IBM Hones New Blade Server to Repel DoS Attacks
IBM is introducing a new blade server that has intelligent technology designed to help it recognize and repel a denial-of-service attack. The IBM BladeCenter PN41 uses Deep Packet Inspection to distinguish between legitimate traffic and malicious packets.
09/03/08 12:01 PM PT
IBM is increasing its arsenal against hackers with a new beefed-up blade server. The IBM BladeCenter PN41, announced this week, combines Deep Packet Inspection technology from CloudShield with IBM's other protection platforms to create a powerhouse against attacks.
The system is designed specifically to better protect against denial-of-service attacks, one of the most difficult types to detect and prevent. It's slated to become available in October.
The BladeCenter PN41 will be sold as part of IBM's overall Telecom Integrated Solution for Security -- a robust system that aims to provide all-around protection for networks. IBM's Proventia Intrusion Prevention and Tivoli Security Operations Manager are also included in the package, which is billed as an all-purpose platform to keep malicious data away.
"You can program it to be a firewall, to do denial-of-service prevention, to do antivirus prevention, anti-spam -- the kinds of things that our customers currently buy appliances for and use in their networks," Scott Firth, director of telecommunications industry marketing for IBM Systems Group, told TechNewsWorld.
The BladeCenter PN41 allows administrators to set priorities for network activity. The system claims the industry's only support for CloudShield's Subscriber Services Manager and DNS Defender applications.
It also offers support for Check Point Software applications. The company keeps its BladeCenter architecture open as a member of the Blade.org initiative, inviting developers to get in on the process as well.
The ability to reliably stop denial-of-service attacks is something administrators have long sought. IBM saw the challenge.
"You need a way to quickly analyze the traffic that's all of a sudden flying at your system and then make decisions on that traffic," Firth explained. "It's so hard because you have to actually be assertive in the network and let your network traffic flow through your applications, then look at the traffic and make decisions," he said.
In essence, denial-of-service attacks involve someone trying to overwhelm a system by flooding it with data. They have become an increasingly common hacker threat.
"Ideally, the traffic -- from the hacker's perspective -- would be stuff that would cause the server to spend a lot of time working and processing on that, so it's using a lot of resources there [and] doesn't have the resources then available for legitimate requests coming from others," Clifford Neuman, director of the USC Center for Computer Systems Security, told TechNewsWorld.
An Unpredictable Problem
The unpredictability of those attacks is what makes them particularly tricky to fight: By the time you realize what's happening, it's tough to take any significant steps.
"If you're overwhelming a network link, for example, and you detect the attacks on your end host system, there's not really much you can do. You can drop the packets there, but those packets are already utilizing resources on the link. One of the things you can do is start pushing back the defenses -- maybe get your ISP to block things," Neuman noted.
Even then, one has to be able to separate the legit traffic from the hacker traffic -- and advanced hacker methodology is making that easier said than done.
"A lot of the attack traffic is designed to look like legitimate queries," Neuman pointed out.
Trying to block just one location to keep the attacker away may not work as well as you'd think, either.
"Nowadays, you're seeing more of what are called 'distributed denial of service attacks.' You've got many machines that have been compromised across many different networks, all under the control of a single entity -- [so] now, all of a sudden, the origin and sources of all of these attacks are really scattered across networks in pretty much the same way your legitimate queries are," Neuman said.
It's those areas where IBM hopes its new BladeCenter can step in and help. Fighting advanced attacks requires advanced preparation, and engineers believe they've come up with the tool to take some of that headache away. Many system administrators, no doubt, hope they have succeeded.