In my recent interactions with various senior level executives of Banks, I realised that one common threat which is bothering the Banking Industry is the distributed denial of service attacks (DDoS) and Banks are struggling to come up with a strategy / solution to check this. It has to be noted that no two DDoS attacks are similar in nature and they can probably last from a few minutes/ hours to several days. The attackers can be individuals, organized groups or any one for that matter.
DDoS prevention and mitigation program thus assumes significance. Though this is very broad topic, we can provide the holistic solution of the DDOS attacks. Depending on the need we can provide a tailored solution for very basic Flooding related attacks by deploying the solutions like Prolexic or network appliances to extremely complex (like seen these days) hybrid DDoS. The solution for hybrid DDoS requires layered protection as the attack is also layered (network, SSL, Layer 7, protocol anomaly, service misuse, service overuse etc).
The following steps could be initiated to prevent / detect DDoS attacks:
1. DDOS controls enabled by network service provider so that they can check for DDOS patterns at DMZ or Landing Zone.
2. Put additional check points at Web Application Firewall
3. Restrict number of connections from Web Server to Application Server to avoid the impact go beyond web server
4. Restrict email size and enforce quarantine rules
5. Follow Secure SDLC at design and development phase of application (if in house application)
There could be many more approaches also. But what is important is a dedicated team with a clear mandate & a plan to perform periodic assessments to check the preparedness of the organizations to combat DDoS attacks.