I started off this post thinking about whether or not moving your infrastructure to a cloud would give organizations better protection against DDoS attackers, and the short answer is: not really.
The issue with a coordinated DDoS attack is that it is usually orchestrated from a wide range of attacking computers, which are typically hijacked, and retrofitted with undetected scripts that can be turned on to send out a flood of data at target when directed by the hijacker.
When the attack is commenced all these disparate computers start sending data to your organization in unison. In order to stop just one of these attacking computers from flooding your network you have to cut it off upstream at the source.
Blocking the attackers incoming IP at your local firewall doesn’t do any good because the main pipe coming from your upstream provider is still flooded with garbage, and most likely unusable. So you have to follow the trail of attacking computer farther upstream. Your provider should be able to help if you can work with them, but that may or may not be effective, because the DDOS attack, if large enough can also torment your provider. And even if you do manage to work upstream and block the IP’s where the attack is coming from , some DDOS attackers can just keep coming at you from new wave of IP addresses. One person acting alone can Hi-jack millions of computers from around the world and use them in waves of recurring attacks, with little effort.
How does a hijacker have the time to take over a million computers?
I’ll cover that in my next post.
As for the cloud offering protection, a cloud hosted IT infrastructure cannot provide any immunity, the cloud can be attacked; however the cloud providres might have the resources to detect and more easily block an attacker farther upstream and a bit more quickly so there is some benefit.