Chat with us, powered by LiveChat
Protecting a network infrastructure from external attacks

Protecting a network infrastructure from external attacks

Data centres are faced with external attacks on a regular basis. With the average data centre playing host to a number of different clients, there is bound to be a few clients with whom users have a problem and wish to vent this frustration through a malicious attack. Most malicious attacks take the form of DDoS (Distributed Denial of Service) attacks that take place with the intent of inundating the target server with traffic; with the server unable to handle such volumes of traffic, it will buckle under the pressure and crack. With security strategy now forming a large part of data centre planning, it is important that the right measures are taken to protect network infrastructures from external attacks.

Hardware firewall

A hardware firewall is often referred to as the most prominent form of security in a network environment, acting as a device that is solely dedicated to protecting the hardware that lies behind it. Hardware firewalls can assist with the blacklisting of IP addresses and can stop attacks in their path before they have a chance to reach their intended destination; this can help with reducing the load on servers behind the firewall because these servers will be responsible for less, thus allowing processing power to be focused on more lucrative business activities. Whilst hardware firewalls are recommended for scenarios where hardware is being used for business critical activities from which an income is derived, during a DDoS attack the protection offered can be very limited. Hardware firewalls are limited in capacity like any other hardware device, so if the firewall is faced with a DDoS attack that is well beyond the amount of bandwidth it is designed to handle then it is likely to succumb to the attack. There are ways around this, such as building a resilient infrastructure capable of handling extremely high volumes of traffic that include anomaly detectors so that ‘bad’ traffic is blocked at the router.

Anomaly guard

A popular product in the networking industry is the Cisco Anomaly Guard, a device that traffic passes through before it has an opportunity to even reach the internal network. By catching traffic before it gets anywhere near the devices that it is intended for, the device is able to weed out any bad traffic before it can cause issues; the Anomaly Guard identifies itself as the next hop for such traffic and then drops, therefore neutralising the problem immediately. Network engineers have the flexibility to customise the policies against which Anomaly Guard checks traffic, so if you have received attacks in the past that have fitted a similar pattern then you could have this reflected in your policies to prevent any future attacks. Anomaly Guard is famed for its defence against DDoS attacks and can be used to deflect even multi-gigabit attacks, allowing your network infrastructure to operate normally without any hint of an attack.

On-site NOC team

Maintaining an on-site Network Operations Centre (NOC) team is also vital because this means that if an attack does happen to surpass your initial security measures, there are network engineers available to take steps to mitigate the attack. In some situations where the attack can’t be halted by boundary hardware, it may be necessary to null route the IP address that the attack is being targeted at because whilst this will make the server or websites concerned unreachable, it is the only way of quelling the attack and restoring service to the wider network. Should any damage have been sustained during the attack, on-site engineers will also be able to investigate immediately so that any hardware replacement that is necessary can be performed; similarly where changes are needed to bring the server back online, these can also be done in order to minimise the amount of downtime that is incurred.

As a conclusion, I would say that any business relying on its website to provide a source of income should heavily invest in the supporting network and its security elements in order to best protect themselves and revenue streams in times of attack. Security can sometimes be overlooked, when really it is the most important aspect.

Sharing

Leave your comment