"5 Items to Monitor to Detect DDoS Attacks"
There were 24 percent more distributed denial-of-service (DDoS) attacks in 2020 than in 2019. DDoS attacks increased by 55 percent between January 2020 and March 2021. According to both F5 Networks and IBM X-Force, government agencies were the sixth most targeted vertical in 2020. As these attacks involve the hijacking or abuse of network protocols, one approach to detecting attacks that the government could take is monitoring certain types of network traffic. There are five network packet types and protocols commonly abused in DDoS attacks, which include Transmission Control Protocol Synchronize (TCP-SYN), the Domain Name System (DNS), Application Flooding, the User Datagram Protocol, and the Internet Control Message Protocol (ICMP). Although monitoring these systems and protocols is an important step, network visibility in government agencies is different compared to the private sector. For many government agencies, packet data is required to be stored for certain intervals (i.e., 10 days, 30 days, etc.). In addition, the chosen monitoring solution and packet capture (PCAP) storage have to scale accordingly. Having the appropriate network visibility, security delivery, and packet capture storage capability is important to maintaining performance and security, as well as to providing PCAP forensics. Agencies should have the right tools and look at the right protocols to stay ahead of the latest threats. This article continues to discuss the increase in DDoS attacks, the network packet types and protocols commonly abused in these attacks, and how to monitor them.