Detecting and Mitigating HTTPS Floods…Without Decryption Keys
What is an HTTPS flood attack? Why is everybody talking about it these days? And is it really such a big threat?
HTTPS flood attack is a generic name for DDoS attacks that exploit SSL/TLS protocols over HTTP communications. Lately, we’ve been hearing much about this specific type of DDoS attack and other SSL/TLS attack vectors; according to our 2018-2019 Global Application & Network Security report, encrypted web attacks were the most commonly reported form of application layer attack in 2018.
And with regards to the last question, there is a simple answer: YES.
The Benefits of Encryption
We all know that encryption is being used almost everywhere today, with more than 70% of the web pages worldwide loaded over HTTPS. Encryption lets us enjoy many of benefits while being connected: We can securely send our private credentials to our bank, shop easily on Amazon without worrying whether our credit card details will be intercepted, and we can text safely and transfer files with peace-of-mind.
[You may also like: HTTPS: The Myth of Secure Encrypted Traffic Exposed]
Basically, by using encryption, or SSL/TLS in more technical jargon, we enjoy authenticity (meaning, to know the source of traffic), integrity (meaning, to know that no one tampered with the data between the two end-points), and of course, confidentiality thanks to encryption’s ability to turn data into a cypher-text (it uses symmetric and asymmetric key exchange, but that’s for another blog).
It sounds so good, shut up and take my money!
A Fly in the Ointment
Indeed, data encryption gives us tremendous power over data transfer, but there is a fly in the ointment. All of these incredible capabilities require many system resources, and thus attack hackers and cyber criminals who wish to wreak havoc.
When it comes to the destination server or an organization’s server, the SSL/TLS connection requires even greater amounts of allocated resources – 15 times more than from the requesting host to be exact.
[You may also like: Why You Still Need That DDoS Appliance]
In other words, if a group knows how to manipulate the protocols and vulnerabilities inherent in it, they can cause significant damage by running powerful encrypted DDoS attacks.
Now, there is only one option for organizations that wish to protect against HTTPS DDoS attacks: They must protect their network and infrastructure with dedicated, sophisticated devices that can detect and mitigate HTTPS DDoS attacks.
An Evolving Solution
Traditional protection devices require a copy of the SSL certificates (or keys) in order to decrypt the packets that are being transmitted through the device. However, while doing so, they damage user privacy (especially in the era of GDPR and other worldwide privacy regulations) and add latency. And needless to say, if not handled properly, the process can create additional security risks. What’s more, traditional devices are stateful and thus themselves vulnerable to DDoS attacks.
For service providers and carriers, whose security policies prevent them from holding their network tenants’ decryption keys, this is problematic. Without their network tenants’ keys, traditional off-the-shelf solutions are ineffective.
[You may also like: DDoS Protection Requires Looking Both Ways]
So, how can service providers properly protect their tenants from cyber attacks?
Keyless protection against HTTPS flood attacks based on stateless architecture is ideal for service providers and carriers. Such a solution not only eliminates operational complexity that comes with managing decryption keys, but protects against SSL-based HTTP DDoS attacks at scale without adding latency or compromising user privacy.
Read “The Trust Factor: Cybersecurity’s Role in Sustaining Business Momentum” to learn more.
Eden Amitai is a product marketing manager in Radware’s security team. In this role, Eden is in charge of the company’s line of DefensePro and DefenseFlow, Radware’s on-prem DDoS Attack Mitigation Solutions. Eden works closely with Radware’s white-hackers and cyber-experts to answer the needs of organizations and service providers in today’s cyber-threat landscape. He has a diverse experience from both large enterprises and small firms, and deep knowledge in the cyber-security space. Before joining Radware, Eden served as the CMO of ACC, an Israeli startup. Prior the that, Eden worked at Intel’s CHD product marketing department and as a product marketing manager at Xpandion, a cyber-security firm. Eden served in the IDF at an elite intelligence unit, and he holds a B.Sc. in Computer Science from the Interdisciplinary Center (IDC) Herzliya.
*** This is a Security Bloggers Network syndicated blog from Radware Blog authored by EdenAmitai. Read the original post at: https://blog.radware.com/security/ddosattacks/2019/07/detecting-and-mitigating-https-floods-without-decryption-keys/