The incidence of network disruption and DoS either intended or unintentional have increased greatly over the past year. With the arrival of multi-vector worms as delivery mechanisms and the relative ease of directing an attack, DoS events are expected to increase substantially. This past year has also witnessed organised online extortion directed at web focused enterprises. Reliance on web delivered services delivering timely information, applications and content, make the threat of these disruptions all the more serious for enterprises.
Traditional means of defending against DoS range from port and protocol blocking, router modifications, intrusion detection systems and ISP cooperation to a complete acceptance that DoS happens and cannot be defended against.
Organisations today invest millions of dollars and thousands of man-hours in building out their IP based infrastructure. However, the question one is often left with is: “Is Denial of Service or Network Disruption something that my enterprise should be concerned with?” An honest answer to this rhetorical question is fundamental to considering whether a more specific set of defensive measures is necessary.
Following is a brief self-test that should help you to consider the reality of the threat and how seriously it ought to be pursued.
1) Do you conduct business directly with the public through your site?
2) Is your product or service highly commoditised? For example, travel services can be found through a number of websites where as oil exploration services cannot.
3) Do you have back office applications that have been surfaced through your site? For example, CRM, ERP, Supply Chain, Business Intelligence, etc.
4) Would a disruption require the consumers of services in question (3) to resort to alternative higher cost channels? For example, call center, fax or e-mail.
5) Do you serve advertising on your site?
6) Do you have paid for or time sensitive content on your site? For example, music or video downloads, news content or images.
7) Does your business have predictable demand cycles? For example, the summer and winter holiday seasons or known sporting or cultural events.
8) Is management concerned about brand damage? For example, poor press or fluctuations in share prices.
9) Do you consider the overall integrity of the network to be a pressing security issue?10) Has a competitor or a closely related firm experienced a DDoS event or online extortion attempt?
If you find yourself answering “yes” to many of the above, then there is no question that the threat is real. The challenge now is how to get those stakeholders with the most to lose to sit-up and take note. We all understand that “the IT security scare tactic” has gotten a little long in the tooth, and hard-bitten business people demand quantifiable evidence to support their investment.