DOS Threats Open New Security Solutions
DoS attacks, which flood a network server with so many requests that the server crashes, are not new but have risen in frequency since earlier this summer, when hackers discovered vulnerabilities in Cisco devices running the Internetwork Operating System (IOS).
--John Brayman, Xiologix
"We're seeing tons of DoS attacks over the last few months," said John Brayman, a network consultant at Xiologix, a solution provider in Bellevue, Wash. "Depending on the severity of the attack, these things can knock a client network down for hours or days."
Since the vulnerabilities were disclosed July 21, a variety of security vendors have responded with add-on DoS prevention capabilities. Check Point Software Technologies was first, unveiling DoS immunity for its VPN-1 device. TippingPoint Technologies followed suit with similar functionality for its UnityOne Intrusion Prevention Systems.
Even SilverBack Technologies got into the game, incorporating DoS prevention into some of its managed services offerings. John Igoe, CEO of the Billerica, Mass.-based vendor, said these new features let channel partners extend their firewall monitoring and management services to incorporate an entirely new security offering.
"One key area of growth for our service providers is preventive solutions [against DoS threats]," Igoe said. "The key to avoiding [this kind of] security breach is having a comprehensive plan and a maniacal implementation strategy."
Solution providers agreed, citing other technologies as equally viable options for fighting DoS threats--the new Sleuth9 appliance from DeepNines Technologies and the popular NetScreen-5GT from Juniper Networks.
Babak Pasdar, CTO and chief information security officer at IGX Global, a security solution provider in Hackensack, N.J., said both products offer affordable and flexible solutions for eliminating the possibility of a DoS attack.
"With high-profile and high-utilization sites, it's important to be able to distinguish valid activity from a DoS attempt," he said. "To do this, you have to look at what's involved in achieving secured functionality, and both of these companies do that very well."
For some solution providers, the threat is even bigger than DoS: Their customers have complained of Distributed DoS (DDoS) attacks, which act to convince some of the servers in an organization's network to attack some of their own.
Ralph Sikes, CTO of Gladiator Technology Services, a reseller in Roswell, Ga., said certain DDoS attacks also can convince servers inside a customer network to attack servers on an external network. This threat makes it imperative for customers to trust solution providers to minimize all types of attacks, not just traditional DoS ones, he said.
"The real concern is becoming an unwilling participant of a DDoS attack and assuming a portion of the liability for participating in the attack," Sikes said. "It is a strong selling point and is important for our clients to understand the risk."
Theo Thomidis, a solutions consultant at Solunet in Palm Bay, Fla., which resells tools from TippingPoint and Juniper, to name a couple, summed up the current DoS threat by calling the market "white hot" and suggesting solution providers that aren't helping customers prevent these threats should be. "If someone is under a DoS or DDoS attack, it's the easiest sell you've ever made to get them to protect against this," Thomidis said. "I'm not saying solution providers should go out and fleece their customers, but you can definitely make money in this business if you can promise protection from these threats and deliver."