The Latest DDoS Protection Strategy: Put Servers On The “Move”

There’s a new twist in the never-ending cat-and-mouse game between hackers and hosting companies – although, of course, it’s really not a game. Providers face the constant, serious thread of DDoS (Distributed Denial of Service) attacks, which are relatively simple and inexpensive to launch, but whose severity has increased dramatically over the last few years. These malicious attacks often cause serious network downtime and massive financial losses, and they’re difficult to defend against because they don’t require impressive hacking skills, just a large flood of traffic.

New innovations has allowed remote DDoS protection of up to 500 Gbps attack but there’s a new, promising strategy for DDoS protection, recently unveiled by security experts at George Mason University in the magazine IEEE Computer. They call it “shuffling,” but that simple term really describes a sophisticated new method of quickly changing client’s server assignments to mitigate the effects of being DDoS’d and find the source of the attack.

Meet MOTAG

The DDoS protection tool the George Mason researchers developed is called MOTAG, short for “moving target defense mechanism.” It’s a method of rapidly “moving” secret internal proxies between network locations and changing clients’ proxy assignments, in the event of an attack. MOTAG uses what’s called a “greedy shuffling algorithm” to use the optimal number of proxies required to quickly isolate the DDoS attack without disrupting service. In effect, it makes a targeted server a “moving target.”

overview-of-motag

Bear in mind that a DDoS attack involves a huge influx of traffic coming into a server, so the key is figuring out exactly where the traffic is coming from. In layman’s terms, here’s what MOTAG does once an attack begins. Clients whose servers aren’t being targeted retain their static connections, while all of those connected to a server under attack are labeled as “suspicious.” After that, all suspicious clients are quickly reassigned to new server nodes in different locations.

Those whose new connections are no longer causing a problem will then be labeled as “safe” and left alone; the clients who are still apparently involved in the attack will continue to be shuffled to new servers, until MOTAG is able to pinpoint the sources of the malicious traffic and quarantine them on servers where they can’t affect the rest of the network.

Benefits of MOTAG

MOTAG presents a solution which is both quick and efficient in blunting the effect of most “normal” DDoS attacks.

Experiments run by the George Mason researchers show that MOTAG is able to make each proxy switch in less than a second, which they say does not cause major service disruptions except for some real-time applications. This approach is noticeably faster than any previous DDoS protection scheme.

It’s also an efficient tool because it does not require manual detective work by administrators and does not affect service for “innocent” clients, only switching connections for those considered suspicious. And since the system keeps most proxy node IPs secret, MOTAG makes it easier to identify DDoS attacks made possible by insiders providing information to external attackers.

The one potential drawback to MOTAG is that it requires a number of servers in geographically-distributed locations. However, today’s relatively low cost of resources, particularly with the availability of cloud servers, makes MOTAG a very promising weapon for DDoS protection.

Symantec Plans To Offer Free SSL/TLS Certificates To Websites

Symantec has launched Encryption Everywhere program that will offer free basic SSL/TLS certificates to domain owners.  The program will only be offered through hosting companies that end up participating in the program.  Symantec has been working hard to get web hosting providers to sign up and has already formed partnerships with providers like InterNetX, CertCenter, Hostpoint etc.  The certificate will offer free basic SSL for up to one year and upgrade option will be available to enable extended validation (EV) or wildcard certificates that would allow the domain owner to host multiple websites under single SSL.

Symantec has grown to become one of the largest SSL providers after it acquired Verisign in 2012.  Based on their analysis only 3 percent of the active domains utilize SSL certificate and they want to change this with Encryption Everywhere program.    Symantec has said that they have been working on this program for years but it seems the program was released in direct response to Let’s  Encrypt  which recently announced that they are protecting 2.4 million domains with their free SSL certificate.

Opponents of free SSL program state that it ends up attracting criminals who are able to use free SSL option for illegal activities such a setting up phishing websites to collect login information.  However, SSL everywhere sets a standard that will end up protecting millions especially offering privacy when browsing content online.  Not every website owner is technical savvy to setup a SSL and by making it easier, the site owners can offer protection to their website visitors.