• Home
• GOVERNMENT CXO
• E-GOVERNMENT
• CITIZEN ENGAGEMENT
• TAX AND REVENUE MANAGEMENT
• GOVERNMENT PROCUREMENT
• GREEN GOVERNMENT
• GOVERNMENT DATA MANAGEMENT
• GOVERNMENT SECURITY
• GOVERNMENT CLOUD
• GOVERNMENT ANALYTICS
• GOVERNMENT GIS
• CONNECTED GOVERNMENT
• DIGITAL INCLUSION
• EDUCATION IT
• HEALTHCARE IT

Central Government, Government Security, Technology

Leveraging cloud to sustain 200Gbps attack traffic

By Jianggan Li | 24 February 2010

Denial-of-service (DoS) attacks on government web sites are becoming bigger in scale and more frequent these days; and they come without warning, bringing down the whole online presence of agencies within hours or even minutes.

Photos

View photos

Related Articles

• Singapore road tests smart traffic cloud
• No longer taxing to deal with Australia's tax office

Related Categories

• CENTRAL GOVERNMENT
• GOVERNMENT SECURITY
• TECHNOLOGY

From this Section

• INTERVIEW

Zeck Lim, Manager, Asia Pacific, Solutions Engineering Akamai Technologies, has seen attacks of more than 200 Gigabytes per second (Gbps) waged at the online infrastructure of several agencies of a particular government.

“It is almost statistically impossible for your data centres to sustain this scale of attacks,” he says. Futhermore an agency would normally have to analyse the sudden surge of traffic to distinguish whether it is valid user traffic or DoS attacks; and usually by the time they know that the traffic is malicious, the site is already down.

“Bots become useless after a particular attack because their IPs will be blocked; so that they will focus on achieving the objective of bringing down something as quickly as possible,” comments Lim. “An added challenge is, during the actual attack, the pace of traffic growth will almost certainly surpass the speed that you can add IP addresses to your blacklist.”

“Therefore, it is infinitely better to try and stop the attackers at their turf before the traffic reaches your front gate,” Lim adds. “In addition, you need to be able to absorb the attack traffic to buy time, make an assessment to see whether the surge is legit, and when you know it is attack traffic, have the correct tool to respond to that.”

Lim advocates for a distributed defence mechanism, or ‘leveraging the cloud as a defence mechanism”. Under this concept, servers are distributed across the entire internet and traffic from a particular part of the world will be routed from a particular server before it reaches the actual address of the web site.

“This distributed server network then becomes your first layer of defence, which can absorb or black hole the traffic, or simply send it back to where it comes from,” Lim explains. The decision as well as what tools to employ should be in the Standard Operating Procedure (SOP) – the guidelines a particular government or agency follows when attacked.

“The person who first sees the alert of abnormal traffic is probably not a decision maker,” Lim elaborates. “Therefore a proper escalation mechanism needs to be in place by which depending on the severity of attacks, different levels of decision makers are informed immediately to decide how to respond.”

For example, if an agency’s infrastructure is distributed and resilient enough that it is capable to absorb the traffic coming in without being compromised; it might make a decision to absorb the traffic such the attacks are not directed to another agency or organisation which might not be able to sustain them.

This also means that a particular government needs to have a federated, over-arching view of network defence. “The attackers are relentless if they want to bring down a particular government’s web presence,” he elaborates. “When they see that a particular agency’s web structure is able to sustain the attack, they will move to another agency, which might be weaker.”

Therefore, channels of communications need to be kept open such that other potential targets within the government can be informed and able to pre-empt when a particular agency is attacked.

“Absorb, assess, respond – that is basically the flow,” concludes Lim. “And before that you need the SOP and alerts in place.”