If you are running an Alarm Monitoring Company and offering IP signaling to your clients, then you need to know as much as possible about Distributed Denial of Service (DDoS) attacks. There are plenty of cyber criminals "in the East" and probably a few within our own backyard that can easily take your IP Receivers down. And here's the worst part..... there is usually very little you can do about it.

Some of you might be thinking it's not a problem as the client IP devices have two IP addresses programmed into them so they will contact the backup server. Well, maybe if you're lucky and the attacker hasn't taken both IP addresses down. The question is, are you going to bet your clients security on being lucky?

Not intentionally I'm sure, but that's exactly the situation with the majority of companies providing IP signaling today. Some decision makers at the companies will have heard of DDoS and others won't. The ones that have heard of it are likely taking the "it won't happen to me" approach. That's fine, as long as they understand the consequences of every one of their clients using IP signaling going offline.

It won't happen to me

I'm sure Microsoft, Google, Twitter, FaceBook and others didn't think it would happen to them .... but it did. If you ever upset Wiki Leaks, then forget about doing any business online. In reality, a more likely threat may come from some tech savvy customer or dealer that you have upset. They will know the IP addresses of both your primary and backup server so all they need to concern themselves with is how big the attack will have to be in order to take you offline and get their revenge.

Effects of Damage

If a seasoned DDoS attacker wants to take your network down, then unless you have a very big pipe, very deep pockets and some very clever friends at the ISP, forget about putting up a defence. Your network will be down for days, if not weeks or even longer. Some small Central Stations have a single ADSL connection. Others have a cable and DSL connection and the medium sized ones usually have a T1 plus a backup cable or DSL connection. The large Centrals have much more robust setups but are they robust enough?. Obviously, it would be easy for an attacker to take down the small guys, but they'd have to have more fire power to trouble the big guys.

Open to Extortion

Communities like online gambling are already used to extortion and threats to take down their web sites if they do not pay. Many pay, as the costs to fight a DDoS attack can be huge. The Wiki Leaks episode has me wondering how long it will be before DDoS becomes a trend, spreads to the general business community and the first alarm monitoring center receives that dreaded email giving them 24 hours to pay up or be shut down.

As it is a UL requirement that IP alarm transmitters use fixed IP addresses and not domain names, those using UL listed solutions in North America have little or no chance of defending a direct attack on their IP receivers.

Even PSTN is Vulnerable

Those Monitoring Centers that do not operate IP solutions, or those that are comfortable in the PSTN world tend not to have such concerns. Those of you that have experienced more and more landline based alarm signals going astray over the last few years should already know that a PSTN line is no longer a true PSTN line these days.

Many alarm signals monitored over PSTN lines will travel part way over an IP network and right now problems seem to be limited to codec and other VoIP related issues, but it should be understood that the very same IP networks that are carrying your analog alarm signals are themselves vulnerable to DDoS attack. The reason we don't get to hear more about it is that PSTN lines are not supervised. So, even though the IP portion of the PSTN network may be down, you would not get to know about it until a signal was missed.

DDoS has nothing to do with Hacking

Just to be clear, this is not about anyone hacking into your network. A DDoS attacker has no interest in the files or applications that reside on your computer network, their only interest is in stopping others from using any services you offer from your servers. They do this by sending so much "traffic" in your direction that your network equipment cannot handle the load and basically shuts down - if your ISP does not pull the plug on you first.

This means that legitimate users of web sites or other servers that you run will not be able to access them. In the case of IP/GPRS signaling solutions where you run your own IP receivers or software based Virtual Receivers, these will also be unavailable to the many client devices you have in the field.

All our IP Alarm Monitoring Solutions have DDoS protection built in

Do your homework on all IP solutions you use and make sure they are part of your disaster recovery plan.