Cybersecurity 101 with Joe and Larry podcast

Episode 20 - The 25th Anniversary of DDoS with Pankaj Gupta from Citrix

0:00
38:26
Rewind 15 seconds
Fast Forward 15 seconds

In this episode we discuss the 25th anniversary of the first DDoS (Distributed Denial of Service) and why this cybersecurity threat is a tricky one to solve. 

00:00 to 2:00 Intro to Pankaj Gupta (@PankajOnCloud,CITRIX)

Pankaj leads product and solutions marketing and go to market strategy for cloud, application delivery and security solutions at Citrix. He advises CIOs and business leaders for technology and business model transitions. In prior roles at Cisco, he led networking, cybersecurity and software solution marketing.

2:20 The 25th anniversary of the first Denial of Service attack against Panix, an Internet Service Provider (1996) (https://en.wikipedia.org/wiki/Denial-of-service_attack#Distributed_attack)

25 years later, the largest DDoS attack ever recorded targeted  Russian ISP Yandex (https://www.cpomagazine.com/cyber-security/russian-internet-giant-yandex-wards-off-the-largest-botnet-ddos-attack-in-history/). Pankaj notes how this was exactly 25 years later to the month.

3:15 What is a DDoS Attack? 1) Connection overload 2) Volumetric like ICMP flood 3) Application Layer 

5:20 Coinminer as an example of Denial of Service when CPU is exhausted

6:00 Why are we still talking about DDoS 25 years later? Pankaj states that they are now easier than ever to perform. 

7:00 Larry asks about the connection between ransomware and DDoS

9:00 Pankaj describes how the motivation for DDoS has shifted from hacktivism to financial motivation 

9:30 Joe asks how much it costs for an attacker to operate 

10:00 Pankaj explains that unskilled attackers with access to the Dark web can orchestrate attacks

11:45 Joe discusses how many attackers target healthcare despite how this hurts people

12:45 Pankaj discusses that while federal laws exist, very few are prosecuted for DDoS attacks.

13:50 Larry asks whether businesses are paying the ransom 

14:15 Pankaj says paying the ransom is never recommended. Instead, Pankaj recommends investing in DDoS protection solutions

15:25 Joe asks whether tools exist to quantify costs for downtime to justify the expense of DDoS prevention solutions. 

16:30 Pankaj explains how it is not just the economic impact of downtime that is to be factored into the equation but also the damage to reputation by losing customer’s trust. 

17:30 Pankaj describes three trends that will cause DDoS attacks to increase in the future (things will get worse rather than better). This is due to increased bandwidth for 5G, exponential growth of IoT devices, and the improved computation power. 

18:30 What is IoT? (Internet of Things). This is any device that has an internet connection such as a Nanny Camera, home router, or NEST Thermostat. Bad actors exploits vulnerabilities to transform these devices into a “BOT Network” that the attackers can then use in mass quantity against a single target. This forms the source for the DDoS attacks. All of these devices combined will send packets to the victim website. 

20:50 What solutions exist for DDoS? Joe explains how he has solved DDoS historically using services from CloudFlare. 

22:00 Joe explains how he configured DDoS protection by configuring DNS, and the weakness when attackers discover the direct IP using OSINT

23:15 Joe asks Pankaj how does Citrix compare with competitors 

23:35 Pankaj describes four key criteria when selecting a DDoS solution. 1) The solution should protect against a variety of types of DDoS attacks 2) Can the solution scale? As DDoS attacks increase in size 20% Year over Year (it’s expected to be 3 terabits). 3) The advantage of a cloud-based solution is that it can auto-scale in bandwidth whereas an on-premises DDoS solution cannot guard against bandwidth saturation. 

25:50 Joe asks Pankaj if Citrix uses its own data centers (does it have exposures if data centers like Google, Amazon or Microsoft). Pankaj describes the Citrix solution as having the scale to handle 12 terabits of scrubbing across multiple points of presence (pop). 

29:00 Pankaj describes two types of DDoS solutions, Always-ON, or On-Demand.  If you are an e-commerce website then Always-on may make more sense even though it costs more than on-demand because every minute that you cannot sell your products will lose money. 

31:00 DDoS attacks can be a diversion tactic to distract IT and SECOPS teams so that the attackers can perform other types of attacks such as financial fraud (Wire Fraud, SWIFT, etc)

32:40 Larry asks: What is the difference between a buffer overflow and DDoS? Pankaj explains that a buffer overflow could be used as a type of DDoS since it could impact the availability of the service.

34:00 Joe describes how DDoS strikes at the heart of one of the three components of the CIA Triad “Confidentiality, Integrity, and Availability.” 

35:00 For businesses interested in learning more about Citrix solutions, Pankaj recommends using this contact form on the Citrix website: https://www.citrix.com/contact/form/inquiry/

36:30 Joe asks what market is Citrix chasing: Small Business, Mid-Market or Enterprise? Pankaj responds that all businesses need DDoS protection, and how cloud-based solutions are easier to implement. 

DISCLAIMER: Larry and Joe received no compensation in any form from anyone for our Podcast. This is a "hobby" podcast - we don't even have advertisements! 

More episodes from "Cybersecurity 101 with Joe and Larry"