Is Your Company in Denial about Denial-of-Service Attacks?

Denial-of-service attacks are a direct assault on your company’s online revenue stream.  These attacks are pretty easy for hackers to pull off, and your company should not simply be hoping that it won’t be targeted.  Denial-of-service attacks are not limited to a few high-profile companies—every company with significant online revenue is at risk and the attacks are costing firms $billions.  The bad news about denial-of-service attacks is that legacy cyber-security firms have no genuine solution, in part because most of these firms don’t have the deeper domain knowledge required to problem-solve and innovate in this space.   
  

Back in the very early 1990s when the Internet was still new,  some of the big ISPs like UUNet were positioning themselves to be acquired by big telecom operators (for ex. UUNet was acquired by WorldCom).  I remember a discussion at a network planning session when I noted to UUNet executives that the Internet lacked the identifiers that governed telecom networks and that these would be easy to add to the Internet at this early stage of development.  The response was – well I don’t recall precisely what it was—but it went something like, “we don’t need no stinking identifiers”.  Their attitude was understandable at the time.  Demand for access and bandwidth was already growing at a mesmerizing rate.  All they could think of was how to feed the beast.

The design I had suggested at that time would have identified every user that hopped onto the Internet along with their location, point of access, etc.   Also like telecom networks, it would have assigned them a class-of-service or COS that determined what they were or were not allowed to do.  If for any reason they managed to get on the network without this independent channel authentication (something that was very difficult to do) they were assigned a default class-of-service that allowed them to do almost nothing.  

I recently resurrected this design with my engineering group to create a denial-of-service solution that will be offered by Vir2us this Fall (2013).   I’ve added some cool features and tools that we didn’t have back at that time when processors were slower, storage and memory were not such low-cost commodities, and we lacked cloud based speeds and scalability.  There is some complexity here to be sure, and we’ve created some new IP with these innovations that we expect to license to others, but we know it works because we implemented its older brother in hundreds of early private and public digital networks.

Just how does all this stop denial-of-service attacks?  It’s really quite elegant and will also solve some other annoying problems that plague us about the Internet’s architecture.   A denial-of-service attack is like too many people asking you a variable question all at the same moment rather than in succession.  At some point you simply can’t respond quickly enough and everything stops.  Now imagine that only the people you pre-selected were allowed to ask you questions, and you and they were speaking and hearing in a language known only to you and that select group.  You simply wouldn’t hear the requests made in other languages and therefore would not feel any necessity to respond.  There’s a little more to this of course but you get the idea.  You can get notice of the beta release by subscribing to this blog.