DDoS attack hard to defend, but other problems more common
It often makes national headlines, and now it’s struck locally. Distributed denial-of-service, or DDoS, attacks took down Sony’s PlayStation Network and Microsoft’s Xbox Live online service, as well as the City of Columbia’s website last week. Different hackers took down the services for different reasons, but the style of attack is the same, striking both a local government’s website and online services from large corporations.
“People like to throw out various analogies,” Geoff Revis, chief technology officer at Lift Division, a web service company in Columbia. “The most common one is a highway. Someone drives enough cars on a highway, eventually no one’s going to be able to drive down the highway because there’s too many people on the highway.”
Revis says hackers can use computers all over the world to attack a website by merely using it. Eventually, a website or online service’s servers can’t handle the volume of traffic and slows to a stop.
Revis said it’s often hard to trace the attack to a particular person because the attack utilizes so many unique computers, sometimes on different continents.
So how does someone defend themselves from an attack like this?
Revis sad some companies offer programs to monitor web traffic coming in, and can deny service to users who look illegitimate. However, those programs can be time-consuming, and sometimes costly.
“And that’s where the highway analogy comes in,” Revis said. “If there’s a thousand cars there, I don’t have the time to look at every single car and decide what comes in and comes out. If I’m slowing things down to the point where I’m inspecting person trying to access my service, my service is already dead.”
Revis said people who own or manage their own website should keep software like firewalls and virus protection up-to-date. That will mitigate the effects of less sophisticated cyber attacks that might even result in theft of personal information. Revis also said the most common web problems he experiences is poor password choices, or making passwords easily accessible to many people.
“Make sure you are hosted with someone who understands it,” Revis said. “Make sure someone knows.”