RANCHO CUCAMONGA, Calif. (5/3/13)--CO-OP Financial Services has released a white paper offering credit unions advice on fending off Distributed Denial of Service (DDoS) attacks.
The white paper, "A Risk Based Approach to DDoS Protection for Credit Unions and Credit Union Service Organizations," is written by Ray Zadjmool, president and principal consultant of Tevora, a Lake Forest, Calif., information assurance consulting firm with a focus on compliance, risk management and solutions integration.
DDoS involves using an army of hijacked computers to overwhelm a site with so many requests for attention that it's unable to respond to legitimate requests and thus becomes unavailable. It has become a popular method to make a political or ideological point in which the target is some kind of symbol.
The paper makes four recommendations for combating DDoS:
DDoS Risk Assessments. A DDoS risk assessment should follow established methodologies for identification, impact analysis and treatment plan, the paper said. Credit unions should make a concerted effort to understand the effects of a disruption of services, the expected time to recover and the costs to remediate. Risk-reduction options also should be presented to offer a balanced approach that can be periodically evaluated for feasibility and cost effectiveness.
DDoS Incident Response Plan. As with any disaster recovery or incident, a plan for coordinating the credit union's response should be documented before an attack. A good DDoS Incident Response Plan must take in to account the tools and personnel at the credit union's disposal that will be needed to help in a DDoS attack.
Third-Party Due Diligence. Credit unions should look at this as an expansion of existing third-party and vendor management activities to include a good understanding of criticality, risk and readiness. One place to start is to classify third parties that may be susceptible to a DDoS. Consider critical infrastructure, but also Web hosting and member facing services.
Evaluate DDoS Mitigation Services. Currently four types of DDoS mitigation solutions exist: DDoS as a feature, dedicated DDoS protection services, Internet service provider pipe services and DDoS protection appliances.
To download the paper, use the link.