BETA
This is a BETA experience. You may opt-out by clicking here
Edit Story

How Dutch Internet Service Providers Are Fighting Cyber Attacks Together

Huawei

By Drew Robb

Imagine an entire computer network or even the Internet of a country taken out by a cyberattack.

It’s already happened – and more than once. Estonia had its government systems paralyzed for weeks by a concerted Web-based attack. In 2013, a worldwide massive attack crippled an anti-spam service known as Spamhaus.

“During this attack, people complained that the entire web had slowed down,” said Ludo Baauw, Chairman of Nationale Beheersorganisatie Internet Providers (NBIP), a shared service center used by service providers in Holland.

The tactic used in these attacks is known as Distributed Denial of Service (DDoS). This attack swamps specific Web addresses with massive volumes of computer-generated traffic to cause a complete crash. In the 2013 event, investigators recorded DDoS overwhelming servers at a rate of close to 400 Gbit per second (Gbit/sec). Compare that to high-speed home Internet rates, where you pay premium for 25 Mb/sec or greater.

photo source: iStock

“A few years ago, you could take down a site with only a Gb of traffic, and now we see attacks of hundreds of Gbs,” said Dutch IT consultant Andre Koot of Strict Consultancy.  “When banks and governmental institutes suffered attacks, those organizations were not available on the Internet.”

The reality is that nearly all internet service providers and websites are incapable of withstanding that level of encroachment. That’s why NBIP formed the first ever non-profit DDoS “washing” center as a means of helping ISPs jointly deal with these threats. It established the center using the Huawei Anti-DDoS  solution. Together with its ISP members, NBIP has developed several best practices to thwart cyberattacks.

Think Big 

Most providers in Holland already used anti-DDoS services and products. Yet they proved deficient in fighting the latest wave of aggression.

“The problem of DDoS attacks is growing month over month, and it’s not something ISPs can mitigate themselves,” said Baauw. “Building an anti-DDoS system capable of protecting against the worst known attacks is beyond the reach of any but a few Internet giants.”

It took the combined resources of an initial group of six ISPs along with NBIP to put together a strategy and an approach substantial enough to prevail.

Adopt a Fire Station Model

Few businesses could afford to retain the services of their own dedicated team of fire fighters. Those personnel might sit idle for months or even years. So the model that has proven most effective is to have a fire station on standby in each area ready to respond to emergencies.

It’s the same with DDoS, although the frequency of incidents is far greater. With only a handful of members NBIP had to contain one attack every couple of weeks. But now that its ranks have swollen to dozens of members, it is detecting DDoS blitzes once or twice per day.

“DDoS is growth, not only in volume but also in the number of the attacks,” said Gilbert de Rijke, owner of IT networking provider Tech Access. “It’s important to have the best solution that can handle the most difficult DDoS attacks.”

NBIP offers subscriptions for stand-by services plus activity charges for incident response. That way, members pay a manageable monthly fee and only have to pay more if their systems suffer another outbreak.

Choose Carefully

NBIP spent months evaluating security vendors. It demanded that these companies send their equipment and subjected it to rigorous testing. This is understandable given the stakes. The failure of a security system can result in the loss of service at important institutions, such as banks, hospitals and key manufacturing facilities.

Baauw said that it was critical that an anti-DDoS system would be user friendly and able to address a high volume of threats. Huawei’s system addressed both these key requirements.

“We selected Huawei as the first supplier of anti-DDoS equipment as it was fast, expandable and easy to manage,” said Baauw. “It was also able to handle large traffic volumes and remain on standby yet respond rapidly when we needed it.”

Keep Traffic Flowing

In the past, the only way to tackle DDoS was to contact the upstream telecommunications provider to help deter the attack or to shut down a website or service completely. Not only did this take an hour or two, but it played into the hands of the attacker by bringing down the website. The lesson learned was that any mitigation strategy has to keep traffic flowing.

Within two minutes of an ISP alerting NBIP, the Huawei AntiDDoS 8160 solution is receiving all traffic from that source. It immediately analyzes traffic, separating the good from the bad. DDoS material is quarantined and rejected. Everything else flows onward to its destination.

“While there is a tiny amount of added latency, no users to date have even noticed that their traffic has been flowing through the anti-DDoS scrubbing center,” said Baauw.

Incorporate Big Data Technology

Dealing with the sophistication and velocity of today’s threats calls for the latest in technology. The Huawei AntiDDoS8160, for example, takes advantage of Big Data analytics technologies that teach systems to learn scores of traffic patterns and build mechanisms to guard against attacks. In addition, NBIP incorporates various other technologies into its scrubbing center such as packet analysis, flow analysis and anomaly detection.

“We deploy a broad set of techniques and equipment as there are a lot of different types of DDOS attacks,” said Baauw. “It requires all kinds of strategies to figure out the type of attack and defend against it effectively.”

Institute Profiling

Another best practice implemented at NBIP is the profiling of attacks. If each ISP operates independently, the same attacker could impact each one using the same method. But with them pooling their resources, they can benefit from the experience of others. Accordingly, NBIP creates profiles of DDoS actions to enable faster detection and remediation.

“By profiling an attack once it is contained, our equipment can deal with them much faster the second time,” said Baauw.

Be Scalable

A few years back, DDoS amounted to a few GB/sec. The 2013 incident in Holland was recorded at more than 300 Gb/sec. The speed and frequency of attacks is only going to go up from there. Therefore, it is crucial for organizations to adopt technology that can scale accordingly. The Huawei AntiDDoS 8160 can scale to almost 1 Tb/sec with further gains in capacity part of the existing product roadmap.

“It is theoretically possible to suffer an attack in the range of 1 Tb/sec, at which volume the impact would be felt half way around the world,” said Baauw. “That’s why you have to have equipment where it is easy to add more capacity as your requirements grow.”

To learn how Huawei AntiDDoS Solution, click here.

Drew Robb is a freelance writer specializing in technology and engineering. Originally from Scotland, he has a degree in Geology/Geography from the University of Strathclyde. He is the author of Server Disk Management for Windows Systems by CRC Press.