Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
CO-OP White Paper Discusses How CUs Can Fight DDoS Attacks
RANCHO CUCAMONGA, Calif. (5/3/13)--CO-OP Financial Services has released a white paper offering credit unions advice on fending off  Distributed Denial of Service (DDoS) attacks.

The white paper, "A Risk Based Approach to DDoS Protection for Credit Unions and Credit Union Service Organizations," is written by Ray Zadjmool, president and principal consultant of Tevora, a Lake Forest, Calif., information assurance consulting firm with a focus on compliance, risk management and solutions integration.

DDoS involves using an army of hijacked computers to overwhelm a site with so many requests for attention that it's unable to respond to legitimate requests and thus becomes unavailable. It has become a popular method to make a political or ideological point in which the target is some kind of symbol.

The paper makes four recommendations for combating DDoS:

  • DDoS Risk Assessments. A DDoS risk assessment should follow established methodologies for identification, impact analysis and treatment plan, the paper said. Credit unions should make a concerted effort to understand the effects of a disruption of services, the expected time to recover and the costs to remediate. Risk-reduction options also should be presented to offer a balanced approach that can be periodically evaluated for feasibility and cost effectiveness.
  • DDoS Incident Response Plan. As with any disaster recovery or incident, a plan for coordinating the credit union's response should be documented before an attack. A good DDoS Incident Response Plan must take in to account the tools and personnel at the credit union's disposal that will be needed to help in a DDoS attack.
  • Third-Party Due Diligence. Credit unions should look at this as an expansion of existing third-party and vendor management activities to include a good understanding of criticality, risk and readiness. One place to start is to classify third parties that may be susceptible to a DDoS. Consider critical infrastructure, but also Web hosting and member facing services.
  • Evaluate DDoS Mitigation Services. Currently four types of DDoS mitigation solutions exist: DDoS as a feature, dedicated DDoS protection services, Internet service provider pipe services and DDoS protection appliances.
To download the paper, use the link.
Other Resources

DDoS White Paper
RSS print
News Now LiveWire
For the last 75 years, even in the most difficult of times, Mill Town #CU has been there for the community it serves. Read #NewsNow Tues.
26 minutes ago
The 1st vid shows how consumer can become victim and, advice to those who think they've been targeted. http://t.co/hr9VHpzEze
4 hours ago
.@TheNCUA has released two videos designed to raise awareness of elder financial abuse. http://t.co/iddSxr7H40
4 hours ago
Celebrate #100MM with @MDDCCUA1 at Orioles v Blue Jays tonight at Camden Yards
4 hours ago
The At Home In Lawrence mortgage program from @MetroCU is designed to help revitalize Lawrence, Mass.
5 hours ago