Comsec’s unique DDoS simulation service assesses the customer’s ability to respond to the next generation of sophisticated DDoS attack scenarios by conducting real-life attack simulations, to help prevent and mitigate DDoS attacks performed against their infrastructure.
Comsec early identified the DDoS risk to organizations. Over the past seven years Comsec has performed hundreds of successful, fully controlled DDoS simulations adding “Real-Life” hands-on experience to each attack scenario.
Our unique approach consists of on-site escort of our clients during the DDoS simulation which brings added value to the client, and post mortem analysis of the attacks.
Describe our Service
Prior to the simulation, the Comsec DDoS attack team conducts extensive research of the customer’s websites and infrastructure, to collect valuable intelligence information. Based on the information gathered, Comsec’s attack team creates different attack scenarios aimed to simulate real-world DDoS attacks. A simulation is then comprised of several scenarios executed according to the customer’s needs.
Each scenario can be divided into two groups:
Network (Infrastructure) level attacks – attacks targeting network components such as firewalls, routers and load balancers. The effects of these attacks effectively disable physical access to the targeted servers. The attacks can affect the component’s CPU, memory and/or bandwidth usage by targeting all layers except for layer 7 in the OSI 7-layers model.
Application level attacks – attacks targeting the server’s resources by abusing the application’s functions that consume physical resources (such as CPU, memory, bandwidth usage and hard disk usage). These attacks target layer 7 in the OSI 7 layers model.
Bandwidth: The attacker floods the server with requests from numerous bots, consuming network access to the target servers. The flood can either be generic (such as TCP flood) or an application-level attack which is customized to the client’s website. As a result of this attack, the network bandwidth is consumed (either upstream or downstream bandwidth) and legitimate users cannot access the attacked servers.
Memory (volatile): The attack depletes the available memory of the attacked servers by abusing sensitive memory-consuming functions in the attacked application. An example of such an attack is slow HTTP post, which causes the server to allocate a significant amount of memory.
CPU: CPU exhaustion can be caused by flooding the system with high level computations and may affect network components, servers and the application itself. An example of such an attack is SSL exhaustion, which results in high CPU consumption. It should be noted that most of these attacks are client-specific and target a specific functionality of the client’s website (such as, but not limited to, flooding calculating modules, search modules and login mechanisms).
Storage: Many applications use databases that contain customer records, business transactions, system information (such as logs) and even uploaded files. An attacker can generate requests that consume the available disk space (for example abusing the registration mechanism), thereby disabling the application.
Connection Table: Each network component contains a connection table which lists existing connections and their status. In this kind of attack, the attacker opens numerous connections (either valid or invalid connections), flooding the connection table. Once the connection table is full, the server is unable to process new connections resulting in Denial of Service.
Nowadays, organizations are facing multiple kinds of attacks, as DDoS attack is aiming to disrupt the normal traffic sent to one or more of the organization’s resources to make an impact on its availability. The most common security solutions are then deployed over the network to prevent those attacks, but the organization doesn’t know exactly what tomorrow brings. Therefore, some of the configurations may be partial, or wrong for the organization to use. In some cases, the organization lacks crucial protections against different DDoS attacks. And this is where we come into the picture.
About the Team
Comsec has a highly skilled DDoS team with expertise in conducting the controlled simulation, guidance of the client through the evaluation of actual risk and providing valuable remediation recommendations.