Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
CO-OP White Paper Discusses How CUs Can Fight DDoS Attacks
RANCHO CUCAMONGA, Calif. (5/3/13)--CO-OP Financial Services has released a white paper offering credit unions advice on fending off  Distributed Denial of Service (DDoS) attacks.

The white paper, "A Risk Based Approach to DDoS Protection for Credit Unions and Credit Union Service Organizations," is written by Ray Zadjmool, president and principal consultant of Tevora, a Lake Forest, Calif., information assurance consulting firm with a focus on compliance, risk management and solutions integration.

DDoS involves using an army of hijacked computers to overwhelm a site with so many requests for attention that it's unable to respond to legitimate requests and thus becomes unavailable. It has become a popular method to make a political or ideological point in which the target is some kind of symbol.

The paper makes four recommendations for combating DDoS:

  • DDoS Risk Assessments. A DDoS risk assessment should follow established methodologies for identification, impact analysis and treatment plan, the paper said. Credit unions should make a concerted effort to understand the effects of a disruption of services, the expected time to recover and the costs to remediate. Risk-reduction options also should be presented to offer a balanced approach that can be periodically evaluated for feasibility and cost effectiveness.
  • DDoS Incident Response Plan. As with any disaster recovery or incident, a plan for coordinating the credit union's response should be documented before an attack. A good DDoS Incident Response Plan must take in to account the tools and personnel at the credit union's disposal that will be needed to help in a DDoS attack.
  • Third-Party Due Diligence. Credit unions should look at this as an expansion of existing third-party and vendor management activities to include a good understanding of criticality, risk and readiness. One place to start is to classify third parties that may be susceptible to a DDoS. Consider critical infrastructure, but also Web hosting and member facing services.
  • Evaluate DDoS Mitigation Services. Currently four types of DDoS mitigation solutions exist: DDoS as a feature, dedicated DDoS protection services, Internet service provider pipe services and DDoS protection appliances.
To download the paper, use the link.
Other Resources

DDoS White Paper
RSS print
News Now LiveWire
Of $1.3B in payments through mobile devices, 90% occurred at @Starbucks stores http://t.co/MN49JR1NXK
12 hours ago
.@LoveBethpage 1st to launch mobile debit/credit card control from @COOPFS http://t.co/kuq7onGuai
13 hours ago
A booming W Okla county gets its first #creditunion @TheHEFCU See #NewsNow http://t.co/svTyMnms0X
16 hours ago
Mortgage interest rates continue slide in September @FHFA http://t.co/agU9RJW5Kq
18 hours ago
Reimagined branches shift to member, not #creditunion, needs: @cunacouncils white paper http://t.co/lN2mu0IVar
19 hours ago