For years, security pros and pundits have said that the burden of defending against denial-of-service attacks lies...
with Internet service providers.
This week, MCI announced a denial-of-service guarantee. Starting immediately, all of the company's customers will have round-the-clock access to MCI's security staff, if they're targeted by such an attack. The company says its offer is one of the first of its kind.
"Our new SLA gives customers greater peace of mind, knowing that MCI will help them stop Internet threats and attacks, while further demonstrating our commitment and ability to [make] the Internet a safer place for the greater Internet community," said Sara Santarelli, MCI's vice president of network security, in a press release.
Under the SLA, a customer that experiences a denial-of-service attack will create a trouble ticket with MCI. The company will respond within 15 minutes. MCI's security team will then work with the customer to determine how to minimize the disruption posed by the attacks. The team has a variety of tools at its disposal, so it can quickly trace and then stop attacks, the company said in a statement.
Ask Jeeves, Inc, the search engine, is one of the first MCI customers to take advantage of the SLA.. The company could certainly use the protection as its relies solely on its Web presence.
Until now, the ISPs have helped to prevent denial-of-service attacks -- but has largely avoided taking on the task of fighting attacks that are in progress. Companies can do some things themselves to help minimize the threat. There are devices available that will block attack packets and which can handle multi-gigabyte traffic. Prioritizing resources on the site is a good way to keep a Web site online. For example, a company can eliminate the parts of a site that offer streaming media or large file downloads, in order to allow requests for more important things get through.
Last month, the SCO Group suffered a major distributed denial-of-service (DDoS) attack that was sparked by the Mydoom-A worm. The company took a novel approach and moved its site to a different domain name (from www.sco.com to www.thescogroup.com).