DDoS Information for K-20 Customers

K-20 has protections in place to mitigate DDoS attacks against K-20 infrastructure and our customers. If you are experiencing network disruption at a K-20 site, contact the K-20 NOC for support.

What is DDoS?

DoS: Denial of Service

A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

To the target network, it may appear as anything from a complete loss of network connectivity, to inconsistent performance of a particular device or service, like email, VoIP calls, DNS, etc.

DDoS: Distributed Denial of Service

In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.

Recommendations

Each K-20 customer, its IT team, or IT service provider should develop a specific security strategy for its network. K-20 cannot provide a complete defense strategy for each customer’s network, but below are several general recommendations

  • Use a stateful inspection firewall to protect OSI layers 4-7
  • Use a router to protect OSI layers 3-4
  • Segment your network into zones, such as user, server, DMZ, etc.
  • Keep operating systems and software up to date
  • Install anti-malware tools on all systems
  • Turn off unnecessary services (Chargen, Telnet, etc.)
  • Filter access to services which should not be accessed remotely (RDP, fileserver, etc.)
  • Relocate high-target resources off site (colocation or cloud) or to a DMZ
  • Log data flows to an analysis server (NTOP, nProbe, cflowd, StealthWatch, plixer, etc.)
  • Mirror traffic to deep packet inspection engine (SNORT, Suricata, etc.)
  • Utilize smart log analyzers to detect suspicious activities (Fluentd, Sagan, Splunk, etc.)
  • Set up easily modifiable rate limiting infrastructure
  • Implement specific DDoS mitigation services (Arbor, A-10, etc.)
  • Develop response and communication plans for DoS and other network issues

External resources

Here are a few pages about types of DoS attacks: