When an on-line retailer experiences an "outage", it is often the result of a Distributed Denial of Service attack -- or DDOS.
DDOS atacks are the result of an excessive number of web requests against a single property -- kind of like a coordinated boycott, but in reverse. Because everyone goes to the store at the same time, no one can get in -- more or less.
The way these attacks are carried out involves the use of "bot nets" -- this is where attackers compromise computers, routers, security cameras, set top boxes, etc. They lie in wait like a "sleeper cell", and then at some point they are "activated" to carry out an attack. You don't want your devices to be part of these networks!
In order for one of these attacks to take place, two things need to take place.
First, the infection -- a device is infected and then continues to perform its usual and ordinary function until commanded to perform its nefarious task.
Second, a command is issued to the infected device to carry out its task.
This approach is generally referred to as "Command and Control", or C & C.
How can we defend against this?
Healthy network security involves a concept known as "Defense in Depth".
Defense in Depth means that you have multiple layers of security. Each layer has a purpose and there are often overlapping layers and controls.
One of those layers is to protect your DNS lookups. In particular, you want to make sure that your networked devices cannot receive messages from C&C servers.
One of the tactics used by C&C networks is to register domain names and rapidly shift traffic such that any given server only exists for a brief period of time and then moves on -- kind of like a drifter moving in and out of motels. Here for a day, and then gone.
One of the layers you can use to defend against this kind of attack is to employ a DNS filtering service such as the one navitend offers to its clients. One of the features of this solution is that it blocks known bad-acting domain names and even blocks domain names which have been registered less than a couple of weeks. If it is a "new" website, you likely don't need to hit it for a couple of weeks. Blocking this traffic is one more step in the Defense in Depth strategy of keeping your network safe.
Make your life easier …….
Contact us at 973.448.0070