What the Tesla fire can teach security pros about DDoS
Fred Kost, vice president, security solutions marketing, Ixia
In 2000, a 15-year-old who dubbed himself Mafia Boy, made headlines for launching attacks that took down some of the highest profile internet properties at the time. Back then, organizations were not nearly as prepared for attacks as they are today, and the attacks were not as common or easily carried out.
Unfortunately, these distributed denial-of-service (DDoS) attacks are making a strong comeback and today's attackers can rent a botnet (think botnet–as-a-service) and even use a Low Orbit Ion Cannon to assemble a powerful DDoS attack that can be served rather easily.
DDoS attacks that target high-profile organizations, such as major financial institutions, tend to make headlines. We saw similar eye-catching headlines when a Tesla Model S caught fire after it made impact with a metal object. The video went viral, capturing flames taking a beautiful Tesla S out of commission. Chairman, product architect and CEO Elon Musk promptly responded to the attention on the Tesla fire in a message explaining that the Tesla had performed just as it had been designed, with the firewalls in the battery module containing the fire as the battery burned, isolating the fire from the passenger compartment.
The Tesla S has the highest safety ratings in the automotive industry, according to the National Highway Traffic Safety Administration. Much of that probably comes from engineering focus on designing safety into the car, but more importantly, it is also tested and validated through crash tests and burn tests. Admittedly, the Tesla fire does not have anything to do with DDoS attacks, but there is one valuable lesson to be learned: Organizations could be better prepared to perform like a Tesla on fire when they face a DDoS attack.
Today, organizations are deploying products and services designed and architected to mitigate and prevent debilitating DDoS attacks. Hardening network architecture and preparing for a DDoS attack can mitigate the damage and allow an organization to become more resilient, even under attack. But when the attack occurs, several questions arise: Will these preparations and investments work as planned? Will the DDoS products and services kick into action and stop the bad flows and allow the good traffic to pass? Will the coordination with an upstream service provider and the organization under attack run smoothly when facing a live attack?
The only way to know the answers to these questions is through testing these scenarios – prior to deployment. For example, take an organization that had deployed DDoS products and services and worked to be prepared for the day the attackers decided to try to make them their next DDoS victim. When the network was tested with realistic DDoS attacks mixed with good traffic, the results were not exactly as planned. They discovered product bugs, configuration errors and the effort to stop the DDoS traffic was actually blocking the good traffic. Testing also allowed the organization to work with their service provider to practice the coordination required when responding to a live DDoS attack.
Ultimately, organizations need to consider testing their DDoS mitigations to ensure that when they do face a live DDoS attack, the very systems put in place to protect their network and business will deliver, control and contain the attack. The leaders of those organizations can then examine the attack they endured, and much like Tesla's Elon Musk, know that their systems worked to prevent the damage from a DDoS attack, much like those battery firewalls contained the battery fire.