Here is something else interesting about Denial of Service defense approaches: you cannot do it alone. Think about it: it is more profound than it sounds. You can protect from buffer overflows and SQL injections on your own. And, yes, occasionally you’d need a patch from a 3rd party (such as your software vendor), but you can usually block the the impact of an attack using other technologies even if you don’t have a patch yet.
On the other hand, if your network pipe is full, you cannot do anything [on your own] to make it not be full. No matter what you do in your environment, your connectivity is still down, whether inbound or outbound. In fact, this post exists on the nexus of my research into Denial of Service and collective analytics/ data sharing.
So, at the very least your DoS defense responsibility is shared with your Internet Service Provider (ISP). In other cases, it is shared with your cloud provider. Or, it can me shared with a Content Delivery Network (CDN) or other entity. In essence, these are the scenarios of DoS protection sharing:
- Your organization + your ISP (they can mitigate the attack when a network pipe from you to them is full; in most cases you’d need to detect it first though)
- Your organization + your cloud provider (do you realize that if you use SaaS to achieve a particular business function, such function can be denied by a) DoS’ing your network, b) DoS’ing your provider [or: DoS’ing them enough so that they drop you as a customer…] or c)DoS’ing your link to them)
- Your organization + your CDN (if you accelerate your web presence by using a CDN, they become an inherent part of your DoS defense arsenal)
- Your organization + specialty anti-DoS provider (and, yes, if your anti-DoS provider is itself DoS’d, you are ..ahem…”denied your anti-DoS service” … ironic,isn’t it?)
Thus, DoS defense requires sharing. As I pointed out, it is likely that we will be sharing more than just bandwidth for doing many security things in the coming years…
Related posts about Denial of Service:
- Availability, Security and Why is DoS Fun?
Related posts on shared defenses: