1. Outline a quantitative approach for justifying the use of a DDoS mitigation service to protect an e-commerce company such as Spa Finder. Can you identify any non financial reasons to subscribe to a DDoS mitigation service? If so, what are they?

2. Identify three potential kinds of DDoS attackers of an e-commerce company such as Spa Finder. What would be the motive for each of these attackers?

3. Do research on the Web to find three DDoS mitigation service providers. How are their services similar? How are they different? Which DDoS service provider do you think is the best?

A DDoS attack can easily cost an organization tens of thousands of dollars per minute in lost revenue and worker productivity. In addition, in the fallout from such an attack, an organization may find its customers switching to competitors due to a loss of confidence resulting from the bad publicity. Financial and travel service firms and various e-commerce Web sites are frequent targets of DDoS attacks.

During the fall of 2012, powerful DDoS attacks were directed at the Web servers of several major U.S. banks. The DDoS attack directed 65 Gbps of data traffic at each bank server—the network equivalent of an F5 hurricane—effectively making the server inaccessible to customers.The attack repeated itself at one bank after another. Over the course of a few weeks, Bank of America, Capital One, JP Morgan Chase, PNC Financial Services, Regions Financial, Sun Trust,US Bank, and Wells Fargo were all hit. Particularly alarming is that the banks were not able to completely fend off the attacks—the attackers simply stopped on their own to avoid being identified. The parties responsible for these attacks have not been positively identified, but suspects include Hamas, an Islamic group called the Izz ad-Din Al-Qassam Cyber Fighters, the hacktivist group Anonymous, cyber criminals based in Eastern Europe, and hackers in Saudi Arabia and Iran.

SpaFinder is a spa and wellness company that sells spa, wellness, and beauty gift cards and rewards programs that draw millions of clients to its global network of spas, fitness studios,and wellness practitioners.A recent DDoS attack hit SpaFinder’s 24/7 call center, making it impossible for customers to access the Web site to view content, make purchases, redeem gift certificates, or spend rewards points. SpaFinder’s Web hosting service was unable to deal with the attack. In desperation, SpaFinder technical support people contacted a DDoS mitigation service company that was able to get their site back up and running in less than 24 hours. DDoS mitigation service organizations monitor clients’ network equipment for signs of aDDoS attack. If such an attack is detected, all traffic is rerouted from the client Web site to the service provider over a dedicated high-speed network link for traffic“scrubbing.” This process allows the service provider to use powerful servers to inspect the data traffic for anomalies. Alllegitimate traffic is forwarded back to the customer for routine processing; all attack traffic is dropped.

In addition to contracting with a DDoS mitigation service provider, security experts recommend that organizations (1) develop and practice a standard operating procedure to follow in the event of a DDoS attack; (2) maintain contact information for their ISP and hosting providers that includes names and phone numbers for whoever should be contacted during a DDoS attack and what information they will need; and (3) prioritize network services to identify what services could be turned off or blocked if needed to limit the effects of the attack.