Online Banks Get Extra Defenses Against DDoS Attacks
A company that helps protect websites against a popular form of cyber attacks says it's solved a major security concern. The change could mean high-profile websites can be much more resilient and secure.
The company in question is CloudFlare, which offers services to defend against denial of service attacks (DoS), including distributed denial of services attacks (DDoS). That's where cyber attackers flood a website with bogus data requests, until the site (or server) is no longer able to deal with legitimate requests. Oftentimes such an attack will bring a web server to a grinding halt.
Typically a network of malware-infected computers is used to propagate the attack, amplifying its intensity. Such a network is often referred to as a botnet, or zombie network. Many attacks are politically motivated, either by protestors who disagree with a company or organization's actions, or as part of a conflict between political groups or countries.
Web Site Service Offers 28 Separate Backups
CloudFlare operates 28 data centers around the world, constantly backing up websites. The idea is that if a website comes under a denial of service attack, legitimate visitors can be redirected to one of the data centers and access the most recent copy of the site. When all goes to plan, legitimate visitors won't even know the site is under attack.
The big problem in the past has been that such a service didn't work with secure websites, where the data is encrypted from the website's server to the users' web browser using secure sockets layer (SSL). As such: in order for the CloudFlare offsite backups to work, it needed access to the server's secret encryption key in order to provide the SSL; effectively, the backups would then be able to serve properly encrypted pages to the public.
That restriction was off-putting for websites containing highly sensitive data, such as online banks. Whether it's through a company policy, an insurance condition, or a legal requirement, some firms refuse to share their encryption keys with any other source, no matter how trustworthy. Indeed, if a US bank discovers somebody else has access to its encryption key, it must immediately inform the Federal Reserve. (Source: cloudflare.com)
Online Banks Can Still Keep A Secret
CloudFlare has now found a way to run its service without accessing the encryption key. It's a complicated process, but in simplified terms, CloudFlare sets up a private connection between itself and the company operating the website. This private connection isn't affected if the website comes under attack over the publicly-available Internet.
If a company's website has been rerouted via CloudFlare backup, it's still possible to check the secret encryption key without CloudFlare having to see the details. This uses only a tiny amount of data, and as such, won't put the company's server under any extra strain.
Once this is done, CloudFlare creates a separate, temporary "ticket" which is used just for that specific visitor, and is valid for a maximum of four days. This ticket is shared with all 28 data centers, meaning the visitors can continue getting secure access to the website, even if the site or CloudFlare is under attack.
At the time of writing, the offsite backups appear to be on a scheduled, daily interval. Presumably, encrypted transactions (such those performed with online banks) would still continue to take place at the original website, where the transactional database would be up to date and in real-time.
CloudFlare says the service is already being tested by a few of its customers, including some of the top ten financial companies in the world. (Source: arstechnica.com)
What's Your Opinion?
Have you been affected by a high-profile site being unavailable because of a denial of service attack? Do factors such as reliability and security affect your choice of services such as online banking?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.