter
- March 9th, group Anonymous declares “Operation Payback” against BMI.com and calls for sustained and disabling attacks from its members
Those identified as being at high risk include: large financial institutions—banks, service providers, government financial regulatory entities, non-affiliated technology infrastructures and critical infrastructure (e.g. electric, gas, internet Service Providers and National Power grid providers.
Radware has devised a checklist to help these institutions secure their networks more effectively.
1) Architecting the perimeter for attack mitigation
- Use a security-in-depth approach to fully prepare for attacks. Employ an anti-DDoS security strategy to alert to, and mitigate, all attack traffic and “clean the pipe” – at the very edge of the organisational network.
- Ensure the solution has perimeter-specific capabilities to detect anomalous reconnaissance and intrusion activities as they happen; repelling all application-level attacks; discriminating between legitimate and illegitimate traffic, and a logging/correlation system to collect detailed attack data and quickly report
- In addition to basic IPS and firewall protection, deploy a multi-faceted security solution to ensure the mitigation of known and unknown attacks successfully. These should include:
- Anti-DoS and DDoS attack tools (at the network and application layers) to prevent network flood attacks
- Network behavioural analysis tools with real-time signature writing capabilities to defend against application misuse attacks and zero-day attacks
- Intrusion prevention systems to guard against known application vulnerabilities
- Application-level active defence mechanisms – such as challenge & response
- Active emergency counter-attack strategies (Smart Hands / Man-in-the-Loop Capability)
- Devise a plan to include skilled technicians in the event of attack to ensure the tools, alerts, correlation and mitigation are being handled properly.
- Ensure the teams are ready to provide immediate assistance and active mitigation or counter-attacking defence actions as soon as the system is under attack.
- Active defence is the concept of a proportional counter-attack to smoulder last vestiges of the DDoS attack and to provide for some necessary closure to a painful incident.