Security firm Prolexic Technologies released a whitepaper today aimed at helping organizations use their firewalls more effectively to fight distributed denial-of-service (DDoS) attacks.
DDoS attacks have emerged as a favorite weapon of hacktivists. But no matter who is doing it, the impact for businesses can be significant. As recent poll of 1,000 IT professionals by security provider NeuStar revealed just how much: according to the study, 67 percent of those in the retail industry said a DDoS attack would cost them more than $100,000 per hour.
Security firm Prolexic offers anti-DDoS services. According to its report, while firewalls can serve as a Band-Aid to block malicious traffic, they are not built to handle the massive loads of traffic that can accompany a DDoS attack.
“To ensure that you use a firewall to its best advantage in a DDoS protection strategy, you should first be aware of the difference between stateful and stateless firewalls and what each are designed to do,” the report says.
Stateful firewalls, the report states, are designed to monitor regular levels of traffic and stop small amount of stateful attacks, and they often fail in the event of a DDoS.
“Every stateful firewall has limits,” the report states. “It is crucial that you determine what those limits are. Otherwise, your stateful firewall may fail during a DDoS attack even before other technologies and services are affected.”
If a SYN flood or TCP connection flood is larger than the firewall’s capacity, the only alternative may be to turn off the stateful features or filter traffic further upstream with a device with more throughput, the report notes.
“In a Distributed Denial of Service situation, a firewall can provide limited blocking of malicious traffic for network protection,” said Stuart Scholly, president at Prolexic, in a statement. “However, IT organizations should realize that firewalls are playing an increasingly limited role in DDoS protection and this paper brings this fact to light.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Amazon Settles Ring Customer Spying Complaint
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
