Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
CO-OP White Paper Discusses How CUs Can Fight DDoS Attacks
RANCHO CUCAMONGA, Calif. (5/3/13)--CO-OP Financial Services has released a white paper offering credit unions advice on fending off  Distributed Denial of Service (DDoS) attacks.

The white paper, "A Risk Based Approach to DDoS Protection for Credit Unions and Credit Union Service Organizations," is written by Ray Zadjmool, president and principal consultant of Tevora, a Lake Forest, Calif., information assurance consulting firm with a focus on compliance, risk management and solutions integration.

DDoS involves using an army of hijacked computers to overwhelm a site with so many requests for attention that it's unable to respond to legitimate requests and thus becomes unavailable. It has become a popular method to make a political or ideological point in which the target is some kind of symbol.

The paper makes four recommendations for combating DDoS:

  • DDoS Risk Assessments. A DDoS risk assessment should follow established methodologies for identification, impact analysis and treatment plan, the paper said. Credit unions should make a concerted effort to understand the effects of a disruption of services, the expected time to recover and the costs to remediate. Risk-reduction options also should be presented to offer a balanced approach that can be periodically evaluated for feasibility and cost effectiveness.
  • DDoS Incident Response Plan. As with any disaster recovery or incident, a plan for coordinating the credit union's response should be documented before an attack. A good DDoS Incident Response Plan must take in to account the tools and personnel at the credit union's disposal that will be needed to help in a DDoS attack.
  • Third-Party Due Diligence. Credit unions should look at this as an expansion of existing third-party and vendor management activities to include a good understanding of criticality, risk and readiness. One place to start is to classify third parties that may be susceptible to a DDoS. Consider critical infrastructure, but also Web hosting and member facing services.
  • Evaluate DDoS Mitigation Services. Currently four types of DDoS mitigation solutions exist: DDoS as a feature, dedicated DDoS protection services, Internet service provider pipe services and DDoS protection appliances.
To download the paper, use the link.
Other Resources

DDoS White Paper
RSS print
News Now LiveWire
Breaking at #NewsNow: Matz to request revised RBC proposal, new comment period http://t.co/eLtYmzXRWn
10 hours ago
#NewsNow: Oct. 22 webinar will explore role of CDFI #creditunions. http://t.co/op1GV4mrYM
14 hours ago
CFPB announces $10M fine,$27.5M restitution v. Mich.-based Flagstar Bank for allegedly illegally blocking borrowers’ attempts to save homes.
14 hours ago
#NewsNow: Proposed MLA changes could restrict CU payday alternative loans. http://t.co/eKqtyMHD0P
14 hours ago
44 #creditunion professionals earn Development Educators designation #NewsNow http://t.co/GG551ofq31
15 hours ago