RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
Project

BI.Zone tested the federal electronic platform "TEK-Torg" for resistance to DDoS attacks

Customers: Fuel and Energy Complex-Torg

Moscow; Financial services, investments and auditing

Contractors: BI.Zone
Product: External IT and Security Audit Projects (PCI DSS and SIS)

Project date: 2020/11  - 2021/04

2021: DDoS resistance testing

May 12, 2021 BI.Zone announced the testing of the security of the electronic trade site "TEK-Torg." Experts simulated - DDoSattacks on the resources of "TEK-Torg," after which they presented a report on the results of the operation of protection systems.

At first, BI.ZONE specialists prepared external attack simulation tools for testing: they installed and configured a traffic generator with the required number of ports cloudy ̆ in the infrastructure, completed a request from the cloud provider IP address to simulate attacks and configured communications between geographical regions to create geo-distributed attacks.

The simulation of controlled DDoS-attacks for JSC "TEK-Torg" took place in three stages:

  • Deploy and configure a botnet in a cloud infrastructure.
  • Develop scenarios and attack structures. Establish a test schedule. Attacks were combined taking into account the specified bandwidth and the number of IP addresses from five geographical regions.
  • Perform security testing according to schedule and report results.

File:Aquote1.png
We pay special attention to cybersecurity issues. The availability of services for customers is one of the most important indicators of reliability and security that a company of our level must provide. We regularly check our services in conditions close to real attacks. This is the only way to make sure how good protection against threats to information security is, "said Dmitry Sytin, Director General of TEK-Torg JSC.
File:Aquote2.png

DDoS attacks are a very effective and relatively cheap tool in the hands of competitors and ill-wishers. The cost of organizing such attacks is in most cases much less than the losses resulting from the attack. The main companies that are at risk by type of activity are e-commerce platforms, online gaming services, media, web resources of financial and insurance companies, portals of state institutions. Regardless of the size and type of activity of the company, the damage from the implemented DDoS attack is always felt.

As of May 2021, there are means and platforms for protecting against DDoS that allow you to repel the attack by taking under your protection the service that is being attacked. However, not always the choice of a protection operator or the measures taken to transition to protection reduce the risks associated with the implementation of a DDoS attack. To understand whether the current infrastructure will cope with this type of attack, it is necessary to analyze the protection solution and check its resistance to DDoS attacks, as well as develop actions in case of implementation of various types of DDoS attacks.

File:Aquote1.png
A successful attack entails reputational risks, and with them the loss of some customers and profits. Moreover, under the guise of DDoS attacks, information or financial funds are often stolen, as the attack itself complicates the process of investigating the incident. We were glad to help TEK-Torg make sure that their site is resistant to this type of attack, "said Konstantin Levin, commercial director of BI.ZONE.
File:Aquote2.png