Why Security Must Protect from DDoS Attacks
January 1, 2007
As the electronic security industry is propelled into the world of Internet transmission of alarm signals, the specter of DDoS attacks should be of great concern. DDoS stands for Distributed Denial of Service.
Here’s how it works: Hackers have control of hundreds or thousands of computers on the Internet, which they’ve infected with bot (short for “robot”) software that allows the bad guy to remotely control the infected computers, effectively giving the hacker an army on the Internet that will do his bidding. (Where do you think all the spams come from?) Once a target victim’s IP address has been selected, the hacker commands his minion computers to bombard the victim’s IP address with thousands of data packets coming from hundreds of computers. This flood of erroneous data will fill the target’s incoming bandwidth, causing valid packets (such as transmissions from alarm transmitters) to not reach their proper destination. Just as an ambulance or fire truck can get stuck in heavy urban traffic, valid data packets can get stuck during a DDoS event.
DDoS attacks are very common, with hundreds of such events occurring monthly.
Now consider a high-security client, such as a jewelry store, whose alarm signal is transmitted over the Internet to the central station. The bad guys can fire off a DDoS attack aimed at the jewelry store’s Internet service provider (ISP) connection, shutting off communication to the central station. This will result in a trouble condition at the alarm receiver, and the client can be notified. Or consider this: the hackers direct a DDoS blast at the central station receiver’s IP address(es) so that it receives no signals from any protected premises. Who’s in “trouble” now?
This is a very real and present problem for the security industry. Sophisticated thieves are combining network-savvy and physical break-in skills to attack valuable locations. What to do? First, central stations must plan now for the day when their IP alarm receivers will be attacked. Such planning should include discussions with their ISPs and a concise action plan of what to do and who to call when a DDoS attack is launched. ISPs can thwart some DDoS attacks if they know that one is happening, but when it happens at 3 a.m. on Sunday morning, who should the central station contact to initiate the ISP’s response? What happens when hackers break into the telephone system at the central station, and kill all the phones? Are cell phones available for operator use?
When installing IP alarm transmitters in high-security locations, security dealers should always include a redundant alarm transmission method, preferably wireless. One vendor, Honeywell Security, has built in to their AlarmNet IP system optional redundant pathways for alarm signals to reach the central station. With this technology, alarm signals are sent to the AlarmNet service over the Internet, which then transmits the alarms to the central station via IP and/or an optional dial-up backup. AlarmNet central stations should always select the dial-up backup, and test it regularly.
Forewarned is forearmed. The alarm monitoring industry needs to actively defend against possible future DDoS attacks.
Sidebar: Further ReadingIf you’d like to know more about DDoS, pick up Internet Denial of Service, by Mirkovic, Dietrich, et al. While very dense in some sections, it is a well-written, timely, and detailed volume.
And if you don’t have enough to worry about, get The Art of Deception, by Kevin Mitnick. A convicted hacker, Mitnick provides very interesting stories centering on how “social engineering” is used to hack into computer networks and telephone systems.