DDoS Protection: Do you need it?

In the last couple of years, you’ve probably seen a references to denial-of-service attacks in the news and how the fallout from those attacks can leave businesses ‘picking up pieces’ for weeks or months after they occur. Think about the helplessness you’d feel if the business you poured your heart and soul into is shut down by some malicious person or group’s attack on your web presence. Worse yet, those attacks are usually for that person’s or group’s own monetary gain or to satisfy some ego-driven urge to punish you for being successful in either your business or a cause you believe in.

It happens all too often, and most people don’t realize that it can actually happen to them. On a weekly basis, I speak to at least one person that tells me, “We’re small, and we really don’t have any competitors … Our website is down. If we can’t stop this attack, I am going to have to send all of my employees home and close down!”

The truth is that denial-of-service protection providers normally sell “fear.” They do this because people don’t have answers to a few key questions about DDoS protection:

• What are the real statistics?
• What is the probability that my website will be hit with an attack?
• What is the real cost of impact?
• What about my data center? I’m sure they already have protection, right?
• We’ve never been hit before, so why should we consider it a priority?

Many of the causes for hesitation regarding the purchase of denial-of-service protection revolve around the lack of education and valid, statistical data. Most know about Distributed-Denial-of-Service (DDoS), but the details are hard to come by. Most people don’t have experience with attacks, so many assume it’s only the big companies or governments that need to worry.

The untold truth is that DDoS attacks occur on a daily basis, and as many as 2500 attacks occur every 24-hour period throughout the world. In the first 6 months of 2011, ServerOrigin saw 2.3 times the number of attacks we observed and mitigated over the course of the 2010 calendar year.

Let’s say you’re considering protection, and you want to ensure that you remain in control and your business continues operating even if you’re the target of extortion or a collective political or religious movement … and that’s assuming there is a reason behind the attack. Over 86% of attacks occur with no explanation! Considering that statistical tidbit, maybe fear isn’t just a manufactured, marketing gimmick to get you buying.

One of the biggest roadblocks in proactive DDoS mitigation in the past has been cost. The average cost for 12 months of a DDoS mitigation appliance or service to protect 1000Mbps is $78,942.00 – just for the equipment/service. Then you have to factor in the variable cost of the bandwidth USED during an attack.

ServerOrigin created ethProxy as a service that overlays your current server platform at an affordable price point. SoftLayer provides one of the best dedicated hosting environments, and we’ve built our reputation on DDoS protection, not hosting, so we bring our service to you.

How do I get protected? How time consuming is this process?
Contrary to the belief that DDoS mitigation is some mystical technology that is painful to implement, our ethProxy mitigation service works on the same premise as a Global Load Balancer or reverse-proxy. Setup is as simple as changing your website’s DNS record to a protected IP in our ethProxy filtering cloud, and once that is done, inbound connections are filtered so only clean traffic is sent to your web server. Transition to the ethProxy service is transparent for the end-user and requires no downtime to implement.

The average deployment time is less than 1-hour and the ethProxy protected IP becomes your public interface to the world. Not only does our service pass rigorous PCI certifications, it guarantees your hosted infrastructure is no longer vulnerable to attack, it allows for upgrading your bandwidth/protection in seconds, and it removes the need for additional web application firewalls or accelerators. On average, customers save around 71% by going with ethProxy when they compare us against the cost of traditional filtering methods.

Our ethProxy service is the combination of many different features or services that you may already pay for separately. This allows businesses to transition to our protection service by replacing one of their current providers which would be prove redundant with the ethProxy subscription. Why go through a budgeting process again when you can simply use a different provider that offers you DDoS protection in addition to the service you’re already paying for?

Included in Every ethProxy DDoS Mitigation Package

• Global Load Balancing
• DDoS Protected AnyCast DNS Services
• Multiple US locations / Complete Datacenter Redundancy
• Instant Scalability – Powered by ServerOrigin’s Cloud Network
• Global Content Delivery Network (CDN)

The options and overall value of these services provide protection that no website should be without, while saving you a ton of money … Especially when you consider that running all of these services separately could cost as much as $10,000/mo.

ServerOrigin Communications services more than 1,200,000 million domains worldwide. Our ethProxy service is the single largest globally deployed mitigation service worldwide, and we protect everyone from non-profit organizations to entire governments and some of Wall Street’s largest online providers (No, we’re not allowed to tell you which ones).

Let us show you why our expertise has saved hundreds of businesses and how we can ensure you never have to ‘pick up the pieces.’

- Kevin Hatfield, ServerOrigin Communications

There are points of failure all over the place. Take a server for example: hard drives can fail, power supplies can fail, the OS could fail. The people running servers can fail.. maybe you try something new and it has unforeseen consequences. This is simply the way of things.

Mitigation comes in many forms. If your content is mostly images you could use something like a content delivery network to move your content into the “cloud” so that failure in one area might not take out everything. On the server itself you can do things like redundant power supplies and RAID arrays. Proper testing and staging of changes can help minimize the occurrence of software bugs and configuration errors impacting your production setup.

Even if nothing fails there will come a time when you have to shut down a service or reboot an entire server. Patches can’t always update files that are in use, for example. One way to work around this problem is to have multiple servers working together in a server cluster. Clustering can be done in various ways, using Unix machines, Windows machines and even a combination of operating systems.

Since I’ve recently setup a Windows 2008 cluster that is we’re going to discuss. First we need to discuss some terms. A node is a member of a cluster. Nodes are used to host resources, which are things that a cluster provides. When a node in a cluster fails another node takes over the job of offering that resource to the network. This can be done because resources (files, IPs, etc) are stored on the network using shared storage, which is typically a set of SAN drives to which multiple machines can connect.

Windows clusters come in a couple of conceptual forms. Active/Passive clusters have the resources hosted on one node and have another node just sitting idle waiting for the first to fail. Active/Active clusters on the other hand host some resources on each node. This puts each node to work. The key with clusters is that you need to size the nodes such that your workloads can still function even if there is node failure.

Ok, so you have multiple machines, a SAN between them, some IPs and something you wish to serve up in a highly available manner. How does this work? Once you create the cluster you then go about defining resources. In the case of the cluster I set up my resource was a file share. I wanted these files to be available on the network even if I had to reboot one of the servers. The resource was actually combination of an IP address that could be answered by either machine and the iSCSI drive mount which contained the actual files.

Once the resource was established it was hosted on NodeA. When I rebooted NodeA though the resource was automatically failed over to NodeB so that the total interruption in service was only a couple of seconds. NodeB took possession of the IP address and the iSCSI mount automatically once it determined that NodeA had gone away.

File serving is a really basic example but you can clustering with much more complicated things like the Microsoft Exchange e-mail server, Internet Information Server, Virtual Machines and even network services like DHCP/DNS/WINs.

Clusters are not the end of service failures. The shared storage can fail, the network can fail, the software configuration or the humans could fail. With a proper technical staff implementing and maintaining them, however, clusters can be a useful tool in the quest for high availability.